| 基于污点分析的嵌入式设备固件模糊测试方法 |
| |
| 引用本文: | 戴忠华,赵波,王婷,邹力.基于污点分析的嵌入式设备固件模糊测试方法[J].四川大学学报(工程科学版),2016,48(2):125-131. |
| |
| 作者姓名: | 戴忠华 赵波 王婷 邹力 |
| |
| 作者单位: | 武汉大学计算机学院,武汉大学计算机学院,中国信息安全测评中心,武汉大学计算机学院 |
| |
| 基金项目: | 国家“九七三”重点基础研究发展计划(2014CB340600),国家“八六三”计划(2015AA016002),国家自然科学基金重点项目(61332019),国家自然科学基金(61173138, 61272452),湖北省重点新产品新工艺研究开发项目(2012BAA03004)资助项目,企业合作项目(YB2013110084) |
| |
| 摘 要: | 针对嵌入式设备固件进行漏洞挖掘是保证嵌入式设备安全性的重要方法。根据现嵌入式设备固件2的特点,本文提出了一种基于污点分析的改进模糊测试方法。该方法首先从漏洞利用的角度分析固件的攻击面,然后根据由攻击面导出的安全规则,并在污点分析结果中引入了测试用例危险权重,最后设计了与危险权重相对应的模糊测试用例集合。通过利用该方法针对主流设备进行的漏洞挖掘实验,成功发现隐藏于设备固件中的若干零日漏洞。实验结果证明,该方法具备一定的有效性和实用性。
|
| 关 键 词: | 嵌入式 固件 漏洞挖掘 污点 危险权重 |
| 收稿时间: | 2015/11/23 0:00:00 |
| 修稿时间: | 2016/4/25 0:00:00 |
A Fuzzing Test Method for Embedded Device Firmware Based on Taint Analysis |
| |
| DAI Zhonghu,ZHAO Bo,WANG Ting and ZOU Li.A Fuzzing Test Method for Embedded Device Firmware Based on Taint Analysis[J].Journal of Sichuan University (Engineering Science Edition),2016,48(2):125-131. |
| |
| Authors: | DAI Zhonghu ZHAO Bo WANG Ting and ZOU Li |
| |
| Affiliation: | Computer school, Wuhan University, Wuhan,Computer school, Wuhan University, Wuhan,, |
| |
| Abstract: | Combing with the characteristics of embedded device firmwares,an improved fuzzy test method was proposed.After analyzing the attack surface of the firmwares from the standpoint of exploits utilization,several security rules were derived.By introducing the crisis weights of test cases in taint analytical results,a set of fuzzy test cases that are corresponding to crisis weights was designed.The method was used to dig vulnerabilities in popular equipments,and many zero-day exploits were found.Experimental results showed that this method is effective and practical. |
| |
| Keywords: | Embedded device firmware vulnerability detecting taint risk weight |
|
| 点击此处可从《四川大学学报(工程科学版)》浏览原始摘要信息 |
|
点击此处可从《四川大学学报(工程科学版)》下载全文 |
