12 Jo1 rnal of Cyber Securi0y信息安全学报，2019年5月，第4卷，第3期 中的不足。调研了绿色节点、智能网络和开放平台 9-November-2018].Available:https://en.wikipedia.org/w/index. 的安全现状，指出这三个方面的安全测评工作亟需 php?title=reflection attack&oldid=787717850 进行，切实保障物联网安全健康地发展。 [12]Shodan,"Shodan,"https://www.shodan.io/,accessed Oct 27,2018. 面对物联网严峻的安全问题和能耗开销、大规 [13]H.Al-Alami,A.Hadi,and H.Al-Bahadili,"Vulnerability scanning 模网络管理以及开放服务这三个维度的挑战，急需 of loT devices in jordan using shodan,"in Appli cations of Infor 设计一个绿色智能开放的安全物联网体系，并构建 mation Technology in Developing Renewable Energy Processes 一个高效易用的自动化物联网安全测评工具，能够 Systems (IT-DREPS),2017 2nd Inter national Conference on the 满足物联网安全测评基本要求，并提供对物联网新 IEEE,2017,pp.1-6. 特性新要求的有效评估方法。 [14]E.McMahon,R.Williams,M.El,S.Samtani,M.Patton,and H. Chen,"Assessing medical device vulnerabilities on the internet of 致谢衷心感谢各位评审专家对本文提出的宝贵 things,"in Intelligence and Security Informat-ics(ISD),2017 IEEE 意见。本研究得到科技部网络空间安全项目物联网与 International Conference on.IEEE,2017,pp.176-178. [15]M.Anisetti,R.Asal,C.A.Ardagna,L.Comi,E.Damiani,and F. 智慧城市安全保障关键技术研究(No.2018YFB08034)。 Gaudenzi,"A knowledge-based IoT security checker,"in European 基金委杰出青年项目N0.6162520),中国科学院前 Conference on Parallel Processing.Springer,2018,pp.299-311. 沿科学重点研究项目No.QYZDY-SSW-JSC00)资助。 [16)神州绿盟信息安全科技股份有限公司，“绿盟工控漏洞扫描系 参考文献 统，”http:hwww.nsfocus.com.cn/products/details36I851.html, accessed Oct 19,2018. [1]IoT analytics,"lot analytics(2014),"2014.[Online].Available: [1刀北京匡恩网络科技有限责任公司，“匡恩工业控制网络安全漏 https://iot-analytics.com/Internet-of-things-definition/ 洞挖掘检测平台，”http:www.cechina.cn/company/.168104 [2]于文平，“《2017-2018中因物联网发展年度报告》发布，”物联 68597/productdetail.aspx,accessed Oct 19,2018. 网技术vol.8no.10,Pp.5-6,10,2018. [18]S.Ni,Y.Zhuang,J.Gu,and Y.Huo,"A formal model and risk B]安天实验室，“Iot僵尸网络严重威胁网络基础设施安全北美 assessment method for security-critical real-time embedded sys- dns服务商遭mirai木马ddos攻击的分析思考，”2016. tems,"Computers Securiny,vol.58,pp.199-215,2016. [4)新浪，“橘子皮解锁手机，”2018.[Onlinel.Available:http:∥ [19]F.M.Tabrizi and K.Pattabiraman,"Formal security anal-ysis of news.sina.com.cn/o/2018-01-26/doc-ifyqyqni3427619.shtml smart embedded systems,"in Proceedings of the 32nd Annual [)中国国家标准化管理委员会.GB/T28448一2012信息安全技术 Conference on Computer Security Applica tions.ACM,2016,pp. 信息系统安全等级保护测评要求[S1.北京：中因标准出版社， 1-15. 2012 [20]Y.Q.Shen and Z.W.Xu,"Design of Universal Embedded System [6]O.Abdelmalek,D.Hely,and V.Beroulle,"Emulation based fault Software Test Platform,"Computer Engineering and Applications, injection on uhf rfid transponder,"in Design and Diag-nostics of 2007,43(15):pp.83-85. Electronic Circuits Systems,17th International Symposium on. (沈永清，徐中伟，“通用嵌入式系统软件测试平台的设计，”计 EEE,2014,pp.254-257. 算机工程与应用，2007,43(15)Pp.83-85). [7]I.Mezzah,H.Chemali,and O.Kermia,"Emulation-based fault [21]Costin,A.,Zaddach,J.,Francillon,A.,Balzarotti,D.