%0 Journal Article %T 基于污点跟踪的固件漏洞定位研究<br>Research on the localization of firmware vulnerability based on stain tracking %A 戴忠华 %A 费永康 %A 赵波 %A 王婷< %A br> %A DAI Zhong-hua %A FEI Yong-kang %A ZHAO Bo %A WANG Ting %J 山东大学学报(理学版) %D 2016 %R 10.6040/j.issn.1671-9352.2.2015.245 %X 摘要: 在嵌入式设备的漏洞挖掘过程中,由于物理设备资源有限且运行环境封闭,导致由Fuzzing得到的异常无法得到及时确认和利用。以嵌入式固件为研究对象,提出一种基于污点跟踪的固件漏洞定位方法,该方法在仿真环境中进行动态分析,可以快速定位异常位置,判定异常原理,评估利用方法。基于该方法,在路由器、IP摄像头等多款嵌入式设备上进行实验,成功利用了ARM、MIPS架构下多个0day漏洞,对嵌入式设备漏洞挖掘有很好的参考价值。<br>Abstract: In the process of vulnerability detection, because of the limited physical device and closed operating system, we cant confirm and utilize the bug discovered by Fuzzing test in time. So this paper concentrated on embedded firmware and proposed a firmware vulnerability analysis and utilization method based on stain tracking. The method uses dynamic analysis technique in the simulation environment. With the help of this method, we could rapidly locate the exception position and trace back to the origin, then its possible to assess the corresponding solution rapidly. Furthermore, we did experiments on many devices such as router and IP camera and successfully utilized many 0day bugs on ARM and MIPS architecture. According to the results, the firmware vulnerability analysis and utilization method based on device simulation debugging is referable to vulnerability positioning and utilization of embedded firmware %K 设备仿真 %K 污点跟踪 %K 漏洞定位 %K 动态调试 %K < %K br> %K equipment simulation %K vulnerability positioning %K dynamic analysis %K stain tracking %U http://lxbwk.njournal.sdu.edu.cn/CN/10.6040/j.issn.1671-9352.2.2015.245