CN116881923A

CN116881923A - IoT device security management method, system, medium and device

Info

Publication number: CN116881923A
Application number: CN202310854332.5A
Authority: CN
Inventors: 杨雁翔; 王彬; 杨卓伟; 冯谦
Original assignee: Beijing Menshi Information Technology Co ltd
Current assignee: Beijing Menshi Information Technology Co ltd
Priority date: 2023-07-12
Filing date: 2023-07-12
Publication date: 2023-10-13

Abstract

The present disclosure relates to an IoT device security management method, system, medium, and device, the method comprising: the latest security detection strategy library of the server is issued through a cloud management platform which is connected with the server; when an operation event is monitored, acquiring a current parameter value of the IoT device, and when a vulnerability is determined according to the current parameter value and a target parameter value in the latest security detection policy library, generating an alarm log and transmitting the alarm log and the current parameter value to a cloud management platform for security management policy determination; and performing vulnerability control according to the security management and control strategy determined by the cloud management platform so as to block the vulnerability. The method and the system of the disclosure determine the security management and control policy based on the alarm log generated by the input IoT device in the vulnerability, the current parameter value of the IoT device and the operation log of the IoT device in the appointed time, ensure that the security management and control policy is more accurate, improve the security management and control of the IoT device and ensure the security of the internet of things.

Description

IoT device security management method, system, medium and device

Technical Field

The present disclosure relates to the field of internet of things, and more particularly, to an IoT device security management method, system, medium, and device.

Background

IoT is an abbreviation for Internet Of Things (internet of things). The internet of things is a network which is based on information carriers such as the internet, a broadcast television network, a traditional telecommunication network and the like and enables all common physical objects which can be independently addressed to realize interconnection and intercommunication.

As IoT technology evolves and sinks, the universal interconnect era is coming. Currently, the number of internet of things devices worldwide reaches 100 billion, and is expected to increase to 220 billion by 2025. Similar to the development process of the mobile internet, the traditional equipment which is independent, isolated and safe originally becomes a terminal in the internet of everything through network connection. The equipment itself has many entrances and control modes, and this provides convenience of operation for the user, and the more exposed face, attack face have also been formed.

On the one hand, serious fragmentation of IoT devices and security awareness of design developers are weak, resulting in various vulnerabilities in factory firmware. On the other hand, because the lot of operating system that IoT itself used, the architecture that uses is not unified, and the firmware format is more different from manufacturer to manufacturer, and the diversification brings customization and differentiation to IoT equipment, simultaneously also has the challenges to firmware safety automation detection.

The firmware decompression and risk analysis technology based on manpower cannot solve the overall risk assessment of the firmware file system; for the existing plug-in firmware security detection technical scheme, the automatic analysis and the brief risk result output of a single firmware are still relied on, so that the problems of various types and quantity of the IoT firmware and the need of flow and batch completion of security assessment are not solved.

At present, a plurality of Internet of things devices in the Internet of things are different in size and different in defending capability against safety problems. Once a security problem occurs in one internet of things device, the problematic internet of things device becomes a break for attacking the whole internet of things, which affects the security of the whole internet of things.

Therefore, in the application of the internet of things, a method for controlling the security of the internet of things equipment is a technical problem to be solved urgently.

Disclosure of Invention

The method aims to solve the technical problem that the prior art lacks a safety management and control method of the internet of things equipment.

To achieve the above technical object, the present disclosure provides an IoT device security management method, including:

the latest security detection strategy library of the server is issued through a cloud management platform which is connected with the server; wherein the latest security detection policy library is generated by the cloud management platform based on latest vulnerability information revealed in real time by a vulnerability revealing standard platform and device fingerprint information of the IoT device; the device fingerprint information is used for indicating state information of the Internet of things device in normal operation;

When an operation event is monitored, acquiring a current parameter value of the IoT device, and when a vulnerability is determined according to the current parameter value and a target parameter value in the latest security detection policy library, generating an alarm log and transmitting the alarm log and the current parameter value to a cloud management platform for security management policy determination;

the current parameter value comprises a specific parameter value which is currently possessed by the IoT device and corresponds to each target monitoring index required by a security detection policy in the latest security detection policy library; the security detection strategy in the latest security detection strategy library also comprises target parameter values corresponding to each target monitoring index;

and performing vulnerability control according to the security management and control strategy determined by the cloud management platform so as to block the vulnerability.

