| In recent years,with the vigorous development of Internet of Things technology,the Internet of Everything has become a reality.IoT devices represented by smart homes have brought great convenience to people’s lives,but they are also accompanied by many security issues.Fuzzing on the web services of IoT devices is the mainstream dynamic analysis method in the field of IoT security research.However,due to the differences and performance limitations of IoT devices,the existing fuzzing framework can not generate seeds that satisfy message dependencies,and the legitimacy of the message structure generated by mutation is low,which seriously affects the vulnerability mining ability and efficiency of the existing fuzzing framework.In this thesis,a simulation-based firmware fuzzing system on web interface is designed and implemented to solve the problems that the fuzzing test seed does not satisfy the message dependency and the validity of the mutated message is low.The main contributions of this thesis are as follows:1)Aiming at the problem that fuzzing seed does not satisfy the message dependency,a seed generation technology based on message dependency is proposed,the Associated Message Sequence(AMS)satisfying the message dependency is used as the seed of fuzzing,which effectively improves the quality of the fuzzing test seed.2)Aiming at the problem of illegal structure after seed mutation,a seed mutation technology based on protocol constraints is proposed,which can not only ensure the deformity of seed mutation,but also ensure the structural legitimacy of the mutated message.3)This thesis proposesthe fuzzing technology combining Associated Message Sequence and protocol constraints,designs and implements the fuzzing system on firmware web interface based on this theory,named SmartFuzz.The system supports the automatic simulation and fuzzing on the firmware of IoT devices,and successfully found three known vulnerabilities and one 0 Day vulnerability.Through experimental comparison and analysis,the methods proposed in this thesis can effectively solve the problem that the fuzzing seed does not satisfy the message dependency and the structure of the seed is invalid after mutation,and the fuzzing system on firmware web interface based on simulation designed and implemented in this thesis has efficient vulnerability mining ability. |