物联网安全白皮书 绿盟科技创新中心 © 2016 绿盟科技 《物联网安全白皮书》 由绿盟科技创新中心撰写 绿盟科技持续关注物联网安全的相关信息 , 如需了解更多，请联系： 特别声明 为避免客户数据泄露，所有数据在进行分析前都已经匿名化处理，不会在中间环节出现 泄露，任何与客户有关的具体信息，均不会出现在本报告中。 版权声明 本文中出现的任何文字叙述、文档格式、插图、照片、方法、过程等内容，除另有特别注明， 版权均属绿盟科技所有，受到有关产权及版权法保护。任何个人、机构未经绿盟科技的书面授 权许可，不得以任何方式复制或引用本文的任何片断。 目录 一 . 物联网安全概述 ··················································································1 1.1 引言···········································································································1 1.2 物联网安全的体系结构 ······························································································································ 3 1.3 研究项目和标准化组织 ······························································································································ 4 1.3.1 物联网安全项目 ·················································································································· 4 1.3.2 TRUST ·································································································································· 6 1.3.3 OWASP Internet of Things Project··················································································· 6 1.3.4 CSA ······································································································································· 6 1.3.5 NIST······································································································································ 7 1.3.6 IoT Security Foundation ···································································································· 7 二 . 物联网安全需求及对策 ······································································9 2.1 引言···································································································································································· 9 2.2 隐私保护 ·························································································································································· 9 2.3 认证································································································································································· 10 2.4 访问控制管理 ·············································································································································· 10 2.5 数据保护 ······················································································································································· 11 2.6 物理安全 ······················································································································································· 11 2.7 设备保护和资产管理································································································································ 11 2.8 攻击检测和防御 ········································································································································· 12 2.8.1 拒绝服务攻击 ···················································································································· 12 2.8.2 病毒攻击 ···························································································································· 12 2.8.3 APT 攻击 ···························································································································· 12 2.8.4 蜜罐 ···································································································································· 13 2.9 态势感知 ······················································································································································· 13 2.9.1 异常行为检测 ···················································································································· 13 2.9.2 脆弱性评估 ························································································································ 13 2.9.3 威胁情报交换 ···················································································································· 14 2.9.4 可视化展示 ························································································································ 14 2.9.5 物联网事件响应措施 ········································································································ 14 2.10 通信保护 ········································································································