Software Vulnerability Detection Techniques For Internet Of Things Devices

Internet of Things(IoT),as a new generation of information technology,has been deeply integrated with all aspects of the national economy and people's livelihood.More and more IoT devices are widely deployed in many security-critical areas after being connected through the network.Software is an important enabling component in IoT devices.If there are security vulnerabilities in the software system,they can be easily exploited by attackers in the network,causing catastrophic consequences.Therefore,it is an important issue to be resolved that detecting and eliminating vulnerabilities of software in IoT devices in time.The software in IoT devices mainly includes firmware,communication protocols,third-party libraries,and operating systems.The firmware is responsible for controlling underlying hardware,interacting with the external environment,monitoring data status,and collecting sensed data.The security vulnerabilities in it are the primary targets of the IoT attacks.The communication protocols are the basis for implementing the communication between IoT devices.The vulnerabilities in the process of design and implementation often cause the IoT to be subject to remote attacks and lose control of the device.The development of software in IoT devices often requires calling a large number of third-party libraries without the necessary security checks,resulting in a large number of hidden security hazards.This thesis addresses the requirement of software vulnerability detection for IoT devices.Based on static and dynamic testing approaches,we conduct key technical research on issues such as missing check vulnerability detection for data operation of third-party libraries,communication protocol vulnerability detection,and firmware image vulnerability detection.The main work includes the following aspects:(1)Aiming at the problem of missing-check vulnerability detection in the data operation of third-party libraries,a taint data-driven vulnerability analysis approach is proposed.First,we locate security-sensitive operations in the code based on static analysis.Then,we determine the availability of data used in security-sensitive operations based on taint analysis.Finally,we diagnose the existence of the missing-check vulnerability based on program slicing technique and evaluate its risk degree through contextual security metrics.This approach can effectively detect high-risk missing-check vulnerabilities in the IoT third-party libraries.(2)Aiming at the problem of communication protocol vulnerability detection,an intelligent awareness-driven greybox fuzzing approach is proposed.First,we extract syntax information of protocol packet from a protocol implementation,construct the protocol state machine based on static analysis.Then,we guide the effective test case generation and testing of key protocol states based on the protocol syntax and state machine model.Finally,we collect the semantic metrics of regions as feedback to guide the fuzzing to allocate more testing resource towards those regions which are more likely to be vulnerable.The approach is capable to improve the efficiency of communication protocol vulnerability detection based on the dynamic testing approach.(3)Aiming at the problem of firmware image vulnerability detection,a virtual peripheral-driven hybrid fuzzing approach is proposed.First,we construct a virtual execution environment for the firmware by symbolizing the peripherals to simulate the behavior of unknown peripherals,which is free of hardware device dependencies.Second,we generate valid inputs for a variety of peripherals based on the hybrid test case generation method.Third,we design the multi-dimensional coverage feedback guided strategy to optimize the test case generation;Finally,we establish the unified vulnerability detection mechanism and achieve the effective identification of typical firmware vulnerabilities.This approach can get rid of device dependence and perform effective vulnerability detection on the IoT firmware image.(4)Based on the above work,a software vulnerability detection system for IoT devices named Iot Bug Hunter is designed and implemented.The system supports the vulnerability detection of mainstream third-party libraries,communication protocols,and firmware images.It can detect important software vulnerabilities such as missing checks,buffer overflows,array out of bounds,null pointer references,double free,use-after-free,division-by-zero,mod-by-zero,integer overflow and so on.The effectiveness of Iot Bug Hunter has been evaluated and verified by large-scale experiments.23 software vulnerabilities confirmed by developers have been found and three CVE numbers have been obtained.