Further, the determining that the vulnerability exists according to the current parameter value and the target parameter value in the latest security detection policy library specifically includes:

scheduling a vulnerability scanning tool by using the acquired scanning related parameter information, wherein the scanning related parameter information is acquired based on a vulnerability scanning request and is synchronized to a cloud management platform;

performing vulnerability scanning on the data to be scanned in the acquired related data by utilizing the vulnerability scanning tool, and outputting a vulnerability scanning result;

And performing association analysis according to the vulnerability scanning result, the vulnerability information data and the penetration condition to obtain vulnerability-affected data, and evaluating the vulnerability repair priority of the vulnerability-affected data.

Further, the method for scheduling the vulnerability scanning tool by using the acquired scanning related parameter information, wherein the scanning related parameter information is acquired based on a vulnerability scanning request and is synchronized to a cloud management platform specifically comprises the following steps:

using a cloud provider API, accessing a block storage volume of a workload maintained in a cloud management platform; identifying an installed software application in the accessed block storage volume;

analyzing the identified installed software applications to determine associated software versions;

accessing a data structure of known software vulnerabilities of multiple versions of a software application;

performing a lookup of the identified installed software version in the data structure to identify a known vulnerability;

and identifying one or more of the known software vulnerabilities and the identified known software vulnerabilities using network accessibility information and at least one port, wherein the known software vulnerabilities and the identified known software vulnerabilities are vulnerable to attacks from outside the workload.

Further, the network accessibility information includes at least one of: data from external data sources, cloud provider information, and/or at least one network capture log.

Further, performing a lookup of the identified installed software version in the data structure to identify a known vulnerability specifically includes:

collecting, by at least one processor, data relating to a plurality of network resources over a network, the data including an application risk level and a network location;

searching, with the at least one processor, to identify a known vulnerability by performing operations comprising;

determining vulnerability scores corresponding to the vulnerabilities of the network resources;

determining a severity score for the network resource based on the application risk level and a network location of the network resource;

integrating each vulnerability score and corresponding severity score of the network resource to create a two-dimensional risk ranking;

calculating a vulnerability index as a weighted sum of vulnerabilities associated with the application and the host;

and generating a user interface that displays a comparison of the infrastructure vulnerability index and the application vulnerability index.

To achieve the above technical object, the present disclosure also provides an IoT device security management system, comprising:

the detection measurement construction module is used for issuing the latest security detection strategy library of the server through the cloud management platform which is connected with the server;

wherein the latest security detection policy library is generated by the cloud management platform based on latest vulnerability information revealed in real time by a vulnerability revealing standard platform and device fingerprint information of the IoT device; the device fingerprint information is used for indicating state information of the Internet of things device in normal operation;

the vulnerability detection module is used for acquiring the current parameter value of the IoT device, generating an alarm log when determining that a vulnerability exists according to the current parameter value and a target parameter value in the latest security detection policy library, and sending the alarm log and the current parameter value to a cloud management platform for security management policy determination;

And the vulnerability blocking module is used for carrying out vulnerability control according to the security management and control strategy determined by the cloud management platform so as to block the vulnerability.

performing association analysis according to the vulnerability scanning result, vulnerability information data and penetration conditions to obtain vulnerability-affected data, and evaluating vulnerability repair priority of the vulnerability-affected data;

the method for scheduling the vulnerability scanning tool by using the acquired scanning related parameter information, wherein the scanning related parameter information is acquired based on a vulnerability scanning request and is synchronized to a cloud management platform specifically comprises the following steps:

To achieve the above technical object, the present disclosure also provides a computer storage medium having stored thereon a computer program for implementing the steps of the above-described method for IoT device security management when executed by a processor.

To achieve the above technical objective, the present disclosure also provides an electronic device including a memory, a processor, and a computer program stored on the memory and executable on the processor, the processor implementing the steps of the above method for IoT device security management when executing the computer program.

The beneficial effects of the present disclosure are:

the method and the system of the disclosure determine the security management and control policy based on the alarm log generated by the input IoT device in the vulnerability, the current parameter value of the IoT device and the operation log of the IoT device in the appointed time, ensure more accurate determination of the security management and control policy, further improve security management and control of the IoT device and ensure security of the internet of things.

