CN113221120A - Vulnerability detection method and system for application rules of Internet of things - Google Patents
Vulnerability detection method and system for application rules of Internet of things Download PDFInfo
- Publication number
- CN113221120A CN113221120A CN202110548140.2A CN202110548140A CN113221120A CN 113221120 A CN113221120 A CN 113221120A CN 202110548140 A CN202110548140 A CN 202110548140A CN 113221120 A CN113221120 A CN 113221120A
- Authority
- CN
- China
- Prior art keywords
- rule
- model
- application
- threat
- internet
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/57—Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
- G06F21/577—Assessing vulnerabilities and evaluating computer system security
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F8/00—Arrangements for software engineering
- G06F8/40—Transformation of program code
- G06F8/41—Compilation
- G06F8/42—Syntactic analysis
Landscapes
- Engineering & Computer Science (AREA)
- General Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Computer Hardware Design (AREA)
- Computer Security & Cryptography (AREA)
- Software Systems (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Computing Systems (AREA)
- Stored Programmes (AREA)
Abstract
The invention discloses a vulnerability detection method and system for application rules of the Internet of things, wherein the method comprises the following steps: acquiring an application source code, equipment description information and user configuration information from a control plane of the Internet of things; extracting an inter-process control flow graph from the application source code; converting the inter-process control flow graph into a rule form by combining the user configuration information and the equipment description information; establishing a physical space ontology model, fusing a rule form set to the physical space ontology model, and establishing a rule execution model; performing model slicing on the rule to obtain a plurality of sub FSM models without dependency relationship; the sub FSM is compressed in the model variable space, and compared with the threat expression to judge whether a threat vulnerability exists or not.
Description
Technical Field
The invention belongs to the technical field of Internet of things, and particularly relates to a vulnerability detection method and system for application rules of the Internet of things.
Background
With trillions of new devices, represented by intelligent household appliances, intelligent Internet of Things (IoT), intelligent wearable devices and the like, accessing networks, the Internet of Things (IoT) forms massive information data and abundant human-object and object-object interaction modes, and opens the era of Internet of everything interconnection. With the overall upgrade of the application requirements of the internet of things, a terminal user programming framework based on rules (trigger-action) is introduced into the internet of things, so that the service supply of the internet of things enters a new application era, the services of the internet of things are not fixedly coded in special equipment any more, and the user-oriented programmable service supply is realized. The rule-based service supply enables the technology of the internet of things to more efficiently fuse a physical space and an information space, but also enables traditional security threats of the physical space and non-traditional security threats of the information space to be mutually interwoven, and any potential safety hazard of the information space is possibly amplified into a very high-risk security threat in the physical space. By designing the automatic vulnerability detection method of the application rule of the Internet of things, the method has important significance for strengthening the security of the Internet of things and improving the application deployment efficiency of the Internet of things.
The rule-based internet of things application security analysis work draws wide attention at home and abroad at present, researchers examine the problem of potential safety hazards of the rule-based internet of things from different angles, and representative work comprises data flow defects, rule interaction threats, privacy leakage, dynamic security policy execution, rule automatic generation and the like. However, most of the existing methods focus on the execution security study of rules in the information space, and the logic security analysis at the rule semantic level is realized by using static software analysis or formalization method. However, in an actual environment of the internet of things, the execution behavior of the application rule is closely connected with the characteristics of the physical space, and the existing method has limitations in actual application. On the other hand, since the internet of things involves complex network environments and internet of things perception data, the expandability of vulnerability detection is ensured by sacrificing the comprehensiveness of detection by simplifying a rule model (for example, modeling concurrent rule execution behaviors as a serial formal model). Therefore, in order to solve the problem of vulnerability detection of the application rule of the internet of things, it is necessary to design a strict vulnerability detection method capable of comprehensively analyzing the execution behaviors of the application rule in the information space and the physical space and realizing the application rule.
Disclosure of Invention
In order to solve the technical problems, the invention provides a vulnerability detection method and system for application rules of the internet of things. Rule information is extracted statically from the application of the Internet of things, physical space body characteristics are fused to form a rule execution model, and then the safety detection of the rule model is realized by utilizing a formalization method.
A vulnerability detection method for application rules of the Internet of things comprises the following steps:
acquiring an application source code, equipment description information and user configuration information from a control plane of the Internet of things;
extracting an inter-process control flow graph from the application source code;
converting an entry, a path condition and an end point function of an inter-process control flow graph into application rules in a form of trigger-condition-action by combining user configuration information and equipment description information, wherein the application rules form an application rule set;
establishing a physical space ontology model, fusing an application rule set to the physical space ontology model, and establishing a rule execution model;
performing model slicing on the rule to obtain a plurality of sub FSM models without dependency relationship; compressing the model variable space of the sub FSM to obtain a rule execution model after state space optimization;
establishing a threat expression, comparing and matching the rule execution model after state space optimization with the threat expression, if a certain threat expression is matched, considering that a vulnerability possibly exists, then generating a security attribute or a live attribute by using the threat expression, performing model detection with the rule execution model, and confirming the effectiveness of the vulnerability.
