Analysis And Research Of Embedded Software Defects Based On Static Anaylsis Technology

The proliferation of embedded devices has driven the interconnection of the world,more and more embedded devices are accessible in cyberspace,such as routers,cameras,smart outlets,etc.Unfortunately,the software that runs on these embedded devices,also known as firmware,is vulnerable due to the vulnerabilities in their binary programs.Some approaches have attempted to detect vulnerabilities in the firmware of embedded devices,however,dynamic methods have poor scalability since they usually require a simulator to fuzz embedded devices.Existing static methods are not effective enough as they usually deal with lots of unnecessary keywords and paths.This thesis proposes a technique named binary files difference directed keyword extraction(BDKE for short).Vulnerabilities in firmware are usually fixed by patch versions.Therefore,by comparing the binary files in an original firmware and its patched version,we can extract those keywords closely related to vulnerabilities in the firmware.These keywords are then used to locate taint sources in back-end binary files.Next,we use the static taint analysis technique to track whether data from a taint source can reach a sink function without any sanitization checky so as to detect the taint-style vulnerabilities.In the phase of taint analysis,this thesis proposes a path optimization strategy to reduce redundant paths between taint sources and sink functions.This thesis combines BDKE technique with static taint analysis technique to build a defect detection prototype tool named BDTaint.This thesis selects 14 firmware from 3 embedded device vendors as a dataset,and evaluates BDTaint from three aspects:the effectiveness of extracted keywords,the effectiveness of static taint analysis,and the capability to detect vulnerabilities in real-world embedded software.The experimental results show that BDTaint can detect vulnerabilities in embedded software more effectively than SaTC,a static embedded software vulnerability detection tool.BDTaint discovered 38 new vulnerabilities,all of which were assigned CVE IDs.