|
|
- 2016
基于污点跟踪的固件漏洞定位研究
|
Abstract:
摘要: 在嵌入式设备的漏洞挖掘过程中,由于物理设备资源有限且运行环境封闭,导致由Fuzzing得到的异常无法得到及时确认和利用。以嵌入式固件为研究对象,提出一种基于污点跟踪的固件漏洞定位方法,该方法在仿真环境中进行动态分析,可以快速定位异常位置,判定异常原理,评估利用方法。基于该方法,在路由器、IP摄像头等多款嵌入式设备上进行实验,成功利用了ARM、MIPS架构下多个0day漏洞,对嵌入式设备漏洞挖掘有很好的参考价值。
Abstract: In the process of vulnerability detection, because of the limited physical device and closed operating system, we cant confirm and utilize the bug discovered by Fuzzing test in time. So this paper concentrated on embedded firmware and proposed a firmware vulnerability analysis and utilization method based on stain tracking. The method uses dynamic analysis technique in the simulation environment. With the help of this method, we could rapidly locate the exception position and trace back to the origin, then its possible to assess the corresponding solution rapidly. Furthermore, we did experiments on many devices such as router and IP camera and successfully utilized many 0day bugs on ARM and MIPS architecture. According to the results, the firmware vulnerability analysis and utilization method based on device simulation debugging is referable to vulnerability positioning and utilization of embedded firmware
| [1] | 张友春, 魏强, 刘增良, 等. 信息系统漏洞挖掘技术体系研究[J]. 通信学报, 2011, 32(2):42-47. ZHANG Youchun, WEI Qiang, LIU Zengliang, et al. Research on information system vulnerability mining technology system[J]. Journal of Communication, 2011, 32(2):42-47. |
| [2] | ZADDACH J, COSTIN A. Embedded devices security and firmware reverse engineering[EB/OL]. [2015-03-04]. http://www.eure com.fr/fr/publication/4109. |
| [3] | CUI A, COSTELLO M, STOLFO S J. When firmware modifications attack: a case study of embedded exploitation[C] //NDSS, [S.l.] :[s.n.] , 2013. |
| [4] | BOJINOV H, BURSZTEIN E, LOVETT E, et al. Embedded management interfaces: emerging massive insecurity[J]. Black Hat USA, 2009. |
| [5] | WU S, GUO T, DONG G, et al. Software vulnerability analyses: a road map[J]. Journal of Tsinghua University Science and Technology, 2012, 52(10):1309-1319. |
| [6] | 刘奇旭, 张翀斌, 张玉清, 等. 安全漏洞等级划分关键技术研究[J]. 通信学报, 2012, 33(Z1):79-87. LIU Qixu, ZHANG Chongbin, ZHANG Yuqing, et al. Research on key technologies of security vulnerability classification[J]. Journal of Communication, 2012, 33(Z1):79-87. |
| [7] | CUI A, STOLFO S J. A quantitative analysis of the insecurity of embedded network devices: results of a wide-area scan[C] //Proceedings of the 26th Annual Computer Security Applications Conference. New York:ACM, 2010:97-106. |
| [8] | CHIPOUNOV V, CANDEA G. Reverse engineering of binary device drivers with RevNIC[C] //Proceedings of the 5th European Conference on Computer Systems. New York:ACM, 2010:167-180. |
| [9] | 朱贯淼, 曾凡平, 袁园,等. 基于污点跟踪的黑盒fuzzing测试[J]. 小型微型计算机系统, 2012, 33(8):1736-1739. ZHU Guanmiao, ZENG Fanping, YUAN Yuan, et al. Black box fuzzing test based on black box tracking[J]. Small and Micro Computer System, 2012, 33(8):1736-1739. |
| [10] | 陈恺, 冯登国, 苏璞睿,等. 基于彩色污点传播的黑盒测试方法[J]. 中国科学:信息科学, 2011(5):526-540. CHEN Kai, FENG Dengguo, SU Purui, et al. Black box testing method based on color black spot spread[J]. Science in China: Information Science, 2011(5):526-540. |
| [11] | 史飞悦, 傅德胜. 缓冲区溢出漏洞挖掘分析及利用的研究[J]. 计算机科学, 2013, 40(11):143-146. SHI Feiyue, FU Desheng. Research on the analysis and utilization of buffer overflow vulnerability[J]. Computer Science, 2013, 40(11):143-146. |
| [12] | 忽朝俭, 薛一波, 赵粮, 等. 无文件系统嵌入式固件后门检测[J]. 通信学报, 2013, 34(8):140-145. HU Zhaojian, XUE Yibo, ZHAO Liang, et al. Embedded firmware backdoor detection without file system[J]. Journal of Communication, 2013, 34(8):140-145. |
