您的位置:山东大学 -> 科技期刊社 -> 《山东大学学报(理学版)》

《山东大学学报(理学版)》 ›› 2022, Vol. 57 ›› Issue (5): 85-91.doi: 10.6040/j.issn.1671-9352.2.2021.011

• • 上一篇    

面向IoT固件测试的外设寄存器分类改进方案

王丽娜1,2,陈思1,2,张桐1,2,秦鹏1,2,徐来1,2   

  1. 1.空天信息安全与可信计算教育部重点实验室, 湖北 武汉 430072;2.武汉大学国家网络安全学院, 湖北 武汉 430072
  • 发布日期:2022-05-27
  • 作者简介:王丽娜(1964— ),女,教授,博士生导师,研究方向为系统安全、隐写分析等. E-mail:lnwang@whu.edu.cn
  • 基金资助:
    国家自然科学基金资助项目(U1836112,61876134);国家自然科学基金重点资助项目(U1536204)

Improved peripheral register category scheme for IoT firmware testing

WANG Li-na1,2, CHEN Si1,2, ZHANG Tong1,2, QIN Peng1,2, XU Lai1,2   

  1. 1. Key Laboratory of Aerospace Information Security and Trusted Computing, Ministry of Education, Wuhan 430072, Hubei, China;
    2. School of Cyber Science and Engineering, Wuhan University, Wuhan 430072, Hubei, China
  • Published:2022-05-27

PDF (PC)

262

摘要: 通过模拟固件与外设间数据传递接口的固件托管方案,为IoT固件测试提供了一种新的解决思路,但基于固件托管的测试方案效果受到外设寄存器类别判断准确率的影响。通过研究固件托管的原理细节,可以发现其对寄存器类别判断时存在的问题,并能够利用一组合理的纠正方案,综合多个固件的测试结果,提升其对外设寄存器分类的准确率,且仅产生极小的开销。经过对4种微控制器下的54个不同固件进行测试,方案能够在绝大多数情况下提升寄存器类别判断的正确率,使固件测试效果有效提升。

关键词: 软件测试, 微控制器, 固件托管, 物联网

Abstract: By emulating the data interface between microcontroller and peripherals, rehosting proposed a new way to test firmware, but it is affected by the accuracy of peripherals registers it has categorized. By studying the details of firmware hosting, the problems in the register category can be found, and a set of reasonable correction schemes to synthesize the test results of multiple firmware can be adopted to improve the accuracy of its classification of peripheral registers, with very low overhead. After testing 54 different firmware under 4 types of microcontrollers, the solution can improve the accuracy of register classification judgments in most cases, and effectively improve the effect of firmware testing.

Key words: software analysis, microcontroller, rehost, IoT

中图分类号: 

  • TP309
[1] Ben Lutkevi, microcontroller(MCU)[EB/OL]. [2021-09-10]. https://internetofthingsagenda.techtarget.com/definition/microcontroller.
[2] PAPP Dorottya, MA Zhendong, BUTTYAN Levente. Embedded systems security: threats, vulnerabilities, and attack taxonomy[C] //13th Annual Conference on Privacy 2015. Izmir: IEEE, 2015: 145-152.
[3] STMicroelectronics. Introduction to STM32 microcontrollerssecurity[EB/OL]. [2021-08-10]. https://www.st.com/resource/en/application_note/dm00493651-introduction-to-stm32-microcontrollers-security-stmicroelectronics.pdf.
[4] BOONE Adam. Why is traditional it security failing to protect the IoT[EB/OL].[2021-0901]. https://www.timesys.com/security/traditional- it-security-failing-to-protect-iot.
[5] 杨毅宇,周威,赵尚儒,等. 物联网安全研究综述:威胁、检测与防御[J]. 通信学报, 2021, 42(8):188-205. YANG Yiyu, ZHOU Wei, ZHAO Shangru, et al. Survey of IoT security research: threats, detection and defense[J]. Journal on Communications, 2021, 42(8):188-205.
[6] CORTEGGIANI Nassim, CAMURATI Giovanni, FRANCILLON Aurélien. Inception: system-wide security testing of real-world embedded systems software[C] //Proceedings of the 27th USENIX Security Symposium: USENIX.[S.l.] :[s.n.] , 2018: 309-326.
[7] KOSCHER Karl, KOHNO Tadayoshi, MOLNAR David. Surrogates: Enabling near-real-time dynamic analyses of embedded systems[C] //9th USENIX Workshop on Offensive Technologies. [S.l.] :[s.n.] , 2015.
[8] Seyed Mohammadjavad Seyed Talebi, TAVAKOLI Hamid, ZHANG Hang, et al. Charm: facilitating dynamic analysis of device drivers of mobile systems[C] //Proceedings of the 27th USENIX Security Symposium: USENIX. [S.l.] :[s.n.] , 2018: 1237-1254.
[9] ZADDACH Jonas, BRUNO Luca, FRANCILLON Aurelien, et al. Avatar: a framework to support dynamic security analysis of embedded systems firmwares[C] //NDSS. [S.l.] :[s.n.] , 2014: 1-16.
[10] ZALEWSKI Michal. Afl[EB/OL].[2021-08-20]. http://lcamtuf.-coredump.cx/afl/.
[11] FENG Bo, MERA Alejandro, LU Long. P2IM: scalable and hardware-independent firmware testing via automatic peripheral interface modeling[C] //Proceedings of the 29th USENIX Security Symposium: USENIX. [S.l.] :[s.n.] , 2020: 1237-1254.
[12] AVIATION Drona. Pluto drone [EB/OL]. [2021-08-02]. https://www.dronaavia-tion.com, 2017.
[13] Mbocaneg. Self-balancing robot source code[EB/OL]. [2021-08-03]. https://github.com-/mbocaneg/Inverted-Pendulum-Robot.
[14] ARMLIMITE D. ARM®v7-M Architecture Reference Manual[EB/OL]. [2021-09-01]. https://developer.arm.com/documentation/ddi0403/ee.
[15] QEMU Project Developers. Qemu operating modes[EB/OL]. [2021-09-10].https://qemu.weilnetz.de/doc/6.0/.
[16] STMicroelectronics. STM32 software development tools[EB/OL]. [2021-08-02]. https://www.st.com/en/development-tools/stm32- software-development-tools.html #overview.
[17] STMicroelectronics. STM32 F103RB microcontroller[EB/OL]. [2021-08-13]. https://www.st.com/r-esource/en/datasheet/stm32f103rb.pdf.
[18] NXP. NXP MK64FN1M0VLL12Microcontroller[EB/OL]. [2021-07-30]. https://www.nxp.com.cn/docs/en/data-sheet/K64P144M120SF-5.pdf.
[19] Microchip. Atmel SAM3X8E Microcontroller[EB/OL]. [2021-09-01]. https://www.microchip.com/downloads/en/DeviceDoc/Atmel-11057-32-bit-Cortex-M3-Microcontroller-SAM3X-SAM3A_Datasheet.pdf.
[1] 徐秋亮. 一种基于FPGA的SM9快速实现方法[J]. 《山东大学学报(理学版)》, 2020, 55(9): 54-61.
Viewed
Full text


Abstract

Cited
  Shared   
  Discussed   
No Suggested Reading articles found!
版权所有 © 2018 《山东大学学报(理学版)》编辑部 
地址: 山东省济南市山大南路27号山东大学中心校区(250100) 电话: +86-0531-88366917 E-mail: xblxb@sdu.edu.cn
本系统由北京玛格泰克科技发展有限公司设计开发