Drawings

FIG. 1 shows a flow schematic of the method of embodiment 1 of the present disclosure;

FIG. 2 shows a user interface schematic diagram of embodiment 1 of the present disclosure;

FIG. 3 shows a schematic structural diagram of a system of embodiment 2 of the present disclosure;

fig. 4 shows a schematic structural diagram of embodiment 4 of the present disclosure.

Detailed Description

Hereinafter, embodiments of the present disclosure will be described with reference to the accompanying drawings. It should be understood that the description is only exemplary and is not intended to limit the scope of the present disclosure. In addition, in the following description, descriptions of well-known structures and techniques are omitted so as not to unnecessarily obscure the concepts of the present disclosure.

Various structural schematic diagrams according to embodiments of the present disclosure are shown in the drawings. The figures are not drawn to scale, wherein certain details are exaggerated for clarity of presentation and may have been omitted. The shapes of the various regions, layers and relative sizes, positional relationships between them shown in the drawings are merely exemplary, may in practice deviate due to manufacturing tolerances or technical limitations, and one skilled in the art may additionally design regions/layers having different shapes, sizes, relative positions as actually required.

Under the scientific research design and batch assembly production planning tasks carried out by the multi-network discrete manufacturing main support unit, numerous suppliers are carried out and organized to provide numerous goods and materials at planned time nodes so as to ensure the cooperative matching of the development design stage and the batch supply stage, and the completion of the development or manufacturing delivery tasks is an integral industry cooperative matching, and the cooperative process is seriously changed into low efficiency, high management cost and large labor investment by the multi-network requirements of the main support unit, and the human error risk cannot be controlled and avoided.

Vulnerability management refers to the process of capturing, tracking, evaluating, and repairing vulnerabilities existing in software during a software development phase or software runtime. The purpose of vulnerability management is to ensure that products quickly repair security vulnerabilities before release or after online and timely repair vulnerabilities to produce unnecessary losses.

Vulnerability management includes the following important links:

1. vulnerability discovery: vulnerabilities may be discovered by a variety of approaches such as vulnerability scanning tools, hacking, and user feedback. The discovery of the loopholes requires timely recording of the loophole information so as to track and check the loopholes.

2. Vulnerability tracking: the state of the loophole is tracked to comprise information such as the triggering time of the loophole, the level of the loophole, the time of the loophole repair and the like, so that developers can repair the loophole more quickly.

3. And (5) grading loopholes: vulnerability classification refers to classifying the degree of harm of the vulnerability, and is classified into three levels of high, medium and low according to the severity of the vulnerability so as to quickly identify and process the vulnerability.

4. Vulnerability restoration: bug fixes are one of the core steps of bug management. The developer needs to conduct deep analysis and repair on the loopholes so as to eliminate potential safety hazards.

5. And (3) verifying loopholes: verification is needed after bug repair, so that bug problems which are repaired but not completely eliminated are avoided.

6. Vulnerability examination: vulnerability examination refers to examination of a vulnerability repair process to ensure that the repaired vulnerability can completely eliminate potential safety hazards.

7. Vulnerability summary: and timely summarizing security vulnerabilities and weaknesses existing in the vulnerability breaking program, and timely repairing the security vulnerabilities and weaknesses so as to avoid reproduction of similar problems.

IoT application vulnerability management refers to the process of discovering, monitoring, evaluating, and repairing application vulnerabilities in the IoT (internet of things) application domain. In this management process, vulnerabilities existing in IoT applications need to be evaluated, the severity and availability of the vulnerabilities determined, and corresponding countermeasures taken to minimize the risk of the IoT applications being attacked.

IoT application vulnerability management is an evolving process that includes the main steps of:

1. discovering vulnerabilities: vulnerabilities in IoT applications and devices are monitored in various ways, such as discovering new vulnerabilities, fixing existing vulnerabilities, or monitoring vulnerabilities for repeatable testing.

2. Evaluating vulnerabilities: and determining the severity of the vulnerability, including availability analysis, attack difficulty assessment, business impact analysis caused by the vulnerability and the like.

3. Performing vulnerability management: generating solutions, isolating or correcting vulnerabilities by suitable means and procedures, reducing security risks, and ensuring availability and integrity of the system.

4. Monitoring loopholes: and monitoring and managing the repaired and unrepaired vulnerabilities, ensuring that the vulnerabilities cannot appear in the system for the second time, summarizing experience, and continuously correcting so as to ensure the safety of the application and the system.

