Research On Embedded Software Security Analysis Based On Program Semantics

Embedded systems are changing our lives every day,and their complexity increases with the diversity of applications and the improvement of processor architecture.In various embedded platform applications,there are a large number of applications from untrusted third parties.Unauthenticated third-party applications will cause security problems such as user privacy disclosure.Taint analysis is one of the commonly used information leakage detection methods in embedded applications.Through the process of tracking the tainted source and analyzing the propagation of taint,it can effectively track the data flow in embedded programs and ensure the security of information flow.However,traditional taint analysis method ignores the program semantics,resulting in the loss of accuracy.In addition,traditional taint analysis relies on manually configured taint sources and taint sinks,which requires a lot of energy.Therefore,it is necessary to propose a high-precision method to realize the automatic classification of taint sources and taint sinks point.To address problems of precision loss and labor cost in embedded system taint analysis,using natural language processing technology,taint analysis method based on semantic information is studied,and designs and implements the embedded program taint analysis system based on deep semantic information.The specific contributions are as follows:1)In Chapter 3,based on the in-depth analysis of existing solutions,aiming at solving security problems such as privacy disclosure in embedded system applications,we propose and design an embedded program taint analysis method based on shallow semantic information by integrating natural language processing technology into the process of taint analysis.Through experimental tests,compared with traditional tools,this method can effectively improve the accuracy of overall taint analysis by using shallow semantic features.2)In Chapter 4,based on the existing embedded program taint analysis methods based on shallow semantics,aiming at solving problems of incomplete semantic information extraction,we propose an embedded program taint analysis method based on deep semantic information,which integrates the deep semantic information into the features of automatic classification of sensitive sources and sensitive sinks by deep neural network,so as to reduce the cost of similarity calculation.The experimental results show that,this method can perform taint analysis of embedded programs more efficiently and accurately.3)In Chapter 5,based on the actual communication scene between UAV and airborne computer,we implement the semantic security analysis prototype system of embedded system,and carry out test experiments.The results show that this system has completed the functions of function analysis,sentence vector embedding,semantic feature extraction,sensitive source and sensitive sink classification,taint analysis and so on.Meet the basic requirements of information leakage detection in embedded system communication scenario.Based on the above research contents and system implementation,they can promote the improvement of information flow security research of embedded programs in China,and provide support for its standard formulation and application development.