一種與許安全更新IoT設備允許名單的機制

以作者查詢圖書館館藏

、以作者查詢臺灣博碩士

、以作者查詢全國書目

、勘誤回報

、線上人數：59

、訪客IP：3.22.130.29

姓名

王顥鈞(Hao-Jyun Wang) 查詢紙本館藏

畢業系所

資訊工程學系

論文名稱

一種與許安全更新IoT設備允許名單的機制
(A Secure Mechanism to Prevent an IoT Device from Executing Non-allowed Operations)

相關論文

★ USB WORM KILLER: Cure USB Flash Worms Through a USB Flash Worm	★ Discoverer- Rootkit即時偵測系統
★ 一項Android手機上詐騙簡訊的偵測與防禦機制	★ SRA系統防禦ARP欺騙劫持路由器
★ A Solution for Detecting and Defending ARP Spoofing on Virtual Machines	★ 針對遠端緩衝區溢位攻擊之自動化即時反擊系統
★ 即時血清系統: 具攻性防壁之自動化蠕蟲治癒系統	★ DNSPD: Entrap Botnets Through DNS Cache Poisoning Detection
★ TransSQL: A Translation and Validation-based Solution for SQL-Injection Attacks	★ A Spam Mail-based Solution for Botnet Detection and Network Bandwidth Protection
★ Shark: Phishing Information Recycling from Spam Mails	★ FFRTD: Beat Fast-Flux by Response Time Differences
★ Antivirus Software Shield against Antivirus Terminators	★ MAC-YURI : My ACcount, YoUr ResponsIbility
★ KKBB: Kernel Keylogger Bye-Bye	★ CIDP Treatment: An Innovative Mobile Botnet Covert Channel based on Caller IDs with P8 Treatment

檔案

[Endnote RIS 格式]

[Bibtex 格式]

[相關文章]

[文章引用]

[完整記錄]

[館藏目錄]

至系統瀏覽論文 (2027-6-30以後開放)

摘要(中)

隨著工業4.0的發展與應用，工廠普遍建置物聯網裝置，然而物聯網裝置與電腦資訊系統設備於資訊安全的防護上，仍多以電腦資訊為主，物聯網裝置現行資安防護較為缺乏，因此如何避免物聯網裝置成為資安攻擊者進入工廠內部網路的入口，以及避免成為攻擊其他資訊設備的裝置，為物聯網裝置應有的資安措施。

摘要(英)

Allowlist is an approach that is widely used to protect IoT devices from the execution of malware. Along with the need for IoT devices to adjust their work, the requirement that a allowlist can be adjusted dynamically also emerges. Hence, this requirement also brings security issues about how to protect a allowlist and make a modification securely. After all, without appropriate protection, the allowlist of a compromised IoT devices can be modified by malware executing in the IoT device. The malware may even have root privilege. We propose a kernel based mechanism to protect the allowlist of an IoT device. Our approach allows the allowlist of an IoT device to be updated dynamically. Meanwhile, it disallows malware to change the allowlist, no matter what privilege a piece of malware has. Experimental results show that our system can effectively protect the allowlist of an IoT devices with low performance overhead.

關鍵字(中)

★ 物聯網
★ 白名單
★ 允許名單
★ 安全

關鍵字(英)

★ IoT
★ allowlist
★ security

論文目次

中文摘要 i
Abstract ii
目錄 iii
圖目錄 v
表目錄 vii
第1章緒論 1
第2章背景介紹 2
2.1 物聯網 2
2.2 工控安全 4
2.3 Linux Security Module 6
第3章相關研究 8
3.1 IoT 攻擊分類 8
3.2 現今的 IoT 防禦手段 11
第4章系統架構與實作 13
4.1 設計目標 13
4.2 設計概念 14
4.3 系統架構 15
4.4 系統元件 18
第5章實驗結果及分析 21
5.1 實驗環境 21
5.2 功能測試 22
5.3 效能測試 33
5.4 準確性測試 34
第6章討論 35
6.1 記憶體不足 35
6.2 Allowlist的限制 35
第7章結論 37
第8章參考資料 38

參考文獻

[1] Gary Mullen, Liam Meany, "Assessment of Buffer Overflow Based Attacks," 22 July 2019.
[2] W. H. Mardiana bintiMohamad Noor, "Current research on Internet of Things (IoT) security: A survey," 27 Nov. 2018.
[3] "Linux Security Module Usage," [Online]. Available: https://www.kernel.org/doc/html/v4.16/admin-guide/LSM/index.html. [Accessed 19 Apr. 2022].
[4] Fan Dang, Zhenhua Li, Yunhao Liu, Ennan Zhai, Qi Alfred Chen, Tianyin Xu, Yan Chen, Jingyu Yang, "Understanding Fileless Attacks on Linux-based IoT Devices with HoneyCloud," 12 Jun. 2019.
[5] S. R. Department, "statista," Statista, 27 Nov. 2016. [Online]. Available: https://www.statista.com/statistics/471264/iot-number-of-connected-devices-worldwide/.
[6] Y. W. Preetha Thulasiraman, "A Lightweight Trust-Based Security Architecture for RPL in Mobile IoT Networks," 28 Feb. 2019.
[7] Diego M. Mendez Mena, Baijian Yang, "Blockchain-Based Whitelisting for Consumer IoT Devices and Home Networks," 14 Sep 2018.

指導教授

許富皓(Fu-Hau Hsu)

審核日期

2022-7-19

推文