5. Preventive measures: meanwhile, the new purchasing equipment is strictly inspected, so that the equipment is fully tested for safety before being approved to be online, and meanwhile, enterprises also strengthen the prevention and management of potential safety hazards in the IoT application, such as equipment access control, vulnerability scanning, weak password checking and the like.

IoT application vulnerability management is a key element in ensuring IoT application, device, and system security and reliability. When developing, deploying and maintaining the IoT application, appropriate vulnerability management measures should be taken to discover and repair vulnerabilities in time, so as to protect the confidentiality of service, user information and the safety of the IoT device itself.

Vulnerability management is a very important ring in the process of software development and operation. The security holes in the software are timely found, evaluated and repaired through the comprehensive system hole management flow, so that the security and reliability of the software are guaranteed, and the software can always keep a manual operation state.

Embodiment one:

vulnerability management methods for IoT applications typically include the following aspects:

iot device and application vulnerability management: vulnerability management is performed on IoT devices and applications, including vulnerability collection, analysis, evaluation, implementation of repair measures, and the like. In the vulnerability management process, links such as discovery, disclosure, repair, verification and the like of the vulnerability can be performed, so that the safety of the IoT device and the application program is ensured.

2. Security vulnerabilities database: establishing a security vulnerability database to record vulnerabilities, and periodically updating vulnerability information and security risks related to the vulnerability information, as well as influences and defensive measures on the system.

Iot security hole scan: periodic security scanning is performed, security vulnerability testing is automatically performed on IoT devices and applications, and functionality is provided to administrators to identify and produce vulnerability reports.

4. Security hole analysis: the newly discovered or reported vulnerabilities are evaluated and analyzed, including attack techniques, scope of impact, risk level, etc., of the vulnerabilities to determine vulnerability levels and priorities.

5. Repairing the security hole: and according to the estimated and analyzed vulnerability grade and priority, timely taking corresponding repair measures including patch updating, configuration changing, authorization changing and the like so as to eliminate the risk of the vulnerability.

In summary, for vulnerability management of IoT devices and applications, a complete vulnerability management system needs to be established, including full lifecycle management policies such as discovery, recording, evaluation, repair, etc. of vulnerabilities. In addition, ioT devices and applications should be monitored and scanned for security periodically to discover and repair vulnerabilities, and to maximize the security and reliability of IoT systems.

An improvement based on the conventional IoT loophole management method described above, as shown in fig. 1:

the present disclosure provides an IoT device security management method, comprising:

s101: the latest security detection strategy library of the server is issued through a cloud management platform which is connected with the server;

wherein the latest security detection policy library is generated by the cloud management platform based on latest vulnerability information revealed in real time by a vulnerability revealing standard platform and device fingerprint information of the IoT device;

the device fingerprint information is used for indicating state information of the Internet of things device in normal operation;

The device fingerprint information herein may include at least one of the following:

a) The device securely initiates class information. In application, the starting steps of the internet of things equipment are as follows in sequence:

BootRom- > BootLoader- > kernel/operating system- > device application. Each step is possibly tampered illegally, so that each step needs to be checked for integrity and legitimacy, and the next step can be started only if the verification is not tampered/legal after the verification is passed. Based on this, as an embodiment, the device security boot class information may include integrity and validity verification parameters such as hash value/digital signature of each hardware in the boot step of the internet of things device, for example, the device security boot class information may sequentially include: hash value/digital signature value of BootRom; hash value/digital signature value of BootLoader; hash value/digital signature value of kernel/operating system; hash value/digital signature value applied by the device. Alternatively, the device security start-up class information may be information when the device leaves the factory.

b) Device operational status class information. In an application, the device operational status information includes at least one of: process blacklist/whitelist, file blacklist/whitelist, network connection blacklist/whitelist, network traffic threshold interval, operating system configuration whitelist. Alternatively, the process whitelist/whitelist may include: process name, parent process name, process hash value. File blacklists/whitelists may include: file name, file hash value; the network connection blacklist/whitelist may include: IP address (device external connection or external internal connection), port, protocol; the network flow preset interval can be a flow preset interval in a normal running state of the equipment; operating system configuration whitelist: normal baseline configuration of all functions of the operating system. Alternatively, the device operation state type information may be information when the device leaves the factory.

c) Device resource occupancy class information. In an application, the device resource occupancy information includes at least one of: CPU occupancy threshold, memory occupancy threshold, disk occupancy threshold, kernel object number, network connection number. Alternatively, the device resource occupation type information may be information when the device leaves the factory.

d) Normal energy consumption information of the equipment. Alternatively, the normal energy consumption information of the device may be information when the device leaves the factory.