In a further embodiment of the present invention, a specific obtaining manner of the inter-process control flow graph is as follows:
and traversing the abstract syntax tree of the application source code, extracting a control flow graph of each function in the application source code and a call graph between the functions by executing a path sensitive analysis method, and combining the control flow graph and the call graph into an interprocess control flow graph.
In a further embodiment of the invention, the inter-process control flow graph is divided into three types of application initialization, event scheduling and event processing according to different types of entry functions of the inter-process control flow graph.
In a further embodiment of the invention, the application rule is constructed in the form of "trigger-condition-action" as follows:
wherein t represents a trigger consisting of an event or a state change; a is the action that the rule form needs to take; l is a temporal semantic; c. CtIs a triggered condition set; c. CaIs a set of conditions before an action is performed.
In a further embodiment of the invention, the device description information consists of three parts, namely a device attribute, a value range and a device command; the user configuration information is a constant used in the rule constraint condition;
the inter-process control flow graph is converted into a rule form as follows:
setting a rule trigger t and a condition c to be null for a path for application initialization in the inter-process control flow diagram, and converting a variable assignment statement into an action a according to command information and constants of user configuration information in the device description information to form an initialized rule;
establishing a rule of null trigger and condition for a path used for event scheduling in an inter-process control flow diagram, setting delay l of the rule as scheduling delay set on the path, and forming an event scheduling rule by scheduling a device command in a corresponding function or an assignment statement modified by a system state;
for a path used for event processing in the inter-process control flow diagram, an entry event defined in a system function script is extracted and set as a trigger t, then a branch condition on the path is extracted and used as a condition c, and a command at the end of the path is an action a, so that a rule of event processing is formed.
In a further embodiment of the present invention, the rule execution model is specifically constructed as follows:
constructing a physical space ontology model comprising physical channels and physical equipment connection;
the model form of the physical channel is described as:
wherein the content of the first and second substances,
is of a retarded nature; a isiIs an action; l is temporal semantics; t is tjIs a trigger; c. CjIs a condition;
the model form of the physical connection is described as:
in the formula (I), the compound is shown in the specification,
and
all represent devices; a isiIs an action; r isjRepresenting a rule;
conversion of application rule set into finite state machine model based on physical channel and physical equipment connection
Where S is a finite non-empty set of states,
in the case of a state-transfer function,
is in an initial state; a state
Friend show property set of all objects
With sets of values
Each of the other rules riIs converted into a state transfer function σ (s, s') ∈ Σ, as follows:
if the current state s can match the rule riIs triggered and predicated on the condition, at which time
To be true, the finite state machine model performs riAt this time, the assignment statement Assigni(s); if the activation cannot be carried out, the state is kept unchanged; adding an auxiliary variable phi epsilon phi to each attribute variable for recording the value of the last state s' and adding a constraint condition in a rule predicate
Establishing a dependency relationship between rules by using the constructed physical channel and physical connection information, wherein the form of the dependency relationship is expressed as follows:
wherein, rule rjPredicate P ofjDependent on the rule riIs activei(ii) a And converting the application rule set into a rule execution model according to the dependency relationship.
In a further embodiment of the present invention, the specific manner of performing model slicing on the rule is as follows:
1) establishing expression dependent edge set Ee: an expression dependent edge represents two attributes aiAnd ajA rule operation ajAnd the predicate includes a constraint P consisting of aiDefining;
2) establishing a rule dependent edge set Er: one rule dependent edge means that one rule r uses the source attribute e.a of one expression dependent edge e and contains constraint P, and other rules using the source attribute e.a have dependency relationship with r;
3) slicing the model: this step uses ErExecuting forward traversal on the rule execution model, and dividing the rule execution model into a plurality of sub FSM models without dependency relationship; dependence on e for two rulesrAnd er', if a slice m contains erAnd comprises er' Source rule rs', without including its destination rule rt', then along rt' Forward traversal, complete slicing.
In a further embodiment of the present invention, the specific way of compressing the model variable space of the sub-FSM model is as follows:
judging variables which exist in the sub FSM model and are used for describing physical attributes, and deleting the variables if the variables do not relate to any assignment statement or constraint judgment; if the variable is an enumeration type and only a part of elements are used by the model, deleting the elements which are not used by the enumeration list flow; if the variable is a numerical variable, the values involved are compressed into a minimum continuous numerical space, and the variable is declared anew in the numerical space.
In a further embodiment of the present invention, the threat expressions are 7 in total: an action triggering interaction threat, an action scheduling perturbation threat, an action coverage threat, an action interruption threat, a conditional dynamic blocking threat, a scheduling conditional blocking threat, and a device disabling threat.
