摘要
物联网设备规模爆炸式增长的同时,其安全问题也从以往PC端固件的单一架构向多架构发展。提出一种通过已知固件漏洞来检测其他固件是否也存在同类漏洞的方法,相比传统的相似性检测提取比较特征,使用可执行程序的函数栈结构进行比较,是从根源上对栈溢出漏洞进行检测,在固件可执行程序漏洞相似性检测方面更容易发现其他包含该类漏洞的固件。实验对3个实际固件漏洞进行检测,不仅在相同厂商的固件中发现了同类漏洞,结果中也包含一款其他指令集架构设备。
As the IoT scales up explosively,its security is no longer about a single architecture focused on the PC but multiple architectures.This paper proposes a method which can detect the same vulnerabilities in other firmwares by the known vulnerability.Compared with the traditional method,it detects the stack overflow vulnerability from the source for by using executable function stack structure.In firmware executable program vulnerabilities similarity detection,it is easier to find the stack overflow vulnerability in other firmware by this method.Experiments on three actual firmware bugs are tested.Similar vulnerabilities are detected not only in devices of the same vendors,but also in the device using the other instruction set architecture.
作者
王工博
蒋烈辉
司彬彬
董卫宇
WANG Gongbo;JIANG Liehui;SI Binbin;DONG Weiyu(Information Engineering University,Zhengzhou 450001,China;Department of Public Security of Henan Province,Zhengzhou 450053,China)
出处
《信息工程大学学报》
2019年第2期222-227,共6页
Journal of Information Engineering University
关键词
固件可执行程序
函数调用
栈结构
firmware executables
function call
stack structure
