计算机工程

• 体系结构与软件技术 • 上一篇    下一篇

基于同源性分析的嵌入式设备固件漏洞检测

李登,尹青,林键,吕雪峰   

  1. (信息工程大学 数学工程与先进计算国家重点实验室,郑州 450001)
  • 收稿日期:2016-01-08 出版日期:2017-01-15 发布日期:2017-01-13
  • 作者简介:李登(1991—),男,硕士研究生,主研方向为嵌入式设备逆向分析;尹青,教授;林键、吕雪峰,硕士研究生。
  • 基金项目:
    河南省基础与前沿技术研究项目(142300410090)。

Firmware Vulnerability Detection in Embedded Device Based on Homology Analysis

LI Deng,YIN Qing,LIN Jian,Lü Xuefeng   

  1. (State Key Laboratory of Mathematical Engineering and Advanced Computing, Information Engineering University,Zhengzhou 450001,China)
  • Received:2016-01-08 Online:2017-01-15 Published:2017-01-13

摘要: 嵌入式设备的制造过程研产分离,导致不同的固件可能包含相同的第三方库,进而相同设备的不同版本甚至是不同设备的固件中都存在大量相同的已公开漏洞。针对该问题,基于第三方库同源性分析提出一种嵌入式设备固件漏洞检测方法,为固件漏洞修复提供参考,减少不必要的重复分析。通过对固件分类,并采用二进制差量分析、字符串常量匹配、模糊哈希3种方法分析第三方库同源性,从而检测同类固件中存在的漏洞。实验结果表明,该方法能够有效检测D-Link系列路由器固件中的缓冲区溢出和越界漏洞,以及Linksys系列路由器固件中的远程命令注入漏洞。

关键词: 嵌入式设备, 同源性分析, 固件, 漏洞, 第三方库

Abstract: As development and production is separate from each other in the manufacturing process of embedded devices,different firmware may contain the same third-party libraries and thus firmware of different devices or different versions of the same device has a large number of the same vulnerabilities already disclosed.Aiming at this problem,this paper presents a firmware vulnerability detection method in embedded devices based on homology analysis to provide reference for firmware vulnerability remediation and reduce unnecessary repetitious analysis.Vulnerability detection is implemented through firmware classification and homology analysis of third-party libraries by binary differential analysis,string constant matching and fuzzy hashing method.Experimental results show that the proposed method can effectively catch buffer overflows and cross-border vulnerabilities in D-Link router firmware as well as remote command injection vulnerabilities in Linksys router firmware.

Key words: embedded device, homology analysis, firmware, vulnerability, third-party libraries

中图分类号: