JOURNAL OF SHANDONG UNIVERSITY(NATURAL SCIENCE) ›› 2022, Vol. 57 ›› Issue (5): 85-91.doi: 10.6040/j.issn.1671-9352.2.2021.011

Previous Articles    

Improved peripheral register category scheme for IoT firmware testing

WANG Li-na1,2, CHEN Si1,2, ZHANG Tong1,2, QIN Peng1,2, XU Lai1,2   

  1. 1. Key Laboratory of Aerospace Information Security and Trusted Computing, Ministry of Education, Wuhan 430072, Hubei, China;
    2. School of Cyber Science and Engineering, Wuhan University, Wuhan 430072, Hubei, China
  • Published:2022-05-27

PDF (PC)

316

Abstract: By emulating the data interface between microcontroller and peripherals, rehosting proposed a new way to test firmware, but it is affected by the accuracy of peripherals registers it has categorized. By studying the details of firmware hosting, the problems in the register category can be found, and a set of reasonable correction schemes to synthesize the test results of multiple firmware can be adopted to improve the accuracy of its classification of peripheral registers, with very low overhead. After testing 54 different firmware under 4 types of microcontrollers, the solution can improve the accuracy of register classification judgments in most cases, and effectively improve the effect of firmware testing.

Key words: software analysis, microcontroller, rehost, IoT

CLC Number: 