The invention provides another technical scheme that:
a system for the vulnerability detection method for the application rules of the Internet of things comprises the following steps:
the system comprises an application and configuration information crawler module, a network management module and a network management module, wherein the application and configuration information crawler module is used for acquiring application source codes, equipment description information and user configuration information from a control plane of the Internet of things;
the control flow graph constructing module is used for extracting an inter-process control flow graph from the application source code;
the rule construction module is used for converting an entrance, path conditions and an end point function of the inter-process control flow graph into an application rule in a form of trigger-condition-action in combination with user configuration information and equipment description information;
the model building module is used for building a physical space body model, fusing an application rule set extracted from an application source code to the physical space body model and building a rule execution model;
the model compression module is used for executing model slicing on the rule to obtain a plurality of sub FSM models without dependency relationship; compressing the model variable space of the sub FSM to obtain a rule execution model after state space optimization;
and the vulnerability detection module is used for establishing a threat expression, comparing and matching the rule execution model with the threat expression, if a certain threat expression is matched, considering that a vulnerability possibly exists, then generating a security attribute or a live attribute by using the threat expression, performing model detection with the rule execution model, and confirming the effectiveness of the vulnerability.
Compared with the prior art, the invention has the following beneficial effects:
1) according to the method and the device, the application source code, the equipment description information and the user configuration information are obtained from the control plane of the Internet of things, so that automatic application rule information extraction can be realized, and the accurate depiction of rule logic information is realized.
2) According to the invention, a physical space ontology model is established, the description of the execution behavior of the rule on the physical space is realized, and a completely accurate security analysis space is provided for vulnerability detection in the environment of the Internet of things.
3) The invention designs a model slice and variable space compression method based on physical characteristics, can realize an efficient regular model compression optimization method, and reduces the complexity of model detection.
4) The invention designs various novel rule execution threat modes and realizes accurate specification of rule security attributes. Meanwhile, based on the model detection of the security attribute and the live attribute, the comprehensiveness of vulnerability detection is ensured, and accurate and comprehensive security analysis results can be provided for users of the Internet of things.
In summary, the invention can automatically and accurately detect the vulnerability in the application of the internet of things by the model detection method for realizing the physical attribute perception, thereby providing a safety technical guarantee for the application of the internet of things in different fields.
Drawings
The accompanying drawings, which are incorporated in and constitute a part of this application, illustrate embodiments of the invention and, together with the description, serve to explain the invention and not to limit the invention. In the drawings:
fig. 1 is a schematic diagram of a vulnerability detection method oriented to application rules of the internet of things in the embodiment of the present invention.
FIG. 2 is a schematic view of a model slice in an embodiment of the present invention.
Fig. 3 is a schematic diagram of an internet of things application rule interaction threat pattern in the embodiment of the present invention. Wherein, 3a action covers, 3b action scheduling disturbs, 3c action interrupts, 3d action triggers the interaction, 3e equipment disables, 3f condition dynamic blocks, 3g scheduling condition blocks.
Fig. 4 is a schematic diagram of a vulnerability detection result in the embodiment of the present invention.
Fig. 5 is a schematic diagram of performance analysis of a rule vulnerability detection system in the embodiment of the present invention.
Detailed Description
The present invention will be described in detail below with reference to the embodiments with reference to the attached drawings. It should be noted that the embodiments and features of the embodiments in the present application may be combined with each other without conflict.
The following detailed description is exemplary in nature and is intended to provide further details of the invention. Unless otherwise defined, all technical terms used herein have the same meaning as commonly understood by one of ordinary skill in the art to which this application belongs. The terminology used herein is for the purpose of describing particular embodiments only and is not intended to be limiting of exemplary embodiments according to the invention.
In order to facilitate the understanding and implementation of the present invention for those of ordinary skill in the art, the present invention is further described in detail with reference to the accompanying drawings and examples, it is to be understood that the embodiments described herein are merely illustrative and explanatory of the present invention and are not restrictive thereof.
As shown in fig. 1, an embodiment of the present invention provides a vulnerability detection method and system for application rules of the internet of things, and the method includes: acquiring an application source code, equipment description information and user configuration information from a control plane of the Internet of things; extracting an inter-process control flow graph from the application source code; converting an entry, a path condition and an end point function of an inter-process control flow graph into application rules in a form of trigger-condition-action by combining user configuration information and equipment description information, wherein the application rules form an application rule set; establishing a physical space ontology model, fusing an application rule set to the physical space ontology model, and establishing a rule execution model; performing model slicing on the rule to obtain a plurality of sub FSM models without dependency relationship; compressing the model variable space of the sub FSM to obtain a rule execution model after state space optimization; establishing a threat expression, comparing and matching the rule execution model after state space optimization with the threat expression, if a certain threat expression is matched, considering that a vulnerability possibly exists, then generating a security attribute or a live attribute by using the threat expression, performing model detection with the rule execution model, and confirming the effectiveness of the vulnerability.
In the embodiment of the invention, the application of two different Internet of things platforms, namely SmartThings and IFTTT from Samsung is used as an implementation object, so that the universality of the method is ensured. The specific implementation of the embodiment of the invention comprises the following steps:
step 1: and automatically extracting rule information and constructing a form.
(1) And (3) constructing a control flow graph: to abstract an inter-process control flow graph (ICFG) in an abstraction networking application, embodiments of the invention employ an abstract syntax tree passer based on a Groovy code compiler, allowing additional code passing to be inserted through compiler hooks. And traversing the abstract syntax tree of the application source code in the stage of semantic analysis of the application code of the Internet of things by the compiler by using the abstract syntax tree transitioner, extracting a control flow graph of each function in the application source code and a call graph between the functions by executing a path sensitive analysis method, and further combining the control flow graph and the call graph into an interprocess control flow graph.
