计算机科学

计算机科学 ›› 2024, Vol. 51 ›› Issue (10): 196-207.doi: 10.11896/jsjkx.230700068

• 计算机软件 • 上一篇    下一篇

关键字敏感的嵌入式设备固件模糊测试方法

司健鹏, 洪征, 周振吉, 陈乾, 李涛   

  1. 陆军工程大学指挥控制工程学院 南京 210007
  • 收稿日期:2023-07-10 修回日期:2023-09-30 出版日期:2024-10-15 发布日期:2024-10-11
  • 通讯作者: 洪征(hz5215@163.com)
  • 作者简介:(1183373785@qq.com)
  • 基金资助:
    智慧城市网络安全综合防控关键技术及系统(2019YFB2101704)

Keyword Sensitive Fuzzing Method for Embedded Device Firmware

SI Jianpeng, HONG Zheng, ZHOU Zhenji, CHEN Qian, LI Tao   

  1. College of Command and Control Engineering,Army Engineering University of PLA,Nanjing 210007,China
  • Received:2023-07-10 Revised:2023-09-30 Online:2024-10-15 Published:2024-10-11
  • About author:SI Jianpeng,born in 1996,postgra-duate.His main research interest is cyber securiy.
    HONG Zheng,born in 1979,Ph.D,associate professor.His main research in-terest is cyber securiy.
  • Supported by:
    Key Technologies and Systems for Comprehensive Prevention and Control of Cybersecurity in Smart Cities(2019YFB2101704).

PDF (PC)

233

摘要: 大部分嵌入式设备的固件提供Web接口,方便用户对设备进行配置和管理。然而,这些Web接口常常存在安全问题,给嵌入式设备的安全带来挑战。针对嵌入式设备固件中Web接口的漏洞检测方法误报率较高的问题,提出一种关键字敏感的嵌入式设备固件模糊测试方法KS-Fuzz(Keyword Sensitive Fuzzing),高效地对嵌入式设备固件中Web接口的处理逻辑进行模糊测试。该方法通过前后端文件的关联分析,生成高质量的测试用例,在模糊测试过程中记录目标设备后端文件对前端文件关键字的引用,引导测试用例的变异,扩大模糊测试的覆盖范围。文中使用KS-Fuzz对多款主流品牌的嵌入式设备进行测试,以评估KS-Fuzz的漏洞挖掘能力,并与SaTC,IOTScope,FirmFuzz等现有漏洞挖掘方法进行比较。结果表明,相比现有漏洞挖掘方法,KS-Fuzz通过对前后端文件关联性的分析,可以快速遍历目标设备的功能接口,在模糊测试过程中发现更多的安全问题。

关键词: 嵌入式设备, 模糊测试, 灰盒测试, 关联性分析, 关键字敏感

Abstract: The firmware of most embedded devices provides a Web interface,which is convenient for the users to configure and manage the devices.However,the security problems of these Web interfaces usually bring challenges to the security of embedded devices.However,the existing vulnerability detection methods for Web interfaces in embedded device firmware have high false positive rates.This paper proposes a keyword-sensitive embedded device fuzzing method KS-Fuzz(keyword sensitive fuzzing),which efficiently performs fuzzing in the processing logic of the Web interface in the embedded device firmware.The proposed method generates high-quality test cases through the association analysis of front-end and back-end files,and records the refe-rences of keywords in the target device's back-end files to front-end files during the fuzzing process,to guide the direction of test case mutation,and improve the fuzzing coverage.In this paper,we use KS-Fuzz to test embedded devices of major brands to eva-luate the fuzzing ability of KS-Fuzz,and compare KS-Fuzz with existing vulnerability mining methods,such as SaTC,IOTScope,and FirmFuzz.The results show that by analyzing the correlation of front-end and back-end files,KS-Fuzz can quickly traverse the functional interfaces of the target devices and discover vulnerabilities effectively.

