| With the rapid development of IoT software and hardware technology,the number of IoT devices connected in the network is also increasing rapidly.Web services are the attack surface directly exposed to the outside world in IoT devices,and there are widespread security vulnerabilities on them.BinaryCGI,as a data processing program for Web services in IoT devices,will cause serious harm if it were vulnerable.Vulnerability mining based on fuzzing is a widely used method in both academia and industry.However,due to the complex hardware and software architecture of IoT devices,limited operating resources and source-closed programs,the existing fuzzing testing framework cannot be directly applied to BinaryCGI.Besides,BinaryCGI has its own unique data input,output and processing methods,resulting in the existing fuzzing framework lacking the running status information of BinaryCGI,and the fuzzing data cannot be effectively used..This paper designs and implements the IoT BinaryCGI vulnerability mining system based on fuzzing.Its main work includes:(1)Implementing dynamic binary instrumentation based on QEMU,which frees BinaryCGI from the dependence on the hardware operating environment and can be used to support fuzzing process.(2)According to the data processing characteristics of BinaryCGI,an environment variables input model based on lazy-feedback and format constraints is designed,which can generate high-quality fuzzing test seed samples and effectively utilize the test data generated by the fuzzer.Finally,an experiment is designed to carry out fuzzing process on BinaryCGI in a variety of IoT devices,and the vulnerability mining ability of CGIFuzzer is tested and analyzed.The experimental results show that the dynamic binary instrumentation subsystem in CGIFuzzer can better support BinaryCGI instrumentation in IoT devices compared with the existing dynamic binary instrumentation frameworks,and CGIFuzzer can achieve better vulnerability mining results than AFL. |
PDF Full Text Request