摘要
嵌入式设备的安全问题日益突出,其根源在于设备厂商对安全性的忽视.为有效地发现嵌入式设备中存在的漏洞,污点分析是一种常用且有效的技术手段.无害处理操作(sanitizers)是污点分析中消除污点数据安全风险的关键环节,其识别精度直接决定了漏洞检测效果.针对检测嵌入式设备漏洞时现有方法基于简单模式匹配导致对无害处理操作识别存在的漏报问题,提出了一种基于无害处理识别的嵌入式设备漏洞检测方法(简称ASI),在保证轻量级的基础上提升无害处理操作识别的精度,降低漏洞检测结果的误报率.该方法通过建立变量之间的“内容-长度”关联关系,找到潜在的代表内容长度的变量,从而识别出基于污点长度变量进行路径条件约束的无害处理操作;同时基于启发式方法识别出进行特殊字符过滤的无害处理函数.对5个厂商的10款设备固件的实验结果显示,相较于已有ITS技术,ASI的漏洞检测误报率降低了9.58%,而检测时间开销仅增加了7.43%.
The security issues of embedded devices are increasingly prominent,stemming from the negligence of device manufacturers towards security.To effectively identify vulnerabilities in embedded devices,taint analysis is a commonly used and effective technique.Taint sanitizer plays a crucial role in taint analysis by eliminating the security risks associated with tainted data.The accuracy of sanitizer identification directly determines the effectiveness of vulnerability detection.In the context of detecting vulnerabilities in embedded firmware,existing approaches reliant on simplistic pattern matching have led to the issue of false negatives in identifying taint sanitizer.To address this issue,this paper proposed a vulnerability detection method for embedded devices based on sanitizer identification,ASI,which improved the accuracy of sanitizer identification while ensuring lightweight and reducing the false positive rate of vulnerability detection results.The method established the“content-length”association relationship between variables,finding potential variables that represent content length,thereby identifying sanitizers based on tainted length variables for path condition constraints.Additionally,it identified sanitizer functions that performed special character filtering based on heuristic methods.Experimental results on 10 device firmwares from 5 popular vendors showed that compared to existing ITS techniques,the false positive rate of ASI has been reduced by 9.58%,while the detection time cost has only increased by 7.43%.
作者
周建华
李丰
湛蓝蓝
杜跃进
霍玮
Zhou Jianhua;Li Feng;Zhan Lanlan;Du Yuejin;and Huo Wei(Institute of Information Engineering,Chinese Academy of Sciences,Beijing 100093;School of Cyber Security,University of Chinese Academy of Sciences,Beijing 100049;Key Laboratory of Network Assessment Technology,Chinese Academy of Sciences,Beijing 100195;Beijing Key Laboratory of Network Security and Protection Technology,Beijing 100195;Technology Group Co.,Ltd.,Beijing 100015)
出处
《信息安全研究》
CSCD
2023年第10期954-960,共7页
Journal of Information Security Research
基金
国家重点研发计划项目(2022YFB3103900)
国家自然科学基金项目(62202462)。
关键词
嵌入式设备
网络安全
漏洞检测
污点分析
无害处理识别
embedded device
cybersecurity
vulnerability detection
taint analysis
taint sanitizer identification