The security detection strategies in the latest security detection strategy library also comprise target parameter values corresponding to the target monitoring indexes.

In a scheme of a first embodiment of the present disclosure, scan detection of IOT vulnerabilities is performed according to versions, information, fingerprints, revealed exploit programs, vulnerability configurations, abnormal behavior, and so on.

S102: when an operation event is monitored, acquiring a current parameter value of the IoT device, and when a vulnerability is determined according to the current parameter value and a target parameter value in the latest security detection policy library, generating an alarm log and transmitting the alarm log and the current parameter value to a cloud management platform for security management policy determination;

S103: and performing vulnerability control according to the security management and control strategy determined by the cloud management platform so as to block the vulnerability.

In the embodiment, when the matched security management and control strategy for blocking the loopholes is determined, the device analysis model is based on the alarm log generated by the input IoT device in the loopholes, the current parameter value of the IoT device and the running log of the IoT device in the appointed time, so that the previous log is referred to for analysis, and the accuracy of determining the security management and control strategy is improved.

It should be noted that, the IoT device security management method and the vulnerability management platform of the present disclosure may be used to aggregate vulnerabilities, perform asset management, vulnerability information standardization, threat level evaluation (based on device location, access management, and vulnerability jeopardy), whether a manufacturer issues a repair patch, whether protection can be performed by a security product, situation presentation, external threat situation, and work order circulation.

and generating a user interface that displays a comparison of the infrastructure vulnerability index and the application vulnerability index. The user interface is shown in fig. 2.

A drawback that exists in the design, implementation, operation, and control of computer network systems that may be exploited by attackers to create system security hazards is known as Vulnerability (vulnerabilities). Because flaws of network application programs or other programs are unavoidable, an intruder can easily implement an attack by utilizing vulnerability existing in a network system, and the confidential information of the attacked system is obtained, even the super authority of the attacked system is obtained. These actions may all lead to compromised confidentiality, integrity and usability of the system.

In order to facilitate the understanding of the network vulnerability index by the country-related functional departments, qualitative description and definition of the network vulnerability index is required. According to the calculation result of the network vulnerability index, the network vulnerability is classified into 5 grades of 'excellent, good, medium, bad and dangerous', and the specific meanings of each grade are shown in table 1.

Table 1 qualitative description of network vulnerability index

Embodiment two:

as shown in fig. 2:

to solve the above technical problems, the present disclosure also provides an IoT device security management system, comprising:

the detection measurement construction module 201 is configured to issue a latest security detection policy library of a server through a cloud management platform that has established a connection with the server;

the vulnerability detection module 202 is configured to obtain a current parameter value of the IoT device, generate an alarm log when determining that a vulnerability exists according to the current parameter value and a target parameter value in the latest security detection policy library, and send the alarm log and the current parameter value to a cloud management platform for security management policy determination;

and the vulnerability blocking module 203 is configured to perform vulnerability control according to the security management policy determined by the cloud management platform to block the vulnerability.

Embodiment III:

the present disclosure can also provide a computer storage medium having stored thereon a computer program which, when executed by a processor, performs the steps of the method of IoT device security management described above.

The computer storage media of the present disclosure may be implemented using semiconductor memory, magnetic core memory, drum memory, or magnetic disk memory.

Semiconductor memory devices mainly used for computers mainly include two types, mos and bipolar. The Mos device has high integration level, simple process and slower speed. Bipolar devices have complex processes, high power consumption, low integration, and high speed. After the advent of NMos and CMos, mos memories began to dominate semiconductor memories. NMos is fast, e.g., 1K bit SRAM access time from Intel corporation is 45ns. And the CMos has low power consumption, and the access time of the CMos static memory with 4K bits is 300ns. The semiconductor memories are all Random Access Memories (RAM), i.e. new contents can be read and written randomly during operation. While semiconductor read-only memory (ROM) is randomly readable but not writable during operation and is used to store cured programs and data. ROM is in turn divided into two types, non-rewritable fuse read-only memory-PROM and rewritable read-only memory EPROM.

