Research And Implementation Of Firmware Vulnerability Mining Technology Based On Binary Static Instrumentation And Feedback Fuzzing

Posted on:2022-07-16

Degree:Master

Type:Thesis

Country:China

Candidate:Y Q Sun

Full Text:PDF

GTID:2518306332967499

Subject:Cyberspace security

Abstract/Summary:

PDF Full Text Request

With the rapid development of Mobile Internet,Internet of Things and 5G,IoT devices are widely used in various fields,and the number of devices is experiencing unprecedented growth.However,due to the processor architecture,traditional and mature security analysis technologies,such as Taint Analysis Technology and Fuzz Technology Base on Feedback cannot be applied to the security analysis of IoT device firmware program,resulting in the low efficiency of security analysis for IoT device.This paper proposes a firmware vulnerability mining technology based on binary static instrumentation and feedback fuzzing to solve the problem of network program security analysis for IoT devices.The work of this paper mainly includes:1)Proposing an intelligent firmware interaction technology based on binary static instrumentation,applying binary static instrumentation technology to the simulation of hardware interaction,so that the target program can run on the x86 computer through QEMU;2)A binary static instrumentation technology based on taint information analysis is proposed.The taint analysis technology is applied to the ARM and MIPS architectures,and the binary static instrumentation technology is used to enable the target program to provide information feedback on related execution paths;3)Research and implement fuzzing testing technology based on model constraints and path feedback,based on the two technologies in 1)and 2)combined with fuzzing testing technology,performs feedback fuzz testing on related programs of IoT devices,so that the fuzzing samples are more concerned with the user-input-data related path rather than full execution path.Hence,improve the efficiency of the fuzzing test.After testing and comparison,compared with the current mainstream network protocol fuzzing tools Peach 3 and boofuzz,the Firmware Vulnerability Mining Technology based on Binary Static Instrumentation and Feedback Fuzzing prototype system iootfuzzer proposed in this paper can achieve a higher coverage and improve the efficiency of fuzzing for IoT devices.

Keywords/Search Tags:

iot devices, taint flow analysis, binary instrumentation, fuzz

PDF Full Text Request

Related items

1	Research And Application Of Offline Taint Analysis Technology For IoT Devices
2	Research Of Binary Program‘s Buffer Overflow Based On Dynamic Taint Analysis
3	Research Of Dynamic Data Flow Analysis Technology Application In Malware Analysis
4	Research On Taint-Analysis-Oriented Binary Program Analysis And Vulnerability Mining
5	Dynamic Symbolic Taint Analysis Of Binary Programs
6	Buffer Overflow Detection Based On Dynamic Binary Instrumentation Framework
7	Research On Methods Of Applying Fuzzing To Binary-programs Vulnerabilities Discovery
8	Research On Vulnerability Detection Of Binary Program Based On Dynamic Taint Analysis
9	Research On Key Techniques Of Concolic-Based Fuzz Testing To Binary Software
10	Design And Implementation Of Taint Detection Based On Dynamic Binary Translation