Research And Implementation Of Component Relationship Construction Method In Software Supply Chain Of Internet Of Things

With the advance of the Internet of Things technology and the complexity of the Internet of Things software,security problems arising from the reuse of components in the Internet of Things software supply chain are endless.Therefore,how to construct the component relationship network in the Internet of Things software supply chain is of great significance for analyzing the security of the Internet of Things software supply chain.Since the components of the Internet of Things can be compiled in different architectures,it brings certain difficulties both to the analysis of the version reference relationship of the components and the analysis of the homology relationship of the components in the construction of the Internet of Things component relationship.For component version reference relationship analysis problem,different compilation architectures result in different instruction sets and different instruction logic semantic expressions for Io T component.Thus,it's difficult to perform unified and large-scale component version information analysis for components of different architectures.For component homology relationship analysis problem,Io T components use different architectures and compilation options when compiling,resulting in different optimization levels of component binary file codes.And it's difficult to compare cross-architecture and cross-compilation binary file codes.The existing homology analysis method has insufficient consideration of the importance of different nodes in the component function call graph,so it cannot accurately express the homology relationship.In response to these challenges,this paper studies and implements a component version extraction method and a component homology analysis model,and based on the method and the model,a prototype system for building the relationship between the components of the Internet of Things software supply chain is implemented.The researches of this paper includes:·Researched and implemented a cross-architecture component version extraction method based on intermediate language.This method converts component binary codes of different architectures into intermediate language representations and combines data flow analysis to achieve large-scale extraction of component version information.In the experiment,the accuracy rate of this method in the benchmark test set is 97.02%,and the extraction rate in the version extraction experiment of the real scene is 96.48%.·Researched and implemented a cross-architecture component homology analysis model based on graph neural network.The model extracts the attributed function call graph features of two compared components firstly,and it uses Graph SAGE network and attention mechanism to fuse the graph embedding representation,and then enters the NTN network to get the similarity score.The score determines whether the two components have a homologous relationship.In multiple test sets of different scales,this homology analysis model achieved a high accuracy rate,with an average accuracy rate of 96.96%.·Based on the proposed component version extraction method and homology analysis model,this paper designs and implements a prototype system for the construction of the component relationship of the Io T software supply chain.The system can perform automated component extraction of firmware,and perform component version analysis and homology relationship analysis,and constructs a component relationship network.The system builds a component relationship network of the Internet of Things software supply chain based on real scene data.Through system testing and verification,the system can realize the construction of the relationship between the components of the Internet of Things software supply chain.