Research On Heuristic Simulation And Vulnerability Detection For Typical IoT Device Firmware

With the development of information technology,more and more Internet of Things(IoT)devices are connected to the global Internet,and cyber security incidents against IoT devices occur frequently.Typical IoT devices with wide distribution,such as routers and IP network cameras,have become the primary targets of malicious attacks.Therefore,the security of the IoT has received extensive attention from security researchers.The importance of firmware as the core software running on IoT devices is self-evident.As a result,research on firmware security is also emerging.However,due to the characteristics of hardware heterogeneity and software closed source of IoT devices,these studies still have limitations such as reliance on physical equipment or poor effect of safety analysis.To improve these shortcomings,this paper conducts research on automated simulation and fuzzing technology for typical IoT device firmware,to realize efficient IoT device software vulnerability detection technology that can be separated from the device entity.The main work and contributions are as follows:(1)Aiming at the problems of high complexity and low execution efficiency of system-level firmware simulation,this paper designs and implements a heuristic process-level simulation technology for IoT device.By analyzing the simulation process of IoT device firmware,a layered model to solve the simulation problem is proposed.After that,based on the dynamic binary instrumentation technology,the tracking and interception of system calls and library function calls are realized,and the running information is sensed and analyzed autonomously in the pre-simulation stage by using this technology.Firmware simulation is supported by repairing the simulation environment from the file,peripheral,network,and process level.This method improves the automation level,execution efficiency and transparency of firmware simulation.(2)Aiming at the limitations of the existing IoT device firmware fuzzing methods in terms of vulnerability detection range and efficiency,this paper designs and implements a fuzzingbased firmware key program vulnerability detection technology.According to the highly structured features of data processed by network service programs represented by Web and Universal Plug and Play in IoT devices,and the strong coupling features of internal files in firmware,data constraint information is extracted from firmware to achieve structured test case seed generation and mutation technology,and improve the pertinence of seed generation and the directionality of mutation in fuzzing.After that,by researching and improving the AFL fuzzer,empower it with the capabilities of testing web service programs as well as detecting command injection vulnerabilities,and optimize its performance.(3)The above research and implementation are tested and analyzed.In the automatic simulation experiment for firmware,compared with the system-level simulation,the execution speed was improved by 31.16%,and the simulation success rate was 75.47%.In the constraint mutation fuzzing experiment,the speed of fuzzing execution and the number of path discovery are improved compared with the control method.In the network service vulnerability detection experiment for 6 firmware,10 buffer overflow and command injection vulnerabilities were detected,which showed better vulnerability detection ability than the control method.The above tests verify the validity of the research done in this paper,as well as the usability in vulnerability detection of network services for typical IoT devices,indicating that it is meaningful to improve the security of IoT devices.