The ICFG is divided into three types of application initialization, event scheduling and event processing according to different types of ICFG entry functions: the application initialization ICFG is used for initializing information space variables and Internet of things equipment state information; the event scheduling ICFG realizes the scheduling of event processing functions by using system function descriptors; event processing ICFG is used to describe the code executed by an application in response to different events or state changes.
(2) And (3) rule form construction: in this embodiment, a rule is defined in the trigger-condition-action paradigm. When a trigger is generated, and the system state satisfies a condition, the system issues an action execution command. Thus, the present invention constructs the application rule as a form of "trigger-condition-action" as follows:
where t represents a "trigger" consisting of an event or state change; c ═ ct∪ctThe condition set of the rule r is used for judging whether the system state meets specific constraint; a is the action that the rule needs to take, and both triggers and actions are defined by the abstract interface provided by the control plane.
Because the regular execution behavior is associated with various characteristics of the Saybook space, when the trigger is generated, the trigger is controlled by the Internet of thingsThe platform itself may have delay or rule delay set by the user, and the action of the rule is not necessarily executed immediately; or the execution of the action needs to be completed within a certain time, such as the heating of a water heater. The internet of things is a concurrent system, and the difference of delay has an important influence on the accurate rule execution process. Therefore, the invention introduces the time semantic l into the formula (1) and divides c into ct(triggered set of conditions) and ca(set of conditions before action execution) two parts, in turn broadening the definition of rules to delay sensitive rule formalized delineation.
Based on the formally depicted rules, the ICFG extracted from the application of the Internet of things is converted into the rules shown in the bulletin (1). The specific mode is as follows:
firstly, the system acquires Internet of things equipment description information and user configuration information from an Internet of things control terminal. Each piece of equipment description information consists of three parts, namely equipment attribute, value range and equipment command. The user configuration information is then a constant used in the rule constraints, such as temperature threshold, action delay, etc. Based on the above information, this step converts the ICFG into a rule shown in equation (1) as follows:
1) setting a trigger t and a condition c of a rule to be null for a path for application initialization in an ICFG, and converting a variable assignment statement into an action a according to command information and a constant configured by a user in device description information to form an initialized rule;
2) establishing a rule of null trigger and condition for a path used for event scheduling in an ICFG, setting delay l as scheduling delay set on the path, and forming the rule of event scheduling by scheduling a device command in a corresponding function or an assignment statement modified by a system state;
3) for the path used for event processing in the ICFG, the entry event defined in the system function script is extracted, set as trigger t, and then the branch condition on the path is extracted as the rule condition c, and the command at the end of the path is the rule action a, forming the rule for event processing. If there is a delay on the path, a delay/is introduced.
Step 2: constructing a rule execution model;
the Internet of things system is divided into a control layer, an equipment layer and a physical environment from top to bottom. And analyzing the behavior characteristics of the rule execution in the control layer, the equipment layer and the physical environment, and establishing a rule execution model and a compression method. The specific mode is as follows:
first, a physical space ontology model of physical channels and physical device connections is established.
The physical channel model is referred to as the rule riAct a ofiExecution may change physical environment properties
And the physical environment attribute
Change of (3) triggering rule rjIs performed (i.e. its trigger t is satisfied)jOr condition cjActivation constraint of (d) in the form of:
due to environmental properties, among others
The change of the self value has different characteristics such as instantaneity or delay, and the time semantic l is introduced into the interactive relation to describe the action aiAfter execution, lazy attributes
It takes time l to activate tjOr cj。
The physical connection model refers to a device
And
the two parts are directly connected with each other,
closing action of (a)iCan result in
Fail and further with
Associated rule rjAnd (4) failing. The relationship is described as:
the two types of associations described above describe the rule execution dependencies resulting from physical environment characteristics.
Based on the physical space ontology model, converting the application rule set into a Finite State Machine (FSM) model
Where S is a finite non-empty set of states,
in the case of a state-transfer function,
is in an initial state. I consists of applying rules in ICFG for initialization and scheduling. A state
Property set representing all objects
With sets of values
Each of the other rules ri is then converted intoA state transfer function σ (s, s') ∈ Σ, as follows:
rule r if current state s can be modifiediTrigger and predicate activation of condition(s) (ii)
True), the FSM model executes riAction of (i.e. assignment statement Assign)i(s)); if it cannot be activated, the state is kept unchanged. For a finite state machine model, if
Always true, AssigniAnd(s) will be executed all the time, and the actual rule execution behavior of the Internet of things is violated. Therefore, in this example, each attribute variable is added with an auxiliary variable φ e φ for recording the value of the last state s', and a constraint condition is conditioned in the predicate of the rule
Indicating that the action is performed only if the state changes.
