| Due to the progress of information technology and the rapid development of the Internet of Things,the attack frequency of Internet of Things equipment is getting higher and higher,and the security of hardware equipment has attracted more and more attention.How to detect the security defects and vulnerabilities in the firmware of equipment and realize the simple,fast and effective detection of the firmware program of equipment has gradually become the focus of security analysts.Aiming at the security problems existing in Internet of Things equipment,this paper analyses many factors that restrict the security analysis of Internet of Things equipment,and deeply studies the taint analysis technology.Aiming at the common Internet of Things equipment system platform as the target equipment and experimental platform,the cross-debugging of device firmware program,intermediate representation conversion,program simulation execution and tain analysis are deeply studied and improved.The main work and contributions of this paper are as follows:1.The development of taint analysis technology is studied and summarized.According to the different ways of implementation,taint analysis technology is divided into four main ways: hardware expansion,software rewriting,virtual environment and code execution.The main advantages and disadvantages of each method are compared and analyzed.On this basis,the taint analysis is divided into two parts: the real execution on the target device and the simulated execution on the host.The communication between the two parts is realized by cross-debugging.Through this method,the preparation work of taint analysis can be reduced,the applicability of taint analysis tools can be improved,and the development requirements of basic performance of taint analysis can be maintained.2.A dynamic instrumentation framework based on debugging script is implemented.The existing instrumentation tools are studied,and on this basis,the Valgrind framework is improved,and the dynamic instrumentation framework based on gdb cross-debugging script is realized.In this way,the framework can use the device entity environment to complete the establishment of the contamination analysis environment,and obtain the run-time information of firmware program through gdb cross-debugging.3.A simulated execution engine based on intermediate representation is implemented.In order to realize the cross-platform application of the system,this paper proposes to transform the obtained program-related information into intermediate representation statement,and execute simulate execution and taint analysis at the level of intermediate representation statement.In this way,the prototype system can be easily implemented on different platforms.Security analysts do not need to rewrite the whole framework,only need to add the intermediate representation conversion module of the corresponding platform to realize the migration of the framework.4.A taint analysis framework based on simulated execution is proposed and implemented.In order to improve the accuracy of taint analysis,this paper classifies the intermediate statement into seven categories according to taint propagation,and formulates corresponding taint propagation strategies.Especially for the function of libc library function,the dissemination strategy of contamination propagation and harmless treatment is formulated,which reduces the workload of contamination analysis and improves the efficiency of analysis.5.The validity of the prototype system is verified and the efficiency of the program is evaluated.This paper validates and evaluates the test data set with buffer overflow vulnerabilities,and verifies that the system can detect stack overflow and heap overflow vulnerabilities in firmware programs more effectively.On this basis,this paper uses the binutil64 toolset as a test set to evaluate the impact of the prototype system on the program efficiency. |
PDF Full Text Request