Font Size: a A A

Security Analysis Of Embedded Device Firmware

Posted on:2021-08-02Degree:MasterType:Thesis
Country:ChinaCandidate:H M WuFull Text:PDF
GTID:2518306047988159Subject:Master of Engineering
Abstract/Summary:
In recent years,with the rapid development of Io T technology,various embedded Io T devices have gradually become popular.Among them,the promotion of the ”smart home” concept has made traditional home appliances such as refrigerators and televisions more and more intelligent,and the software running on the devices have become more and more powerful.However,limited by the update strategy of the equipment manufacturers and the user’s usage habits,these embedded devices often run outdated or vulnerable firmware,which brings security risks to users.Due to the characteristic of hardware architecture,performance limitations,and weak scalability of embedded devices,the industry has always been challenging to analyze the security of its firmware,including operating systems and applications.In this thesis,a dynamic security analysis framework for ARM embedded device firmware is designed and implemented to verify the security of user-mode network services offered by the device.Compared with the existing methods,the framework can diagnose and repair programs that are not working correctly in the virtual environment to improve compatibility.The implementation of the framework is based on software emulation and doesn’t require actual hardware while applying security verification,which makes it more practical and has better compatibility.In particular,to improve the compatibility of the dynamic analysis framework,this thesis first designed a simulation environment that can support as much firmware as possible.The implementation records the execution trace of the program during the execution.For the service daemon that encountered any problem,it analyzes the execution trace to find the cause of its error and proposes repair suggestions.In order to perform security analysis on the network service provided by an embedded device,the analysis framework first extracts its root file system from the device’s firmware image and finds the service daemon and its startup arguments through static analysis.After the program is started,the framework records the execution trace of the program through recording the code blocks executed by the program and the register state before and after the code is executed,and communicating with the dynamic link library that is preloaded by the program to monitor API call operations.For service daemons that work correctly,the framework uses vulnerability scanning scripts to detect the vulnerabilities.For programs that do not work properly,the framework chooses various solutions to fix them based on their final status.Specifically,for a service daemon that has performed some network initialization steps,the framework looks for the fail cause based on the parameters used in its system call.For service daemons that have not yet performed the network initialization step,the framework restores the external functions trace from its execution trace,and performs a reverse taint analysis based on VEX IR to find function calls that lead the execution to a wrong branch.Finally,for the service daemon with fail cause found,the framework attempts to repair and re-run the program by adjusting the emulation environment or interfering with the control flow of the program to analyze its security.Based on PANDA and angr,this article implements a prototype system of the analysis framework,and collects 223 embedded device firmware from mainstream vendors to analyze and evaluate the Web service daemon inside it.The result shows that the framework has good compatibility,can effectively verify the security of embedded device firmware,and achieves the design goals.
Keywords/Search Tags:Embedded Linux, Security of Firmware, Dynamic Analysis, QEMU, VEX IR
Related items