Research On Patch Based IoT Firmware Binary Security Analysis Technology

In recent years,IoT(Internet of Things)has been widely used in various important areas of human daily life,and firmware binary security has become the core of IoT device security.In the past decades,due to the popularity of open source software clones,1-day vulnerabilities in IoT device firmware binaries are common.And,due to the increasing number of vulnerabilities,it is difficult for manufacturers to patch these 1-day vulnerabilities in a timely manner.Patch persence test and 1-day vulnerabilitydetection can effectively prevent unpatched 1-day vulnerabilities from being exploited by attackers.To address the problems of low applicability and low accuracy of the stateof-the-art patch persence test and 1-day vulnerability detection,this paper investigates the patch-based IoT firmware binary security analysis.The details are as follows:1.This paper presents three analyses from the perspective of IoT firmware binaries,including:the severity of patch delays in IoT firmware binaries;common patch patterns for source patches;and the impact of source patches on IoT firmware binaries.2.A source code patch that does not change any functions is called a functionirrevalent patch.To address the problem that the function-irrevalent patches lead to the low accuracy and low applicability of the patch persence test works e.g.Fiber,BinXray,and B2SFinder,his paper proposes a function-irrevalent patch existence detection,named PPTFI.PPTFI first understands function-irrevalent patches,and then carefully extracts code information and data information as patch signatures.Finally,PPTFI utilizes the extracted patch signatures to scan for unknown binaries in the IoT firmwares.The novel patch signature and data signature matching algorithms make PPTFI can be applied to function-irrevalent patches persence test,and can more accurately detect the existence of function-irrevalent patches with an accuracy of 77.54%.3.Downstream binaries contain a large number of code variants.Code variants are caused by compiling customized source code to different target architectures using different compilation environments.To address the low accuracy of downstream binary 1-day out-of-bounds vulnerability detection work e.g.Asm2Vec and BinXray,this paper proposes a patch-based 1-day out-of-bounds vulnerability detection for downstream binaries named P1OVD.P1OVD first generates a signature containing patch information and vulnerability root cause information.P1OVD then uses an accurate and robust matching algorithm to scan for unknown binaries in the IoT firmware.The novel vulnerability signature and patch signature matching algorithm enables P1OVD to more accurately detect 1-day out-ofbounds vulnerabilities in downstream binaries with an accuracy of 83.06%.