| 嵌入式终端固件漏洞挖掘方法及框架实现 |
| |
| 作者姓名: | 朱亚运 余文豪 应欢 张晓娟 缪思薇 |
| |
| 作者单位: | 中国电力科学研究院有限公司信息通信研究所 |
| |
| 基金项目: | 中国电力科学研究院有限公司研究开发项目(创新基金:电网嵌入式终端固件漏洞挖掘技术研究)(XX83-19-005)。 |
| |
| 摘 要: | 嵌入式终端的固件可直接连接底层硬件等特性决定了其漏洞的严重性.为提高电网嵌入式终端固件的安全水平,文章通过分析嵌入式终端固件的组织结构,研究对比了固件漏洞挖掘的常用方法,以电力工控领域为研究对象,针对性地分析了工控固件漏洞挖掘的关键技术,包括固件解压缩技术和深度分析技术,设计并实现了一套针对电力工控嵌入式终端固件的漏洞...
|
| 关 键 词: | 电力工控 固件漏洞挖掘 解压缩 |
Vulnerability Mining Method and Framework Implementation for Embedded Terminal Firmware |
| |
| Authors: | ZHU Yayun YU Wenhao YING Huan ZHANG Xiaojuan MIAO Siwei |
| |
| Affiliation: | (Department of Information and Communication,China Electric Power Research Institute,Beijing 100192,China) |
| |
| Abstract: | Firmware of embedded terminal can be directly connected to the underlying hardware,in company with other characteristics determine the severity of its vulnerability.In order to improve the safety level of embedded terminal firmware in power grid,this paper analyzes the organization structure of the embedded terminal firmware,compares the common methods of firmware vulnerability mining,then takes the electric power industrial control system as the research object,the key technologies of industrial control firmware vulnerability mining are studied,including firmware decompression technology and in-depth analysis technology.Next,this paper designs and implements a set of firmware vulnerability mining framework for embedded terminals in electric power industrial control system,and verifies the effectiveness of the framework through actual firmware. |
| |
| Keywords: | power industrial control system firmware vulnerability mining decompression |
| 本文献已被 维普 等数据库收录! |
|