The magnetic core memory has the characteristics of low cost and high reliability, and has practical use experience of more than 20 years. Core memory has been widely used as main memory before the mid-70 s. Its storage capacity can be up to above 10 bits, and its access time is up to 300ns. The internationally typical core memory capacity is 4 MS-8 MB with access cycles of 1.0-1.5 mus. After the rapid development of semiconductor memory replaces the location of core memory as main memory, core memory can still be applied as mass expansion memory.

A magnetic drum memory, an external memory for magnetic recording. Because of its fast information access speed, it works stably and reliably, and although its capacity is smaller, it is gradually replaced by disk memory, but it is still used as external memory for real-time process control computers and middle and large-sized computers. In order to meet the demands of small-sized and microcomputer, a microminiature magnetic drum has appeared, which has small volume, light weight, high reliability and convenient use.

A magnetic disk memory, an external memory for magnetic recording. It has the advantages of both drum and tape storage, i.e. its storage capacity is greater than that of drum, and its access speed is faster than that of tape storage, and it can be stored off-line, so that magnetic disk is widely used as external memory with large capacity in various computer systems. Magnetic disks are generally classified into hard disks and floppy disk storage.

Hard disk memory is of a wide variety. Structurally, the device is divided into a replaceable type and a fixed type. The replaceable disk platter is replaceable, and the fixed disk platter is fixed. The replaceable and fixed magnetic disks have two types of multi-disc combination and single-disc structure, and can be divided into fixed magnetic head type and movable magnetic head type. The fixed head type magnetic disk has a small capacity, a low recording density, a high access speed, and a high cost. The movable magnetic head type magnetic disk has high recording density (up to 1000-6250 bit/inch) and thus large capacity, but has low access speed compared with the fixed magnetic head magnetic disk. The storage capacity of the disk product may be up to several hundred megabytes with a bit density of 6 bits per inch and a track density of 475 tracks per inch. The disk group of the disk memory can be replaced, so that the disk memory has large capacity, large capacity and high speed, can store large-capacity information data, and is widely applied to an online information retrieval system and a database management system.

Embodiment four:

the present disclosure also provides an electronic device comprising a memory, a processor, and a computer program stored on the memory and executable on the processor, the processor implementing the steps of the method of IoT device security management described above when the computer program is executed.

Fig. 4 is a schematic diagram of an internal structure of an electronic device in one embodiment. As shown in fig. 4, the electronic device includes a processor, a storage medium, a memory, and a network interface connected by a system bus. The storage medium of the computer device stores an operating system, a database, and computer readable instructions, wherein the database can store a control information sequence, and the computer readable instructions, when executed by a processor, can cause the processor to implement a method for secure management of an IoT device. The processor of the electrical device is used to provide computing and control capabilities, supporting the operation of the entire computer device. The memory of the computer device may have stored therein computer readable instructions that, when executed by the processor, may cause the processor to perform a method of IoT device security management. The network interface of the computer device is for communicating with a terminal connection. It will be appreciated by persons skilled in the art that the architecture shown in fig. 4 is merely a block diagram of some of the architecture relevant to the present inventive arrangements and is not limiting as to the computer device to which the present inventive arrangements are applicable, and that a particular computer device may include more or fewer components than shown, or may combine some of the components, or have a different arrangement of components.

The electronic device includes, but is not limited to, a smart phone, a computer, a tablet computer, a wearable smart device, an artificial smart device, a mobile power supply, and the like.

The processor may in some embodiments be comprised of integrated circuits, for example, a single packaged integrated circuit, or may be comprised of multiple integrated circuits packaged with the same or different functionality, including one or more central processing units (Central Processing unit, CPU), microprocessors, digital processing chips, graphics processors, a combination of various control chips, and the like. The processor is a Control Unit (Control Unit) of the electronic device, connects various components of the entire electronic device using various interfaces and lines, and executes various functions of the electronic device and processes data by running or executing programs or modules stored in the memory (for example, executing remote data read-write programs, etc.), and calling data stored in the memory.

The bus may be a peripheral component interconnect standard (peripheral component interconnect, PCI) bus or an extended industry standard architecture (extended industry standard architecture, EISA) bus, among others. The bus may be classified as an address bus, a data bus, a control bus, etc. The bus is arranged to enable a connection communication between the memory and at least one processor or the like.

