嵌入式设备固件安全分析技术研究

Research on the Technologies of Security Analysis Technologies on the Embedded Device Firmware

随着嵌入式设备的种类和数量的增加,设备之间日益增长的互联互通、制造商对安全的忽视、设备固件更新不及时或难以更新等,使得嵌入式设备的安全受到了严峻的考验,越来越多的设备漏洞被披露.但由于嵌入式设备种类繁多、专用性强、源码或设计文档往往不公开、运行环境受限等诸多因素的影响,通用漏洞挖掘技术无法直接适配.近年来,国内外安全专家和学者针对嵌入式设备及其固件的安全分析和测评技术提出了很多切实可行的解决方案,但缺乏详细和全面介绍最新安全研究成果的论文,使得安全分析人员难以系统地了解嵌入式设备及其固件安全分析技术的研究进展.本文围绕着当前嵌入式设备固件面临的安全风险,分析和总结了国内外最新的研究成果,并对相关安全技术进行了综合分析和评估.首先对嵌入式设备及其固件的表现形式、分类及获取方法、面临的安全攻击层面以及自动化解析情况进行了深入研究.然后,对嵌入式设备固件安全分析技术进行了细化分析,从静态分析、符号执行、二进制漏洞关联、动态分析平台和模糊测试等五个方面进行了详细分析和横向评估.最后对未来的研究方向进行了展望.

With the increase of the types and numbers of the embedded devices in today’s rapidly evolving IoT(Internet of Things)era,their security faces a huge challenge because of the increasing interconnection between devices,manufactures’of neglect of the security while designing the device,the not timely(or even difficult)firmware update,and so on.More and more device vulnerabilities have been exposed in recent years,revealing that embedded devices are prone to lots of vulnerabilities.However,the characteristics of the embedded devices(such as wide variety,strong specificity,closed source and limited operating environment and so on)make the general vulnerability mining technologies inability to be directly adapted to the embedded devices.In recent years,a lot of practical and feasible solutions towards the security analysis and evaluation of the embedded devices and their firmware have been proposed by the security experts and scholars at home and abroad.But so far,there is no detailed and comprehensive survey paper about the latest security research results on the embedded devices and their firmware,which makes it difficult for the security analysis researchers to systematically understand the progress of the embedded device and its firmware security analysis technologies.Focusing on the security risks faced by the current embedded device firmware,this paper gives a survey of the latest research fruits at home and abroad,and makes a comprehensive analysis and evaluation of the related security analysis technologies.Firstly,it deeply details the manifestation,the classification and the acquisition method of the embedded device and its firmware,as well as the attack surfaces and the automated extraction methods.As it shows,the attack surface targeted at embedded device involves the entire life cycle of the embedded device,ranging from the hardware-level to the network-level,and there are many types of vulnerability,with web vulnerabilities(such as cross site scripting,command injection,authentication bypass,etc.)and memory vulnerabilities(such as deny-of-service,buffer overflow,memory corruption,etc.)even in equal proportion in the last three years.Secondly,the technologies of the security analysis on the embedded firmware have been refined and analyzed,ranging from static analysis,symbol execution,the binary vulnerability association,dynamic analysis platform to fuzzing test.The analysis shows that the research on the security analysis technology of embedded devices and their firmware has been rising gradually in recent years,and some progress has been made,especially the binary firmware vulnerability search based on AI technology and the dynamic analysis technology based on firmware re-hosting,both reflecting the fusion of the new technology and traditional security technology.However,as it shows,the embedded device firmware security analysis is still in its infancy,and there is still a lot of open work to be further studied.So,as the end of this paper,we give some interesting research directions for the researchers,such as fully/semi-automated firmware hosting and effective greybox/blackbox fuzzer towards embedded firmware.