  • TP309
[1] Ben Lutkevi, microcontroller(MCU)[EB/OL]. [2021-09-10]. https://internetofthingsagenda.techtarget.com/definition/microcontroller.
[2] PAPP Dorottya, MA Zhendong, BUTTYAN Levente. Embedded systems security: threats, vulnerabilities, and attack taxonomy[C] //13th Annual Conference on Privacy 2015. Izmir: IEEE, 2015: 145-152.
[3] STMicroelectronics. Introduction to STM32 microcontrollerssecurity[EB/OL]. [2021-08-10]. https://www.st.com/resource/en/application_note/dm00493651-introduction-to-stm32-microcontrollers-security-stmicroelectronics.pdf.
[4] BOONE Adam. Why is traditional it security failing to protect the IoT[EB/OL].[2021-0901]. https://www.timesys.com/security/traditional- it-security-failing-to-protect-iot.
[5] 杨毅宇,周威,赵尚儒,等. 物联网安全研究综述:威胁、检测与防御[J]. 通信学报, 2021, 42(8):188-205. YANG Yiyu, ZHOU Wei, ZHAO Shangru, et al. Survey of IoT security research: threats, detection and defense[J]. Journal on Communications, 2021, 42(8):188-205.
[6] CORTEGGIANI Nassim, CAMURATI Giovanni, FRANCILLON Aurélien. Inception: system-wide security testing of real-world embedded systems software[C] //Proceedings of the 27th USENIX Security Symposium: USENIX.[S.l.] :[s.n.] , 2018: 309-326.
[7] KOSCHER Karl, KOHNO Tadayoshi, MOLNAR David. Surrogates: Enabling near-real-time dynamic analyses of embedded systems[C] //9th USENIX Workshop on Offensive Technologies. [S.l.] :[s.n.] , 2015.
[8] Seyed Mohammadjavad Seyed Talebi, TAVAKOLI Hamid, ZHANG Hang, et al. Charm: facilitating dynamic analysis of device drivers of mobile systems[C] //Proceedings of the 27th USENIX Security Symposium: USENIX. [S.l.] :[s.n.] , 2018: 1237-1254.
[9] ZADDACH Jonas, BRUNO Luca, FRANCILLON Aurelien, et al. Avatar: a framework to support dynamic security analysis of embedded systems firmwares[C] //NDSS. [S.l.] :[s.n.] , 2014: 1-16.
[10] ZALEWSKI Michal. Afl[EB/OL].[2021-08-20]. http://lcamtuf.-coredump.cx/afl/.
[11] FENG Bo, MERA Alejandro, LU Long. P2IM: scalable and hardware-independent firmware testing via automatic peripheral interface modeling[C] //Proceedings of the 29th USENIX Security Symposium: USENIX. [S.l.] :[s.n.] , 2020: 1237-1254.
[12] AVIATION Drona. Pluto drone [EB/OL]. [2021-08-02]. https://www.dronaavia-tion.com, 2017.
[13] Mbocaneg. Self-balancing robot source code[EB/OL]. [2021-08-03]. https://github.com-/mbocaneg/Inverted-Pendulum-Robot.
[14] ARMLIMITE D. ARM®v7-M Architecture Reference Manual[EB/OL]. [2021-09-01]. https://developer.arm.com/documentation/ddi0403/ee.
[15] QEMU Project Developers. Qemu operating modes[EB/OL]. [2021-09-10].https://qemu.weilnetz.de/doc/6.0/.
[16] STMicroelectronics. STM32 software development tools[EB/OL]. [2021-08-02]. https://www.st.com/en/development-tools/stm32- software-development-tools.html #overview.
[17] STMicroelectronics. STM32 F103RB microcontroller[EB/OL]. [2021-08-13]. https://www.st.com/r-esource/en/datasheet/stm32f103rb.pdf.
[18] NXP. NXP MK64FN1M0VLL12Microcontroller[EB/OL]. [2021-07-30]. https://www.nxp.com.cn/docs/en/data-sheet/K64P144M120SF-5.pdf.
[19] Microchip. Atmel SAM3X8E Microcontroller[EB/OL]. [2021-09-01]. https://www.microchip.com/downloads/en/DeviceDoc/Atmel-11057-32-bit-Cortex-M3-Microcontroller-SAM3X-SAM3A_Datasheet.pdf.
[1] Yun-rong JING,Chang-wei WANG. Synthesis of novel taxoid-biotin conjugate [J]. JOURNAL OF SHANDONG UNIVERSITY(NATURAL SCIENCE), 2019, 54(7): 35-41.
[2] GUO Zhan-sheng, HOU Xu-guang, ZHANG Jun-wei, LI Liang, ZHANG Hai-tao, YU Hai. Antioxidant activity of collagen peptides from three kinds of abalone foot muscle [J]. JOURNAL OF SHANDONG UNIVERSITY(NATURAL SCIENCE), 2016, 51(11): 66-73.
[3] ZHANG Jing-jing,YANG Xiu-ping,LIU Qing,ZHANG Chun-qiu*. Mechanics response analysis of lumbar intervertebral disc based on Biot theory [J]. JOURNAL OF SHANDONG UNIVERSITY(NATURAL SCIENCE), 2016, 51(11): 93-98.
[4] GUO Zhan-sheng, HOU Xu-guang*,ZHANG Hai-tao, ZHENG Hai, SHI Chao,WANG Shuai, FANG Xiao-ning. Comparative studies of the nutritional compositions of Haliotis discus hannai, #br# Haliotis iris and their hybrid F1 generation [J]. JOURNAL OF SHANDONG UNIVERSITY(NATURAL SCIENCE), 2014, 49(1): 15-19.
[5] ZHANG Rui, HOU Xu-guang*, GUO Zhan-sheng, ZHENG Hai, SHI Chao. Comparative analysis on isozymes between Haliotis discus hannai, Haliotis iris and their F1 hybrids [J]. JOURNAL OF SHANDONG UNIVERSITY(NATURAL SCIENCE), 2014, 49(03): 6-11.
[6] RAO Xu-li1, ZHANG Mei-ping2, XU Li2. The RFID card reader system design based on Zigbee technology [J]. J4, 2013, 48(7): 62-67.
[7] GUO Zhan-sheng, HOU Xu-guang*, ZHANG Hai-tao, ZHENG Hai, SHI Chao. Preliminary study on hybridization between Haliotis discus hannai and Haliotis iris [J]. J4, 2013, 48(05): 20-22.
[8] KONG Jian, JI Ming-jie, YANG Pu. Antibiotic resistance in food-associated lactic acid bacteria [J]. J4, 2011, 46(10): 178-182.
[9] FAN Ting-jun, MA Xi-ya, ZHAO Jun, HU Xiu-zhong. Establishment of a human corneal endothelial cell strain and in vitro reconstruction of a tissue-engineered  human corneal endothelium [J]. J4, 2011, 46(10): 142-151.
[10] YANG Wei-Hua, LEI Xue-Mei, ZHANG Wei-Can, GAO Pei-Ji-. Isolation and characterization of  antibacterial factor AF1
produced by Penicillium griseoroseum [J]. J4, 2009, 44(7): 1-4.
[11] . Isolation and classification of a Streptomyces netropsis strains SD07 which produces polyene macrolide antibiotics with
 broadspectrum  and high antifungal activity [J]. J4, 2009, 44(5): 28-32.
Viewed
Full text


Abstract

Cited
  Shared   
  Discussed   
No Suggested Reading articles found!
Copyright 2018 © Editorial office of JOURNAL OF SHANDONG UNIVERSITY(NATURAL SCIENCE)
Supported by Beijing Magtech Co.Ltd