Fig. 4 shows only an electronic device with components, and it will be understood by those skilled in the art that the structure shown in fig. 4 is not limiting of the electronic device and may include fewer or more components than shown, or may combine certain components, or a different arrangement of components.

For example, although not shown, the electronic device may further include a power source (such as a battery) for supplying power to the respective components, and preferably, the power source may be logically connected to the at least one processor through a power management device, so that functions of charge management, discharge management, power consumption management, and the like are implemented through the power management device. The power supply may also include one or more of any of a direct current or alternating current power supply, recharging device, power failure detection circuit, power converter or inverter, power status indicator, etc. The electronic device may further include various sensors, bluetooth modules, wi-Fi modules, etc., which are not described herein.

Further, the electronic device may also include a network interface, optionally, the network interface may include a wired interface and/or a wireless interface (e.g., WI-FI interface, bluetooth interface, etc.), typically used to establish a communication connection between the electronic device and other electronic devices.

Optionally, the electronic device may further comprise a user interface, which may be a Display, an input unit, such as a Keyboard (Keyboard), or a standard wired interface, a wireless interface. Alternatively, in some embodiments, the display may be an LED display, a liquid crystal display, a touch-sensitive liquid crystal display, an OLED (Organic Light-Emitting Diode) touch, or the like. The display may also be referred to as a display screen or display unit, as appropriate, for displaying information processed in the electronic device and for displaying a visual user interface.

Further, the computer-usable storage medium may mainly include a storage program area and a storage data area, wherein the storage program area may store an operating system, an application program required for at least one function, and the like; the storage data area may store data created from the use of blockchain nodes, and the like.

In the several embodiments provided in the present invention, it should be understood that the disclosed apparatus, device and method may be implemented in other manners. For example, the above-described apparatus embodiments are merely illustrative, and for example, the division of the modules is merely a logical function division, and there may be other manners of division when actually implemented.

The modules described as separate components may or may not be physically separate, and components shown as modules may or may not be physical units, may be located in one place, or may be distributed over multiple network units. Some or all of the modules may be selected according to actual needs to achieve the purpose of the solution of this embodiment.

In addition, each functional module in the embodiments of the present invention may be integrated in one processing unit, or each unit may exist alone physically, or two or more units may be integrated in one unit. The integrated units can be realized in a form of hardware or a form of hardware and a form of software functional modules.

The embodiments of the present disclosure are described above. However, these examples are for illustrative purposes only and are not intended to limit the scope of the present disclosure. The scope of the disclosure is defined by the appended claims and equivalents thereof. Various alternatives and modifications can be made by those skilled in the art without departing from the scope of the disclosure, and such alternatives and modifications are intended to fall within the scope of the disclosure.

Claims

1. An IoT device security management method, comprising:

when an operational event is monitored, obtaining a current parameter value of the IoT device;

generating an alarm log and sending the alarm log and the current parameter value to a cloud management platform for security management and control policy determination;

2. The method of claim 1, wherein the scheduling the vulnerability scanning tool using the acquired scan-related parameter information, the scan-related parameter information being acquired based on the vulnerability scanning request and synchronized to the cloud management platform specifically comprises:

performing a lookup of the identified installed software version in the data structure to identify a known software vulnerability;

3. The method of claim 2, wherein the network accessibility information comprises at least one of: data from external data sources, cloud provider information, and/or at least one network capture log.

4. The method of claim 2, wherein performing a lookup of the identified installed software version in the data structure to identify a known vulnerability specifically comprises:

5. An IoT device security management system, comprising:

a vulnerability detection module to obtain a current parameter value of the IoT device;

and identifying one or more of the known software vulnerabilities and the identified known software vulnerabilities using network accessibility information and at least one port, wherein the known software vulnerabilities and the identified known software vulnerabilities are vulnerable to attack from outside the workload;

6. The system of claim 5, wherein performing a lookup of the identified installed software version in the data structure to identify a known vulnerability specifically comprises:

7. An electronic device comprising a memory, a processor, and a computer program stored on the memory and executable on the processor, when executing the computer program, implementing the steps corresponding to the IoT device security management method recited in any of claims 1-4.

8. A computer storage medium having stored thereon computer program instructions, which when executed by a processor are adapted to carry out the steps corresponding to the IoT device security management method recited in any of claims 1-4.