Research And Application Of Offline Taint Analysis Technology For IoT Devices

In recent years,the IoT technology has developed rapidly,the scale of use of IoT devices has continued to grow,and the application scenarios have continued to be enriched.However,the frequent occurrence of IoT security incidents has caused an expanding impact,and people are paying more and more attention to the security issues of the IoT.The taint analysis technology is one of the important methods of program analysis.Its core idea is to mark sensitive program data as taint,track and analyze its propagation process in the program,so as to support the detection of program vulnerabilities or sensitive data leakage.One of the characteristics of IoT devices is the diversity of their architectures.How to perform taint analysis on IoT devices with complex and changeable architectures and realize the detection of security vulnerabilities in the devices has become one of the research focuses in the field of IoT security.Aiming at the problem of poor versatility and low efficiency of the IoT device taint analysis platform,the paper studies the crossarchitecture offline taint analysis technology and application of the IoT device.The main work and contributions are as follows:1.Propose and implement a dynamic instrumentation framework for physical devices based on binary rewriting,which solves the problem of low efficiency of traditional dynamic instrumentation platforms for IoT devices.The framework uses binary rewriting technology to achieve dynamic instrumentation,and uses cross-compilation technology to apply it to a variety of physical devices to achieve program running tracking and program runtime information acquisition.Through testing,the local instrumentation efficiency of the framework is better than the Pin instrumentation platform in most cases,and the remote instrumentation efficiency is about28.7 times that of the gdb+gdbserver platform,and there is no need to build a complex virtual analysis environment,which improves the efficiency of instrumentation.2.Implemented an offline taint analysis framework based on intermediate language,and solved the problem of cross-system architecture integrated analysis of IoT devices and reuse of taint analysis results.The framework first converts the binary program code into a unified VEX intermediate language,and converts the program runtime information obtained by dynamic instrumentation into dynamic execution information of the VEX intermediate language,and realizes the taint propagation strategy based on the VEX intermediate language;then through dynamic insertion The separation of pile and taint analysis realizes offline taint analysis,which can reuse the result of one dynamic instrumentation to multiple taint analysis,which improves the flexibility of the analysis framework.Through testing,the prototype system can realize the taint analysis of X86,AMD64,ARM multiple architectures,the introduction of taint sources,and the taint propagation function.The efficiency of taint analysis has been greatly improved compared to the firmware dynamic taint analysis platform.3.A vulnerability detection technology based on offline taint analysis is implemented.Corresponding vulnerability detection methods are proposed for common binary vulnerabilities,and the mechanism and impact of stack overflow,format string,heap overflow,UAF and Double Free vulnerabilities are carried out.Based on the analysis,the corresponding taint mark detection rules are formulated according to the characteristics of the vulnerability data dissemination,and the effectiveness of the vulnerability detection rules is verified through experiments.The specific location of the vulnerability can be located by analyzing the log and the taint result display interface.