Research On Firmware Fuzzy Testing Method Based On Stain Analysis And Stake Insertion

With the development of information technology,a large number of Io T devices have entered households and have made remarkable achievements in various fields.However,the diversity of their architecture and poor performance due to their hardware characteristics make it difficult for mainstream security analysis techniques to be directly applied to the security analysis of firmware in these Io T devices.This characteristic has led to a generally low efficiency in the exploration of Io T devices,which has also resulted in many security issues as the number of devices has exploded.This phenomenon has increased the demand for vulnerability exploration of Io T devices by security personnel.This article proposes a firmware fuzz testing method based on taint analysis instrumentation to solve the problem of vulnerability exploration of firmware binary programs for Io T devices.The work mainly includes: 1)proposing a dynamic instrumentation method for firmware binary programs based on remote cross-debugging,running the firmware program through QEMU emulation on an x86 host,making the program independent of the real device,and using mature x86 architecture analysis tools to perform binary instrumentation on the emulated firmware through remote cross-debugging technology.2)proposing a taint analysis method based on dynamic binary instrumentation,which only instruments the simulation execution results through taint analysis-related information,further reducing the impact of instrumentation points on vulnerability exploration efficiency.The feedback information from the instrumentation can be transferred to the test case generation work,making the test set able to reach dangerous paths that can be exposed to external input data.3)proposing a feedback-based fuzzy test case mutation algorithm based on model constraints,by using the taint information obtained from binary dynamic instrumentation technology and the constraints of model constraint files,and selecting an appropriate test case mutation algorithm to process the test cases.By guiding the seed mutation process of fuzzy testing,the generated test cases are more effective,thereby improving the coverage of main dangerous paths in fuzzy testing.Through experimental comparisons,the firmware fuzz testing system TIFuzz proposed in this article can complete vulnerability exploration in a shorter time than the commonly used protocol fuzz testing tools Boofuzz and Peach,thereby improving the efficiency of fuzzy testing for Io T devices.