| With the rapid development and wide application of IoT devices,the security of IoT devices has gradually become a huge attack target.Due to the limitation of hardware resources and complex architecture in IoT devices,it is difficult to deploy analysis modules.The general vulnerability mining technology is not completely applicable to IoT devices.Existing vulnerability mining frameworks are difficult to monitor the execution status and runtime information of program in IoT devices.This brings huge difficulties to the fuzzing of IoT device applications.After analysising existing IoT device vulnerability mining technology,this paper studies the static binary instrumentation technology for ARM architecture.static binary instrumentation technology makes firmware program can export the program execution status and runtime information,avoiding the deployment of dynamic analysis modules in the IoT devices.this paper also studies the coverage-based seed sample scheduling technology,and proposes coverage-based and model-constraint-based fuzzing test method.In fuzzing test,high-quality test samples are generated through model constraint technology,the direction of sample mutation is control by path feedback technology,so as to improving the efficiency of fuzzing test.This paper designs and implements an IoT vulnerability mining framework based on static binary instrumentation.Through the experiments with peach and random fuzzing test,it is proved that this framework can achieve higher code coverage and better fuzzing results in a shorter time.Some binary vulnerabilities are found during experiments.,which can achieve the effect of controlling program instruction register. |
PDF Full Text Request