The Technology Of Large-Scale Automated Security Analysis On Firmware

With the rapid development of network and communication technologies,everything is able to be connected to the Internet.IoT devices,which include home routers,IP cameras,wireless printers and so on,are crucial parts facilitating to build pervasive and ubiquitous networks.As the number of IoT devices around the world increases,the security issues become more and more serious.The weak security of IoT devices could be the result of market competition,because it is crucial to enter the market as early as possible,and this competition puts great pressure on design and implementation of products.Vendors try to develop fancy functions to draw the consumers' eyes,thus the security of products could be neglected.In order to improve the poor security of IoT devices,we need to strengthen the security of firmware.So we should put vulnerability detection the first place,then we can submit the flaws of devices to the vendors,and wait for the technology supporters the fix the flaws and release new firmware of secure version for updating.But unlike traditional program analysis,there are few commercial off-the-shelf tools support firmware analysis.As IoT devices are of great quantity and many varieties,some small scale analysis tools in recent paper are not sufficient enough to deal with the problem.It is necessary to develop a framework which is capable of performing automated large-scale analysis on many firmware.The current industrial chain is that different vendors may choose the same subcontractor,and one device may consist of components from different subcontractor.As the development kit and development tools are not unified,different devices may run on same or similar binary files,and they may be affected by the same vulnerabilities in their common library file or executable file.Homology analysis on firmware can show the upstreams of different firmware,we can reason the propagation of vulnerabilities from the upstream to the devices.It's significant for firmware security analysis.The main work of this paper is as follows:·We build the firmware dataset with all 4459 products' firmware provided by Netgear and D-Link manufacturer's official website.We firstly use the web crawler and multi-thread downloader to obtain the firmware images,then unpack the images and extract the root file system,at last we make qemu images for each root file system and emulate each of them on Qemu in an automated way to build a fast automated analysis environment.·We present the threat model for logical flaws detection of embedded device,and point out that the vulnerability detetion based on symbol execution is not able to be automated and difficult to complete large-scale analysis tasks.Thus we suggest a method of logical flaw detection based on fuzz test.With two unknown vulnerabilities and two known vulnerabilities being found,our approach is proved to be effective for fast automated analysis.·We cluster the executable files and library files in 1498 root file system which we successfully extract from our firmware dataset,and present the statistics of our experiment.It is valuable for homology analysis.