Then, establishing a dependency relationship between the rules by using the constructed physical channels and physical connection information, wherein the dependency relationship is expressed as:
representation rule rjPredicate P ofjDependent on the rule riIs activei。
For a channel-based dependency dcFirstly, a channel attribute variable a is introduced into FSMc(ii) a Then go through all transfer functions if one transfer function riWith an action a capable of changing the variable acAnd the variable acWhen it is a lazy attribute (slow change of value), add a new rule
Indicates that action r.a has elapsed time lc(by channel dependency dcAfter definition), the variable a is addedcChanging to a value that triggers the dependency. If the variable acIf it is an immediate attribute (value change instantaneously), the variable a is added directly to the action set of rcAn assignment statement of. If there is a rule rjIs dependent on the variable acEstablishing riAnd rjThe dependency relationship between them.
For a connection-based dependency dco(i.e. the
) Regular rule riIs dependent on
Two types of dependencies are established: 1) at riIs set up with constraints
To represent
When the valve is closed,
also closed, at which point the rule cannot be executed; 2) adding the constraint, representing
When closed, the last read status data is used. And 2, fusing the two ontology models with the application rule to find out the dependency relationship brought by the ontology models to the rule. The application rule set is converted into a rule execution model by such a dependency relationship.
And step 3: optimizing and compressing a model state space;
due to the nondeterministic states of a plurality of attribute variables, the rule execution model is parallel, and the actual execution process of the rule can be accurately described. But parallel models also result in a huge model state space. Therefore, a model slicing and state compression method is further introduced to establish a mixed rule model, as shown in fig. 2. The specific mode is as follows:
firstly, the slicing of the rule execution model is realized through the rule execution model established on the physical space ontology model, and the slicing is completed by three steps:
1) establishing expression dependent edge set Ee: an expression dependent edge represents two attributes aiAnd ajA rule operation ajAnd the predicate includes a constraint P consisting of aiAnd (4) defining. The step collects all attributes to form the expression dependent edge set;
2) establishing a rule dependent edge set Er: a rule dependent edge is that a rule r uses a source attribute e.a of an expression dependent edge e and contains a constraint P, and then other rules using the source attribute e.a all have a dependency relationship with r. This step constructs E by passing through the expression dependent edge setr;
3) Slicing the model: using ErA forward traversal is performed on the rule model, thereby segmenting the model into a plurality of sub-FSM models that do not have dependencies. Dependence on e for two rulesrAnd er', if a slice m contains erAnd comprises er' Source rule rs', without including its destination rule rt' the step is along rt' Forward traverse model, perfect slice.
Then, the model variable space is compressed on the sliced model. Since there are many variables in the FSM model that describe physical properties, these variables often have a large range of values (e.g., time, light illumination, etc.), which results in a large and redundant state space in the model. Therefore, in order to compress the state space brought by these variables, the state space explosion problem is avoided by compressing the value ranges of these variables. In particular, this step is carried out by analyzing all the values involved in the model for these variables: if a variable does not relate to any assignment statement or constraint judgment, indicating that the variable is redundant, and deleting the variable; if one variable is an enumeration type and only a part of elements are used by the model, deleting the elements which are not used by the enumeration list flow; if a variable is a numerical variable, the value it refers to is compressed into a minimum continuous numerical space, and the variable is declared again in the numerical space.
And 4, step 4: the rule threat mode establishes vulnerability detection with multi-attribute driving.
By analyzing the interaction effects between different rule actions and triggers, between actions and actions, and between actions and conditions, a threat pattern for rule execution is first established. As shown in fig. 3, the embodiment of the present invention proposes seven regular threat patterns: an action triggering interaction threat, an action scheduling perturbation threat, an action coverage threat, an action interruption threat, a conditional dynamic blocking threat, a scheduling conditional blocking threat, and a device disabling threat.
As shown in fig. 3, the seven threat patterns and the existing threat patterns are summarized and formally described as 7 threat expressions shown below:
1) the T1 action repeats: r isiAnd rjCan be activated simultaneously and with the same action:
2) t2 action conflict: r isiAnd rjCan be activated simultaneously, with conflicting actions:
3) t3 action-trigger interaction: r isiR can be activated directly or through a physical channelj:
4) The T4 actions cover: r isjCan cover riThe effect of (1):
5) t5 action interrupt: r isjWill interrupt riThe extension action is carried out:
6) t6 conditional occlusion: r isjWill block riThe conditions of (1):
7) the T7 device disables: r isjThe device can be disabled, thereby disabling riThe execution of (1):
based on the 7 threat expressions, firstly, the rule execution model to be detected is compared and matched with the threat expression, and whether the matching condition exists is detected. If so, describing the matched threat expression as a safety attribute or a live attribute by using linear time sequence logic (LTL) and branch time sequence logic (CTL); and then based on the generated attributes, performing formal verification on the rule execution model by using the existing model detection algorithm, and confirming the effectiveness of the vulnerability brought by the threat expression in the rule execution model.
For example, when an application breaks threat vulnerability discovery, a live attribute "a" is generatediWill result in ai′(aiFinish action) to confirm the rationality of the vulnerability by using model detection, and finally provide a state transition process for the specific formation of the vulnerability.