(2014).A analysis on rfid tags for robustness and security eval-uation,"Mi- large-scale analysis of the security of embedded firmwares.In 23rd croelectronics Reliability,vol 69,pp.115-125,2017. USENIX Security Symposium (USENIX Security 14)(pp: [8]O.U.S.P.Group,"Frontier ridac,"https://www.ee.oulu.fi/ 95-110). research/ouspg/RIDAC,accessed Oct 27,2018. [22]Chen,D.D.,Woo,M.,Brumley,D.,Egele,M.(2016,February). [9]T.M.Fernandez-Carames,P.Fraga-Lamas,M.Suarez-Albela,and Towards Automated Dynamic Analysis for Linux-based Embedded L.Castedo,"Reverse engineering and security evaluation of com- Firmware.In NDSS(pp.1-16). mercial tags for RFID-based IoT applications,"Sensors,vol.17,no. [23]R.Liu,C.Vellaithurai,S.S.Biswas,T.T.Gamage,and K. 1,p.28,2016. Srivastava,"Analyzing the cyber-physical impact of cyber events [10]F.Loi,A.Sivanathan,H.H.Gharakheili,A.Radford,and V. on the power grid,"IEEE Transactions on Smart Grid,vol.6,no.5, Sivaraman,"Systematically evaluating security and privacy for Pp.2444-2453,2015. consumer loT devices,"in Proceedings of the 2017 Workshop on [24]nsnam,"ns-3 network simulator,"https://www.nsnam.org/,[Online; Internet of Things Security and Privacy.ACM,2017,pp.1-6. accessed 8-November-2018]. [11]Wikipedia contributors,"Reflection attack,"2017,[Online;accessed [25]U.of Utah and the Flux Research Group,"Deterlab:Cyber-defense12 Journal of Cyber Security 信息安全学报, 2019 年 5 月, 第 4 卷, 第 3 期 中的不足。调研了绿色节点、智能网络和开放平台 的安全现状, 指出这三个方面的安全测评工作亟需 进行, 切实保障物联网安全健康地发展。 面对物联网严峻的安全问题和能耗开销、大规 模网络管理以及开放服务这三个维度的挑战, 急需 设计一个绿色智能开放的安全物联网体系, 并构建 一个高效易用的自动化物联网安全测评工具, 能够 满足物联网安全测评基本要求, 并提供对物联网新 特性新要求的有效评估方法。 致 谢 衷心感谢各位评审专家对本文提出的宝贵 意见。本研究得到科技部网络空间安全项目 物联网与 智慧城市安全保障关键技术研究 (No.2018YFB08034), 基金委杰出青年项目 (No.6162520), 中国科学院前 沿科学重点研究项目(No.QYZDY-SSW-JSC00)资助。 参考文献 [1] IoT analytics, “Iot analytics(2014),” 2014. [Online]. Available: https://iot-analytics.com/Internet-of-things-definition/ [2] 于文平, “《2017-2018 中国物联网发展年度报告》发布,” 物联 网技术, vol. 8, no. 10, pp. 5–6, 10, 2018. [3] 安天实验室, “Iot 僵尸网络严重威胁网络基础设施安全北美 dns 服务商遭 mirai 木马 ddos 攻击的分析思考,” 2016. [4] 新浪, “橘子皮解锁手机,” 2018. [Online]. Available: http:// news.sina.com.cn/o/2018-01-26/doc-ifyqyqni3427619.shtml [5] 中国国家标准化管理委员会. GB/T 28448—2012 信息安全技术 信息系统安全等级保护测评要求[S]. 北京: 中国标准出版社, 2012. [6] O. Abdelmalek, D. Hely, and V. Beroulle, “Emulation based fault injection on uhf rfid transponder,” in Design and Diag- nostics of Electronic Circuits & Systems, 17th International Symposium on. IEEE, 2014, pp. 254–257. [7] I. Mezzah, H. Chemali, and O. Kermia, “Emulation-based fault analysis on rfid tags for robustness and security eval- uation,” Mi￾croelectronics Reliability, vol. 69, pp. 115–125, 2017. [8] O. U. S. P. Group, “Frontier ridac,” https://www.ee.oulu.fi/ research/ouspg/RIDAC, accessed Oct 27, 2018. [9] T. M. Fernández-Caramés, P. Fraga-Lamas, M. Suárez- Albela, and L. Castedo, “Reverse engineering and security evaluation of com￾mercial tags for RFID-based IoT applications,” Sensors, vol. 