二进制代码相似度分析及在嵌入式设备固件漏洞搜索中的应用

Binary Code Similarity Analysis and Its Applications on Embedded Device Firmware Vulnerability Search

在当今“万物互联”的时代,嵌入式系统逐渐成为接入云端的重要组件,常用于安全和隐私敏感的应用或设备中.然而,其底层软件(即固件)也在频繁遭受着安全漏洞的影响.由于嵌入式设备底层硬件平台的复杂异构,软硬件实现差异较大,且其专用性强、源码/文档等往往不会公开,加之其运行环境受限等原因,使得一些在桌面系统上运行良好的动态测试工具很难(或根本不可能)直接适配到嵌入式设备/固件环境中.近年来,研究人员逐渐开始探索基于二进制相似度分析技术来检测嵌入式设备固件中存在的已知漏洞,并且取得了较大的进展.围绕二进制代码相似度分析面临的关键技术挑战,系统研究了现有的二进制代码相似度分析技术,对其通用流程、技术特征、评估标准进行了综合分析和比较;然后分析并总结了现有二进制代码相似度分析技术在嵌入式设备固件漏洞搜索领域的应用;最后,提出了该领域应用仍然存在的一些技术挑战及未来的一些开放性的研究方向.

In the era of today’s Internet of Things,embedded systems are becoming important components for accessing the cloud,which are used in both secure and privacy-sensitive applications or devices frequently.However,the underlying software(a.k.a.firmware)often suffered from a wide range of security vulnerabilities.The complexity and heterogeneous of the underlying hardware platform,the difference of the hardware and software implementation,the specificity and limited document,together with limited running environment made some of very good dynamic testing tools for desktop systems hard to(even impossible)be adapted to embedded devices/firmware environment directly.In recent years,researchers have made great progress in detecting well-known vulnerabilities in embedded device firmware based on binary code similarity analysis.Focusing on the key technical challenges of binary code similarity analysis,the existing binary code similarity analysis technologies are studied systematically;the general process,technical characteristics,and evaluation criteria of these technologies are analyzed and compared comprehensively.Then,the application of these technologies is analyzed and summarized in the field of embedded device firmware vulnerability search.At last,some technical challenges in this field are presented and some open future research directions are proposed for the related researchers.