The method has the following effects:
in the embodiment of the invention, the vulnerability detection is carried out on 1108 applications of the Internet of things of SmartThings and IFTTT which are open sources. FIG. 4 shows the results of the present invention: V-I is a rule vulnerability of action repetition and action conflict threats, and 136 action repetition vulnerabilities and 52 action conflict vulnerabilities are discovered in the method; V-II is a rule bug of action-trigger interaction, and the invention discovers 67 bugs; V-III is action coverage, and 52 rule loopholes are discovered in the method; V-IV is a vulnerability of action interruption, and 45 vulnerabilities are discovered in the invention; V-V is a condition to block the loopholes, and 89 loopholes are found; V-VI is the equipment forbidding loophole, and the invention discovers 61 loopholes in total.
In addition, the invention also analyzes the performance of the vulnerability detection system. By testing the vulnerability analysis time of the invention under four conditions of no optimization on the model, only slicing on the model, only compressing on the model, and simultaneously slicing and compressing on the model, the performance analysis result is shown in fig. 5. Therefore, under the model slice and state space compression method designed by the invention, the vulnerability detection time which originally needs the minute level can be reduced to the millisecond level, and the vulnerability detection time is greatly shortened.
The embodiment of the invention also provides a system for the vulnerability detection method facing the application rule of the internet of things, which comprises the following steps:
the application and configuration information crawler module is used for automatically acquiring application source codes, equipment description information and user configuration information from the control plane of the Internet of things after a user gives user name and password information;
the control flow graph building module is used for extracting an inter-process control flow graph from an application source code by using a code static analysis method and recording application initialization, scheduling and event processing logic information;
the rule construction module is used for converting an entrance, path conditions and an end point function of the inter-process control flow graph into an application rule in a trigger-condition-action form by combining user configuration information and equipment description information, so as to realize accurate description of the application rule;
the model building module is used for building a physical space body model, including the change characteristics of physical space attributes, physical channels and physical equipment connection, fusing an application rule set extracted from an application source code to the physical space body model and building a rule execution model; the application rule set comprises a plurality of application rules in the form of trigger-condition-action;
the model compression module is used for executing model slicing on the rule to obtain a plurality of sub FSM models without dependency relationship; compressing the model variable space of the sub FSM to obtain a rule execution model after state space optimization, thereby improving the efficiency of model detection;
the vulnerability detection module is used for establishing a threat expression, comparing and matching the rule execution model with the threat expression, if a certain threat expression is matched, considering that a vulnerability possibly exists, then generating a security attribute or a live attribute by using the threat expression, performing model detection with the rule execution model, and confirming the validity of the vulnerability; when the existence of the logic defect is detected, specific rule information and user configuration information are presented to a user in a mode of a finite state transition diagram so as to improve the application rule and the configuration information.
It will be appreciated by those skilled in the art that the invention may be embodied in other specific forms without departing from the spirit or essential characteristics thereof. The embodiments disclosed above are therefore to be considered in all respects as illustrative and not restrictive. All changes which come within the scope of or equivalence to the invention are intended to be embraced therein.
Claims (10)
1. A vulnerability detection method for application rules of the Internet of things is characterized by comprising the following steps:
acquiring an application source code, equipment description information and user configuration information from a control plane of the Internet of things;
extracting an inter-process control flow graph from the application source code;
converting an entry, a path condition and an end point function of an inter-process control flow graph into application rules in a form of trigger-condition-action by combining user configuration information and equipment description information, wherein the application rules form an application rule set;
establishing a physical space ontology model, fusing an application rule set to the physical space ontology model, and establishing a rule execution model;
performing model slicing on the rule to obtain a plurality of sub FSM models without dependency relationship; compressing the model variable space of the sub FSM to obtain a rule execution model after state space optimization;
establishing a threat expression, comparing and matching the rule execution model after state space optimization with the threat expression, if a certain threat expression is matched, considering that a vulnerability possibly exists, then generating a security attribute or a live attribute by using the threat expression, performing model detection with the rule execution model, and confirming the effectiveness of the vulnerability.
2. The vulnerability detection method oriented to application rules of the internet of things of claim 1, wherein the specific acquisition mode of the inter-process control flow graph is as follows:
and traversing the abstract syntax tree of the application source code, extracting a control flow graph of each function in the application source code and a call graph between the functions by executing a path sensitive analysis method, and combining the control flow graph and the call graph into an interprocess control flow graph.
3. The vulnerability detection method oriented to application rules of the internet of things according to claim 2, characterized in that the inter-process control flow graph is divided into three types of application initialization, event scheduling and event processing according to different types of entry functions of the inter-process control flow graph.
4. The vulnerability detection method oriented to application rules of the internet of things of claim 3, wherein the application rules are constructed in the form of trigger-condition-action as follows:
wherein t represents a trigger consisting of an event or a state change; an action to be taken in a regular form; is a temporal semantic; c. CtIs a triggered condition set; c. CaIs a set of conditions before an action is performed.