17, no. 1, p. 28, 2016. [10] F. Loi, A. Sivanathan, H. H. Gharakheili, A. Radford, and V. Sivaraman, “Systematically evaluating security and privacy for consumer IoT devices,” in Proceedings of the 2017 Workshop on Internet of Things Security and Privacy. ACM, 2017, pp. 1–6. [11] Wikipedia contributors, “Reflection attack, ”2017, [Online;accessed 9-November-2018]. Available: https://en.wikipedia.org/w/index. php?title=reflection_attack&oldid=787717850. [12] Shodan, “Shodan,” https://www.shodan.io/, accessed Oct 27, 2018. [13] H. Al-Alami, A. Hadi, and H. Al-Bahadili, “Vulnerability scanning of IoT devices in jordan using shodan,” in Appli cations of Infor￾mation Technology in Developing Renewable Energy Processes & Systems (IT-DREPS), 2017 2nd Inter national Conference on the. IEEE, 2017, pp. 1–6. [14] E. McMahon, R. Williams, M. El, S. Samtani, M. Patton, and H. Chen, “Assessing medical device vulnerabilities on the internet of things,” in Intelligence and Security Informat- ics (ISI), 2017 IEEE International Conference on. IEEE, 2017, pp. 176–178. [15] M. Anisetti, R. Asal, C. A. Ardagna, L. Comi, E. Damiani, and F. Gaudenzi, “A knowledge-based IoT security checker,” in European Conference on Parallel Processing. Springer, 2018, pp. 299–311. [16] 神州绿盟信息安全科技股份有限公司, “绿盟工控漏洞扫描系 统,” http://www.nsfocus.com.cn/products/details_36_ 1851.html, accessed Oct 19, 2018. [17] 北京匡恩网络科技有限责任公司, “匡恩工业控制网络安全漏 洞挖掘检测平台 , ” http://www.cechina.cn/company/168104_ 68597/productdetail.aspx, accessed Oct 19, 2018. [18] S. Ni, Y. Zhuang, J. Gu, and Y. Huo, “A formal model and risk assessment method for security-critical real-time embedded sys￾tems,” Computers & Security, vol. 58, pp. 199– 215, 2016. [19] F. M. Tabrizi and K. Pattabiraman, “Formal security anal- ysis of smart embedded systems,” in Proceedings of the 32nd Annual Conference on Computer Security Applica tions. ACM, 2016, pp. 1–15. [20] Y.Q. Shen and Z.W. Xu, “Design of Universal Embedded System Software Test Platform,” Computer Engineering and Applications, 2007, 43(15) : pp. 83-85. (沈永清, 徐中伟, “通用嵌入式系统软件测试平台的设计,” 计 算机工程与应用, 2007, 43(15): pp. 83-85). [21] Costin, A., Zaddach, J., Francillon, A., & Balzarotti, D. (2014). A large-scale analysis of the security of embedded firmwares. In 23rd {USENIX} Security Symposium ({USENIX} Security 14) (pp: 95-110). [22] Chen, D. D., Woo, M., Brumley, D., & Egele, M. (2016, February). Towards Automated Dynamic Analysis for Linux-based Embedded Firmware. In NDSS (pp. 1-16). [23] R. Liu, C. Vellaithurai, S. S. Biswas, T. T. Gamage, and K. Srivastava, “Analyzing the cyber-physical impact of cyber events on the power grid,” IEEE Transactions on Smart Grid, vol. 6, no. 5, pp. 2444–2453, 2015. [24] nsnam, “ns-3 network simulator,” https://www.nsnam.org/, [Online; accessed 8-November-2018]. [25] U.of Utah and the Flux Research Group, “Deterlab: Cyber-defense