Computer Science

Computer Science ›› 2025, Vol. 52 ›› Issue (12): 411-418.doi: 10.11896/jsjkx.241200143

• Information Security • Previous Articles     Next Articles

Firmware Recovery Based Emulation and Testing Method for Industrial Gateway

WEI Zihan1, MA Rongkuan1, LI Beibei2, YANG Yahui1, LI Zhuo1, SONG Yunkai1   

  1. 1 School of Cyberspace Security, Information Engineering University, Zhengzhou 450001, China
    2 School of Cyberspace Security, Sichuan University, Chengdu 610207, China
  • Received:2024-12-18 Revised:2025-03-12 Online:2025-12-15 Published:2025-12-09
  • About author:WEI Zihan,born in 2000,postgraduate.His main research interests include IIoT security and reverse engineering.
    MA Rongkuan,born in 1992,Ph.D,lecturer.His main research interests include program analysis,software security,ICS security and Web security.

PDF (PC)

4

Abstract: With the continuous development of intelligent manufacturing industry,edge computing devices represented by industrial gateways are widely used in industrial sites.At the same time,software vulnerabilities of industrial gateways are beginning to affect the security of industrial networks.However,due to the specialized implementation of industrial gateway and the low-fidelity of firmware extraction,existing methods could not meet the security testing requirements.To address these issues,a firmware recovery based emulation and testing method for industrial gateway is proposed.Firstly,based on the extraction of the firmware filesystem,a heuristic recovery method is employed to free up and repair duplicate and erroneous system files,which provides a file access basis for emulation.Secondly,a heuristic emulation intervention method is adopted to mitigate errors occurring during emulation,which implements test-orientated emulation.Finally,a fuzzer is designed for industrial gateways that can be emulated.In evaluation part,firmware filesystem recovery is performed on four real industrial gateways.The emulations and fuzzing tests are conducted on important applications in two industrial gateways.The evaluation results reveal an average reduction of 27.2% in the degree of chaos for the recovered filesystem,and show a good result for emulation.Moreover,an undisclosed denial of ser-vice vulnerability in real industrial gateway devices is discovered during the fuzzing tests,which proves the effectiveness of the work.

Key words: Firmware emulation, Industrial gateway, Internet of Things security, Industrial control system security, Fuzzing test

CLC Number: 

  • TP393
[1]ANDREW L.The vulnerability of vital systems:how critical infrastructure became a security problem[M]//Securing the Homeland .Routledge,2020:17-39.
[2]LI X F,DING Z G,ZHANG S K,et al.Analysis of critical cloud-native technologies and applications in the CT domain[J].Telecom Engineering Technics and Standardization,2024,37(9):83-88.
[3]ZHENG Y W,WEN H,CHENG K,et al.A Survey of IoT Device Vulnerability Mining Techniques[J].Journal of Cyber Security,2019,4(5):61-75.
[4]CHEN L,WANG Y,LINGHU J,et al.SaTC:Shared-Keyword Aware Taint Checking for Detecting Bugs in Embedded Systems[J].IEEE Transactions on Dependable and Secure Computing,2024,21(4):2421-2433.
[5]SHOSHITAISHVILI Y,WANG R,SALLS C,et al.Sok:(state of) the art of war:Offensive techniques in binary analysis[C]//2016 IEEESymposium on Security and Privacy(SP).IEEE,2016:138-157.
[6]HAQ I U,CABALLERO J.A survey of binary code similarity[J].ACM Computing Surveys,2021,54(3):1-38.
[7]FENG X,ZHU X,HAN Q L,et al.Detecting vulnerability on IoT device firmware:A survey[J].IEEE/CAA Journal of Automatica Sinica,2022,10(1):25-41.
[8]SABBAGHI A,KEYVANPOUR M R.A systematic review of search strategies in dynamic symbolic execution[J].Computer Standards & Interfaces,2020,72:103444.
[9]ECEIZA M,FLORES J L,ITURBE M.Fuzzing the internet of things:A review on the techniques and challenges for efficient vulnerability discovery in embedded systems[J].IEEE Internet of Things Journal,2021,8(13):10390-10411.
[10]TAY H J,ZENG K,VADAYATH J M,et al.Greenhouse:Single-Service Rehosting of Linux-Based Firmware Binaries in User-Space Emulation[C]//32nd USENIX Security Symposium(USENIX Security 23).2023:5791-5808.
[11]BELLARD F.QEMU,a fast and portable dynamic translator[C]//USENIX annual technical conference,FREENIX Track.2005,41(46):10-5555.
[12]KIM M,KIM D,KIM E,et al.Firmae:Towards large-scale emulation of iot firmware for dynamic analysis[C]//Proceedings of the 36th Annual Computer Security Applications Conference.2020:733-745.
[13]CHEN D D,MAVERICK W,DAVID B,et al.Towards Automated Dynamic Analysis for Linux-based Embedded Firmware[C]//Network and Distributed System Security Symposium.2016:1-16.
[14]JOHNSON E,BLANDM,ZHU Y,et al.Jetset:Targeted firmware rehosting for embedded systems[C]//30th USENIX Security Symposium(USENIX Security 21).2021:321-338.
[15]ZADDACH J,BRUNO L,FRANCILLON A,et al.AVATAR:A Framework to Support Dynamic Security Analysis of Embedded Systems Firmwares[C]//NDSS.2014:1-16.
[16]XIN M,WEN H,DENG L,et al.Firmware re-hosting through static binary-level porting[J].arXiv:2107.09856,2021.
[17]The Linux Kernel.UBI FileSystem[EB/OL].[2025-01-12].https://www.kernel.org/doc/html/latest/filesystems/ubifs.html.
[1] ZHUANG Yuan, CAO Wenfang, SUN Guokai, SUN Jianguo, SHEN Linshan, YOU Yang, WANG Xiaopeng, ZHANG Yunhai. Network Protocol Vulnerability Mining Method Based on the Combination of Generative AdversarialNetwork and Mutation Strategy [J]. Computer Science, 2023, 50(9): 44-51.
[2] YANG Yahui, MA Rongkuan, GENG Yangyang, WEI Qiang, JIA Yan. Black-box Fuzzing Method Based on Reverse-engineering for Proprietary Industrial Control Protocol [J]. Computer Science, 2023, 50(4): 323-332.
[3] HU Zhi-hao, PAN Zu-lie. Testcase Filtering Method Based on QRNN for Network Protocol Fuzzing [J]. Computer Science, 2022, 49(5): 318-324.
[4] LI Yi-hao, HONG Zheng, LIN Pei-hong. Fuzzing Test Case Generation Method Based on Depth-first Search [J]. Computer Science, 2021, 48(12): 85-93.
[5] ZHANG Ya-feng, HONG Zheng, WU Li-fa, ZHOU Zhen-ji and SUN He. Protocol State Based Fuzzing Method for Industrial Control Protocols [J]. Computer Science, 2017, 44(5): 132-140.
[6] CHENG Cheng and ZHOU Yan-hui. Findding XSS Vulnerabilities Based on Fuzzing Test and Genetic Algorithm [J]. Computer Science, 2016, 43(Z6): 328-331.
[7] . Model Based Automatic Fuzzing Script Generation [J]. Computer Science, 2013, 40(3): 206-209.
Viewed
Full text


Abstract

Cited
  Shared   
  Discussed   
No Suggested Reading articles found!
渝ICP备16013121号-4
Add:18# Honghu West Rd., Yubei ,Chongqing,China    Post Code: 401121
Tel: 023-63500828/023-67039612/023-67039623
E-mail: jsjkx12@163.com
Powered by Beijing Magtech Co., Ltd.