5. The vulnerability detection method oriented to application rules of the internet of things of claim 4, wherein the device description information consists of three parts of device attributes, value ranges and device commands; the user configuration information is a constant used in the rule constraint condition;
the inter-process control flow graph is converted into a rule form as follows:
setting a rule trigger t and a condition c to be null for a path for application initialization in the inter-process control flow diagram, and converting a variable assignment statement into an action a according to command information and constants of user configuration information in the device description information to form an initialized rule;
establishing a rule of null trigger and condition for a path used for event scheduling in an inter-process control flow diagram, setting delay l of the rule as scheduling delay set on the path, and forming an event scheduling rule by scheduling a device command in a corresponding function or an assignment statement modified by a system state;
for a path used for event processing in the inter-process control flow diagram, an entry event defined in a system function script is extracted and set as a trigger t, then a branch condition on the path is extracted and used as a condition c, and a command at the end of the path is an action a, so that a rule of event processing is formed.
6. The vulnerability detection method oriented to application rules of the internet of things of claim 5, wherein the specific construction mode of the rule execution model is as follows:
constructing a physical space ontology model comprising physical channels and physical equipment connection;
the model form of the physical channel is described as:
wherein the content of the first and second substances,
is of a retarded nature; a isiIs an action; l is temporal semantics; t is tjIs a trigger; c. CjIs a condition;
the model form of the physical connection is described as:
in the formula (I), the compound is shown in the specification,
and
all represent devices; a isiIs an action; r isjRepresenting a rule;
conversion of application rule set into finite state machine model based on physical channel and physical equipment connection
Where S is a finite non-empty set of states,
in the case of a state-transfer function,
is in an initial state; a state
Property set representing all objects
With sets of values
Each of the other rules riIs converted into a state transfer function σ (s, s') ∈ Σ, as follows:
if the current state s can match the rule riIs triggered and predicated on the condition, at which time
To be true, the finite state machine model performs riAt this time, the assignment statement Assigni(s); if the activation cannot be carried out, the state is kept unchanged; adding an auxiliary variable phi epsilon phi to each attribute variable for recording the value of the last state s', and adding a constraint condition in a predicate of the rule
Establishing a dependency relationship between rules by using the constructed physical channel and physical connection information, wherein the form of the dependency relationship is expressed as follows:
wherein, rule rjPredicate P ofjDependent on the rule riIs activei(ii) a And converting the application rule set into a rule execution model according to the dependency relationship.
7. The vulnerability detection method oriented to IOT application rules of claim 6, wherein the specific way of performing model slicing on the rules is as follows:
1) establishing expression dependent edge set Ee: an expression dependent edge represents two attributes aiAnd ajA rule operation ajAnd the predicate includes a constraint P consisting of aiDefining;
2) establishing a rule dependent edge set Er: one rule dependent edge means that one rule r uses the source attribute e.a of one expression dependent edge e and contains constraint P, and other rules using the source attribute e.a have dependency relationship with r;
3) slicing the model: this step uses ErExecuting forward traversal on the rule execution model, and dividing the rule execution model into a plurality of sub FSM models without dependency relationship; dependence on e for two rulesrAnd er', if a slice m contains erAnd comprises er' Source rule rs', without including its destination rule rt', then along rt' Forward traversal, complete slicing.
8. The vulnerability detection method oriented to application rules of the internet of things of claim 7, wherein the specific mode of compressing the model variable space of the sub FSM model is as follows:
judging variables which exist in the sub FSM model and are used for describing physical attributes, and deleting the variables if the variables do not relate to any assignment statement or constraint judgment; if the variable is an enumeration type and only a part of elements are used by the model, deleting the elements which are not used by the enumeration list flow; if the variable is a numerical variable, the values involved are compressed into a minimum continuous numerical space, and the variable is declared anew in the numerical space.
9. The vulnerability detection method facing application rules of the internet of things of claim 8, wherein the threat expressions are 7 in total: an action triggering interaction threat, an action scheduling perturbation threat, an action coverage threat, an action interruption threat, a conditional dynamic blocking threat, a scheduling conditional blocking threat, and a device disabling threat.
