Zhou Xu, Wang Pengfei, Zhou Lei, Xun Peng, Lu Kai
College of Computer, National University of Defense Technology, Changsha 413000, China.
Sensors (Basel). 2023 Nov 16;23(22):9221. doi: 10.3390/s23229221.
Embedded devices are pervasive nowadays with the rapid development of the Internet of Things (IoT). This brings significant security issues that make the security analysis of embedded devices important. This paper presents a survey on the security analysis research of embedded devices. First, we analyze the embedded device types and their operating systems. Then, we describe a major dynamic security analysis method for an embedded device, i.e., simulating the firmware of the embedded device and performing fuzzing on the web interface provided by the firmware. Third, we discuss some other issues in embedded security analysis, such as analyzing the attack surface, applying static analysis, and performing large-scale analysis. Based on these analyses, we finally conclude three challenges in the current research and present our insights for future research directions.
随着物联网(IoT)的快速发展,嵌入式设备如今已无处不在。这带来了重大的安全问题,使得对嵌入式设备的安全分析变得至关重要。本文对嵌入式设备的安全分析研究进行了综述。首先,我们分析了嵌入式设备的类型及其操作系统。然后,我们描述了一种针对嵌入式设备的主要动态安全分析方法,即模拟嵌入式设备的固件并对固件提供的Web界面进行模糊测试。第三,我们讨论了嵌入式安全分析中的一些其他问题,例如分析攻击面、应用静态分析以及进行大规模分析。基于这些分析,我们最终总结了当前研究中的三个挑战,并提出了我们对未来研究方向的见解。