Key words: Embedded devices, Fuzzy testing, Grey box test, Correlation analysis, Keyword sensitive

中图分类号: 

  • TP309.1
[1]China Communications Standards Association.Internet ofThings Operating System Security White Paper(2022)[EB/OL].(2022-09-08) [2023-08-03].http://blog.nsfocus.net/wp-content/uploads/2022/09/iot-whitepaper.pdf.
[2]TO BE BETTER_MEN.GoAhead1- Basic Introduction[EB/OL].(2022-09-08) [2023-08-03].https://blog.csdn.net/to_be_better_wen/article/details/128749040.
[3]MY HEART.Realize HTTP server from zero-Minihttpd(IV)-semi connected and semi reactor Thread pool[EB/OL].(2020-07-03) [2023-08-03].https://www.jianshu.com/p/b11fabfc2c6c.
[4]ONE PORT LINUX.Building an embedded web server fromscratch-boa[EB/OL].(2022-02-27) [2023-08-03].https://blog.csdn.net/daocaokafei/article/details/122738254.
[5]KIKILBS.Schematic diagram of CGI execution in lighttpd[EB/OL].(2010-07-05) [2023-08-03].https://blog.csdn.net/kikilbs/article/details/5713677.
[6]REDINI N,MACHIRY A,WANG R,et al.Karonte:DetectingInsecure Multi-binary Interactions in Embedded Firmware[C]//2020 IEEE Symposium on Security and Privacy.2020:1544-1561.
[7]CHEN L,WANG Y,CAI Q,et al.Sharing More and Checking Less:Leveraging Common Input Keywords to Detect Bugs in Embedded Systems[C]//30th USENIX Security Symposium.2021:303-319.
[8]CHEN D,MAVERICK W,DAVID B,et al.Towards Automated Dynamic Analysis for Linux-based Embedded Firmware[C]//Network and Distributed System Security Symposium.2016:1-16.
[9]TOBIAS S,NILS B,MORITZ S,et al.Fuzzware:Using Precise {MMIO} Modeling for Effective Firmware Fuzzing [C]//31st USENIX Security Symposium.2022:1239-1256.
[10]SRIVASTAVA P,PENG H,LI J,et al.FirmFuzz:Automated IoT firmware introspection and analysis[C]//Proceedings of the 2nd International ACM Workshop on Security and Privacy for the Internet-of-Things.2019:15-21.
[11]ZHANG H,KAI L,XU Z,et al.SIoTFuzzer:Fuzzing Web Interface in IoT Firmware via Stateful Message Generation [J].Applied Sciences,2021,11(7):3120.
[12]ZHANG Y,HUO W,K P,et al.SRFuzzer:An automaticfuzzing framework for physical SOHO router devices to discover multi-type vulnerabilities [C]//the 35th Annual Computer Security Applications Conference.2019.
[13]NILO R,ANDREA C,DIPANJAN D,et al.DIANE:Identifying FuzzingTriggers in Apps to Generate Under-constrained Inputs for IoT Devices[C]//2021 IEEE Symposium on Security and Privacy.2021:484-500.
[14]CHEN J,DIAO W,ZHAO Q,et al.IoTFuzzer:Discoveringmemory corruptions in IOT through APP-based fuzzing[C]//Network and Distributed System Security Symposium.2018.
[15]KIM J,YU J,KIM H,et al.FIRM-COV:High-Coverage Greybox Fuzzing for IoT Firmware via Optimized Process Emulation [J].IEEE Access,2021,9:101627-101642.
[16]LIU P,JI S,ZHANG X,et al.IFIZZ:Deep-State and Efficient Fault-Scenario Generation to Test IoT Firmware [C]//2021 36th IEEE/ACM International Conference on Automated Software Engineering(ASE).Melbourne,Australia,2021:805-816.
Viewed
Full text


Abstract

Cited
  Shared   
  Discussed   
No Suggested Reading articles found!
渝ICP备16013121号-4
地址:重庆市渝北区洪湖西路18号    邮编:401121  
电话:023-63500828(编辑部) 023-67039612(会议/专题) 023-67039623(财务/发票)
E-mail:jsjkx12@163.com
本系统由北京玛格泰克科技发展有限公司设计开发