10. A system for the vulnerability detection method for internet of things application rules of claim 1, comprising:
the system comprises an application and configuration information crawler module, a network management module and a network management module, wherein the application and configuration information crawler module is used for acquiring application source codes, equipment description information and user configuration information from a control plane of the Internet of things;
the control flow graph constructing module is used for extracting an inter-process control flow graph from the application source code;
the rule construction module is used for converting an entrance, path conditions and an end point function of the inter-process control flow graph into an application rule in a form of trigger-condition-action in combination with user configuration information and equipment description information;
the model building module is used for building a physical space body model, fusing an application rule set extracted from an application source code to the physical space body model and building a rule execution model;
the model compression module is used for executing model slicing on the rule to obtain a plurality of sub FSM models without dependency relationship; compressing the model variable space of the sub FSM to obtain a rule execution model after state space optimization;
and the vulnerability detection module is used for establishing a threat expression, comparing and matching the rule execution model with the threat expression, if a certain threat expression is matched, considering that a vulnerability possibly exists, then generating a security attribute or a live attribute by using the threat expression, performing model detection with the rule execution model, and confirming the effectiveness of the vulnerability.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110548140.2A CN113221120A (en) | 2021-05-19 | 2021-05-19 | Vulnerability detection method and system for application rules of Internet of things |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110548140.2A CN113221120A (en) | 2021-05-19 | 2021-05-19 | Vulnerability detection method and system for application rules of Internet of things |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN113221120A true CN113221120A (en) | 2021-08-06 |
Family
ID=77093489
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202110548140.2A Pending CN113221120A (en) | 2021-05-19 | 2021-05-19 | Vulnerability detection method and system for application rules of Internet of things |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN113221120A (en) |
Cited By (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN114281830A (en) * | 2022-03-01 | 2022-04-05 | 杭州涂鸦信息技术有限公司 | Rule mapping table construction method, rule matching method and device for multi-attribute conditions |
| CN115879868A (en) * | 2022-09-09 | 2023-03-31 | 南京审计大学 | Intelligent contract security audit method integrating expert system and deep learning |
| CN115982059A (en) * | 2023-03-21 | 2023-04-18 | 麒麟软件有限公司 | Method for implementing Shell script checking tool |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103268281A (en) * | 2013-05-07 | 2013-08-28 | 北京天广汇通科技有限公司 | Method and system for detecting vulnerability of source codes |
| CN111931181A (en) * | 2020-07-07 | 2020-11-13 | 北京理工大学 | Software logic vulnerability detection method based on graph mining |
| CN112699377A (en) * | 2020-12-30 | 2021-04-23 | 哈尔滨工业大学 | Function-level code vulnerability detection method based on slice attribute graph representation learning |
-
2021
- 2021-05-19 CN CN202110548140.2A patent/CN113221120A/en active Pending
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103268281A (en) * | 2013-05-07 | 2013-08-28 | 北京天广汇通科技有限公司 | Method and system for detecting vulnerability of source codes |
| CN111931181A (en) * | 2020-07-07 | 2020-11-13 | 北京理工大学 | Software logic vulnerability detection method based on graph mining |
| CN112699377A (en) * | 2020-12-30 | 2021-04-23 | 哈尔滨工业大学 | Function-level code vulnerability detection method based on slice attribute graph representation learning |
Non-Patent Citations (1)
| Title |
|---|
| YINBO YU, ET AL.: "TaPInspector: Safety and Liveness Verification of Concurrent Trigger-Action IoT System", ARXIV, pages 1 - 11 * |
Cited By (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN114281830A (en) * | 2022-03-01 | 2022-04-05 | 杭州涂鸦信息技术有限公司 | Rule mapping table construction method, rule matching method and device for multi-attribute conditions |
| CN114281830B (en) * | 2022-03-01 | 2022-08-30 | 杭州涂鸦信息技术有限公司 | Rule mapping table construction method, rule matching method and device for multi-attribute conditions |
| CN115879868A (en) * | 2022-09-09 | 2023-03-31 | 南京审计大学 | Intelligent contract security audit method integrating expert system and deep learning |
| CN115982059A (en) * | 2023-03-21 | 2023-04-18 | 麒麟软件有限公司 | Method for implementing Shell script checking tool |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN113221120A (en) | Vulnerability detection method and system for application rules of Internet of things | |
| Wang et al. | Charting the attack surface of trigger-action IoT platforms | |
| Tian et al. | {SmartAuth}:{User-Centered} authorization for the internet of things | |
| Classen et al. | What’s in a feature: A requirements engineering perspective | |
| US10956574B2 (en) | System and method for securing applications through an application-aware runtime agent | |
| US8516443B2 (en) | Context-sensitive analysis framework using value flows | |
| CN102624574B (en) | Security testing method and device for protocol implementation | |
| US8037000B2 (en) | Systems and methods for automated interpretation of analytic procedures | |
| Vannucchi et al. | Symbolic verification of event–condition–action rules in intelligent environments | |
| Newcomb et al. | IOTA: a calculus for internet of things automation | |
| Seifermann et al. | Detecting violations of access control and information flow policies in data flow diagrams | |
| Bernard | Requirements management within a full model‐based engineering approach | |
| Allamanis et al. | Smartpaste: Learning to adapt source code | |
| Joolia et al. | Mapping adl specifications to an efficient and reconfigurable runtime component platform | |
| Cámara | Haiq: Synthesis of software design spaces with structural and probabilistic guarantees | |
| CN114372519A (en) | Model training method, API request filtering method, device and storage medium | |
| Lawall et al. | WYSIWIB: exploiting fine‐grained program structure in a scriptable API‐usage protocol‐finding process | |
| Do Xuan et al. | A novel approach for software vulnerability detection based on intelligent cognitive computing | |
| Nair et al. | A static code analysis tool for control system software | |
| Shankar et al. | A policy-based management framework for pervasive systems using axiomatized rule-actions | |
| Chen et al. | Multi-platform application interaction extraction for iot devices | |
| Nitta et al. | An efficient security verification method for programs with stack inspection | |
| Janicke et al. | Analysis and run-time verification of dynamic security policies | |
| Bak et al. | SmartVisual: a visualisation tool for SmartThings IoT Apps using static analysis | |
| CN113031964B (en) | Big data application management method, device, equipment and storage medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |