JOURNAL OF SHANDONG UNIVERSITY(NATURAL SCIENCE) ›› 2016, Vol. 51 ›› Issue (9): 41-46.doi: 10.6040/j.issn.1671-9352.2.2015.245

Previous Articles     Next Articles

Research on the localization of firmware vulnerability based on stain tracking

DAI Zhong-hua1,2,3, FEI Yong-kang1,2, ZHAO Bo1,2*, WANG Ting3   

  1. 1. Computer School, Wuhan University, Wuhan 430072, Hubei, China;
    2. Key Laboratory of Aerospace Information Security and Trusted Computing Ministry of Education, Wuhan 430072, Hubei, China;
    3. China Information Technology Security Evaluation Center, Beijing 100085, China
  • Received:2015-08-17 Online:2016-09-20 Published:2016-09-23

Abstract: In the process of vulnerability detection, because of the limited physical device and closed operating system, we cant confirm and utilize the bug discovered by Fuzzing test in time. So this paper concentrated on embedded firmware and proposed a firmware vulnerability analysis and utilization method based on stain tracking. The method uses dynamic analysis technique in the simulation environment. With the help of this method, we could rapidly locate the exception position and trace back to the origin, then its possible to assess the corresponding solution rapidly. Furthermore, we did experiments on many devices such as router and IP camera and successfully utilized many 0day bugs on ARM and MIPS architecture. According to the results, the firmware vulnerability analysis and utilization method based on device simulation debugging is referable to vulnerability positioning and utilization of embedded firmware.

Key words: equipment simulation, vulnerability positioning, dynamic analysis, stain tracking

CLC Number: 

  • TP309
[1] 张友春, 魏强, 刘增良, 等. 信息系统漏洞挖掘技术体系研究[J]. 通信学报, 2011, 32(2):42-47. ZHANG Youchun, WEI Qiang, LIU Zengliang, et al. Research on information system vulnerability mining technology system[J]. Journal of Communication, 2011, 32(2):42-47.
[2] ZADDACH J, COSTIN A. Embedded devices security and firmware reverse engineering[EB/OL]. [2015-03-04]. http://www.eure com.fr/fr/publication/4109.
[3] 忽朝俭, 薛一波, 赵粮, 等. 无文件系统嵌入式固件后门检测[J]. 通信学报, 2013, 34(8):140-145. HU Zhaojian, XUE Yibo, ZHAO Liang, et al. Embedded firmware backdoor detection without file system[J]. Journal of Communication, 2013, 34(8):140-145.
[4] CUI A, COSTELLO M, STOLFO S J. When firmware modifications attack: a case study of embedded exploitation[C] //NDSS, [S.l.] :[s.n.] , 2013.
[5] BOJINOV H, BURSZTEIN E, LOVETT E, et al. Embedded management interfaces: emerging massive insecurity[J]. Black Hat USA, 2009.
[6] WU S, GUO T, DONG G, et al. Software vulnerability analyses: a road map[J]. Journal of Tsinghua University Science and Technology, 2012, 52(10):1309-1319.
[7] 刘奇旭, 张翀斌, 张玉清, 等. 安全漏洞等级划分关键技术研究[J]. 通信学报, 2012, 33(Z1):79-87. LIU Qixu, ZHANG Chongbin, ZHANG Yuqing, et al. Research on key technologies of security vulnerability classification[J]. Journal of Communication, 2012, 33(Z1):79-87.
[8] CHIPOUNOV V, CANDEA G. Reverse engineering of binary device drivers with RevNIC[C] //Proceedings of the 5th European Conference on Computer Systems. New York:ACM, 2010:167-180.
[9] CUI A, STOLFO S J. A quantitative analysis of the insecurity of embedded network devices: results of a wide-area scan[C] //Proceedings of the 26th Annual Computer Security Applications Conference. New York:ACM, 2010:97-106.
[10] 朱贯淼, 曾凡平, 袁园,等. 基于污点跟踪的黑盒fuzzing测试[J]. 小型微型计算机系统, 2012, 33(8):1736-1739. ZHU Guanmiao, ZENG Fanping, YUAN Yuan, et al. Black box fuzzing test based on black box tracking[J]. Small and Micro Computer System, 2012, 33(8):1736-1739.
[11] 陈恺, 冯登国, 苏璞睿,等. 基于彩色污点传播的黑盒测试方法[J]. 中国科学:信息科学, 2011(5):526-540. CHEN Kai, FENG Dengguo, SU Purui, et al. Black box testing method based on color black spot spread[J]. Science in China: Information Science, 2011(5):526-540.
[12] 史飞悦, 傅德胜. 缓冲区溢出漏洞挖掘分析及利用的研究[J]. 计算机科学, 2013, 40(11):143-146. SHI Feiyue, FU Desheng. Research on the analysis and utilization of buffer overflow vulnerability[J]. Computer Science, 2013, 40(11):143-146.
[1] YAN Yan, HAO Xiao-hong. Differential privacy partitioning algorithm based on adaptive density grids [J]. JOURNAL OF SHANDONG UNIVERSITY(NATURAL SCIENCE), 2018, 53(9): 12-22.
[2] JIAO Hong-ru, QIN Jing. Quantum secret sharing scheme realizing all hyperstar quantum access structure [J]. JOURNAL OF SHANDONG UNIVERSITY(NATURAL SCIENCE), 2018, 53(9): 62-68.
[3] XU Li-dong, WANG Ming-qiang. A meet-in-the-middle attack on 10-round AES-128 [J]. JOURNAL OF SHANDONG UNIVERSITY(NATURAL SCIENCE), 2018, 53(7): 39-45.
[4] ZHANG Jian-biao, LI Zhi-gang, LIU Guo-jie, WANG Chao, WANG Wei. Process active dynamic measurement method for Windows environment [J]. JOURNAL OF SHANDONG UNIVERSITY(NATURAL SCIENCE), 2018, 53(7): 46-50.
[5] CUI Zhao-yang, SUN Jia-qi, XU Song-yan, JIANG Xin. A secure clustering algorithm of Ad Hoc network for colony UAVs [J]. JOURNAL OF SHANDONG UNIVERSITY(NATURAL SCIENCE), 2018, 53(7): 51-59.
[6] LIU Zheng, NIU Fang-lin, QIAN Da-xing, CAI Xi-biao, GUO Ying. Design of anti-eavesdropping code based on fountain codes [J]. JOURNAL OF SHANDONG UNIVERSITY(NATURAL SCIENCE), 2018, 53(7): 60-64.
[7] LIU Ming-ming, ZHANG Min-qing, LIU Jia, GAO Pei-xian. Steganalysis method based on shallow convolution neural network [J]. JOURNAL OF SHANDONG UNIVERSITY(NATURAL SCIENCE), 2018, 53(3): 63-70.
[8] RUAN Shu-hua, WENG Jun-hao, MAO Hui, CHEN Xue-lian. Metric model for cloud computing security risk assessment [J]. JOURNAL OF SHANDONG UNIVERSITY(NATURAL SCIENCE), 2018, 53(3): 71-76.
[9] KANG Hai-yan, HUANG Yu-xuan, CHEN Chu-qiao. Enhancing privacy for geographic information based on video analysis [J]. JOURNAL OF SHANDONG UNIVERSITY(NATURAL SCIENCE), 2018, 53(1): 19-29.
[10] MENG Bo, LU Jin-tian, WANG De-jun, HE Xu-dong. Survey of security analysis of security protocol implementations [J]. JOURNAL OF SHANDONG UNIVERSITY(NATURAL SCIENCE), 2018, 53(1): 1-18.
[11] TAN Ren, YIN Xiao-chuan, JIAO Xian-long, LIAN Zhe, CHEN Yu-xin. Software defined APT attack moving target defense network architecture [J]. JOURNAL OF SHANDONG UNIVERSITY(NATURAL SCIENCE), 2018, 53(1): 38-45.
[12] SUN Ze-rui, WANG Ji-jun, LI Guo-xiang, XIA Guo-en. New reversible data hiding algorithm based on interpolation images [J]. JOURNAL OF SHANDONG UNIVERSITY(NATURAL SCIENCE), 2018, 53(1): 46-52.
[13] SUN Liang, CHEN Xiao-chun, ZHONG Yang, LIN Zhi-peng, REN Tong. Secure startup mechanism of server based on trusted BMC [J]. JOURNAL OF SHANDONG UNIVERSITY(NATURAL SCIENCE), 2018, 53(1): 89-94.
[14] YAO Ke, ZHU Bin-rui, QIN Jing. Verifiable public key searchable encryption protocol based on biometrics [J]. JOURNAL OF SHANDONG UNIVERSITY(NATURAL SCIENCE), 2017, 52(11): 11-22.
[15] HAN Pan-pan, QIN Jing. Verifiable and searchable encryption scheme for outsourced database in cloud computing [J]. JOURNAL OF SHANDONG UNIVERSITY(NATURAL SCIENCE), 2017, 52(9): 41-53.
Viewed
Full text


Abstract

Cited

  Shared   
  Discussed   
No Suggested Reading articles found!