计算机科学

计算机科学 ›› 2024, Vol. 51 ›› Issue (11): 347-355.doi: 10.11896/jsjkx.230700091

• 信息安全 • 上一篇    下一篇

一种面向嵌入式设备的动态插桩方法

司健鹏, 洪征, 周振吉, 陈乾, 李涛   

  1. 陆军工程大学指挥控制工程学院 南京 210007
  • 收稿日期:2023-07-13 修回日期:2023-11-13 出版日期:2024-11-15 发布日期:2024-11-06
  • 通讯作者: 洪征(hz5215@163.com)
  • 作者简介:(1183373785@qq.com)
  • 基金资助:
    智慧城市网络安全综合防控关键技术及系统(2019YFB2101704)

Dynamic Instrumentation Method for Embedded Physical Devices

SI Jianpeng, HONG Zheng, ZHOU Zhenji, CHEN Qian, LI Tao   

  1. College of Command and Control Engineering,Army Engineering University of PLA,Nanjing 210007,China
  • Received:2023-07-13 Revised:2023-11-13 Online:2024-11-15 Published:2024-11-06
  • About author:SI Jianpeng,born in 1996,postgra-duate.His main research interests include cyber securiy and program analysis.
    HONG Zheng,born in 1979,Ph.D,associate professor.His main research intere-sts include cyber securiy and software reverse engineering.
  • Supported by:
    Key Technologies and Systems for Comprehensive Prevention and Control of Cybersecurity in Smart Cities(2019YFB2101704).

PDF (PC)

221

摘要: 现有动态插桩方法大多基于x86/x64指令集,对嵌入式设备常用的RISC兼容性较差,且在应用嵌入式设备时存在插桩效率低、资源消耗大等问题。文中提出了一种面向嵌入式设备的动态插桩方法DIEB(Dynamic Instrumentation Method for Embedded Physical Devices)。DIEB在嵌入式设备中使用以控制转移指令为探针的探测模式对目标进程进行动态二进制插桩。DIEB提出了一种轻量化的解释执行指令方法,根据指令的运行环境设置指令解释执行区域,并在解释执行区域中解释执行指令获取执行结果。在目标进程动态运行过程中,DIEB通过解释执行用作探针的控制转移指令,获取控制转移指令的目的地址,从而跟踪目标进程的执行流,在软硬件资源紧张的嵌入式设备上高效地进行动态插桩。ARM指令集是一种典型的RISC指令集,测试实验以ARM指令集为验证对象,在NetGear R7000等设备上进行。实验结果表明,经过DIEB插桩的进程可以正常运行,插桩导致的时延远小于基于ptrace的插桩方式,解决了PIN,Dynamorio等现有动态插桩框架难以在嵌入式设备上运行的问题。此外,DIEB具有在多线程环境下稳定运行的能力,可以准确记录并发线程的执行流轨迹。

关键词: 动态二进制插桩, 指令解释执行, 嵌入式设备, 灰盒测试, 程序运行状态反馈

Abstract: Most existing dynamic instrumentation methods are based on the x86/x64 instruction set,which is poorly compatible with reduced instruction set(RISC) commonly used in embedded devices,and there are problems such as low instrumentation efficiency and large resource consumption when the dynamic instrumentation methods are applied to embedded devices.This paper proposes a dynamic instrumentation method for embedded physical devices(DIEB).DIEB uses control transfer instructions as probes in embedded devices to dynamically perform binary instrumentation on target processes.It proposes a lightweight method to interpret the execution of instructions,and sets the instruction execution area based on the operating environment.DIEB interprets the execution instructions in the simulation execution area to obtain the execution results.During the dynamic operation of the target process,DIEB interprets and executes control transfer instructions to obtain the destination address of the control transfer instructions,and tracks the execution flow of the target process so as to efficiently perform dynamic instrumentation on embedded devices with limited resources.Taking the ARM instruction set as the verification object,experiments are carried out on physical devices such as NetGear R7000.Experimental results show that the DIEB instrumentation process can run normally,and the time delay caused by instrumentation is much smaller than that of the ptrace-based instrumentation method.In addition,DIEB can run stably in a multi-threaded environment and accurately record the execution flow traces of concurrent threads.

Key words: Dynamic binary instrumentation, Instruction interpretation execution, Embedded equipment, Grey box test, Program operation status feedback

中图分类号: 

  • TP313
[1] KNUD L,MOHAMMAD H,SINHA S,et al.IOT ANALYTICS:State of IoT-Spring 2022[EB/OL].(2022-05-18)[2023-08-11].https://iot-analytics.com/product/state-of-iot-spring-2022/.
[2] CHINA Communications Standards Association:Internet ofThings Operating System Security White Paper(2022)[EB/OL].(2022-09-08)[2023-08-11] http://blog.nsfocus.net/wp-content/uploads/2022/09/iot-whitepaper.pdf.
[3] National Computer Virus Emergency Treatment Center:An Investigation Report on the Network Attack Incidents of Northwestern Polytechnic University by NSA of the United States[EB/OL].(2022-09-05)[2023-08-11].https://www.cverc.org.cn/head/zhaiyao/news20220905-NPU.htm.
[4] Zalewski M:American fuzzy lop[EB/OL].(2017-11-04)[2023-08-11].https://lcamtuf.coredump.cx/afl/.
[5] LUK C,COHN R,MUTH R,et al.Pin:Building customizedprogram analysis tools with dynamic instrumentation[J].Association for Computing Machinery,2005,40(6):190-200.
[6] BRUENING D,GARNETT T,AMARASINGHE S,et al.An infrastructure for adaptive dynamic optimization[C]//International Symposium on Code Generation and Optimization.2003:265-275.
[7] SRIVASTAVA P,PENG H,LI J,et al.FirmFuzz:Automated IoT firmware introspection and analysis[C]//Proceedings of the 2nd International ACM Workshop on Security and Privacy for the Internet-of-Things.2019:15-21.
[8] ZHANG H,KAI L,XU Z,et al.SIoTFuzzer:Fuzzing Web Interface in IoT Firmware via Stateful Message Generation[J].Applied Sciences,2021,11(7):3120.
[9] ZHANG Y,HUO W,K P,et al.SRFuzzer:An automatic fuzzing framework for physical SOHO router devices to discover multi-type vulnerabilities[C]//Proc.35th Annu.Computer Security Applications Conf.2019:544-556.
[10] KIM J,YU J,KIM H,et al.FIRM-COV:High-Coverage Greybox Fuzzing for IoT Firmware via Optimized Process Emulation[J].IEEE Access,2021,9:101627-101642.
[11] FENG X,SUN R,ZHU X,et al.Snipuzz:Black-box fuzzing of iot firmware via message snippet inference[C]//Proceedings of the 2021 ACM SIGSAC Conference on Computer and Communications Security.2021:337-350.
[12] NILO R,ANDREA C,DIPANJAN D,et al.DIANE:Identifying Fuzzing Triggers in Apps to Generate Under-constrained Inputs for IoT Devices[C]//2021 IEEE Symposium on Security and Privacy.2021:484-500.
[13] CHEN J,DIAO W,ZHAO Q,et al.IoTFuzzer:Discoveringmemory corruptions in IOT through APP-based fuzzing[C]//Proceedings of the 2018 Network and Distributed System Secu-rity Symposium.2018.
[14] JANG D,KIM T,KIM D,et al.Dynamic Analysis Tool for IoT Device[C]//2020 International Conference on Information and Communication Technology Convergence.IEEE,2020:1864-1867.
[15] ZHENG Y,SONG Z,SUN Y,et al.An efficient greybox fuzzing scheme for linux-based iot programs through binary static analysis[C]//2019 IEEE 38th International Performance Computing and Communications Conference.IEEE,2019:1-8.
[16] ZHENG Y,DAVANIAN A,YIN H,et al.FIRM-AFL:High-Throughput Greybox Fuzzing of IoT Firmware via Augmented Process Emulation[C]//USENIX Security Symposium.2019:1099-1114.
Viewed
Full text


Abstract

Cited
  Shared   
  Discussed   
No Suggested Reading articles found!
渝ICP备16013121号-4
地址:重庆市渝北区洪湖西路18号    邮编:401121  
电话:023-63500828(编辑部) 023-67039612(会议/专题) 023-67039623(财务/发票)
E-mail:jsjkx12@163.com
本系统由北京玛格泰克科技发展有限公司设计开发