摘要
由于设备固件更新速度慢、安全防护弱等问题,导致嵌入式设备给国防军事、社会生活带来便利的同时也引入了大量安全风险.因此,快速找出并修复固件中的安全问题变得至关重要.模糊测试是一种高效识别软件缺陷的测试方法,本文针对此方法展开研究.首先介绍了嵌入式系统及其固件的概念,概括了嵌入式系统的模糊测试流程.其次,分析了嵌入式固件模糊测试技术所面临的挑战以及相应的解决方法;然后,深入研究了基于仿真和基于接口的两种模糊测试技术,从一些先进的模糊测试器中分析当前嵌入式固件模糊测试发展现状;最后,总结了当前固件模糊测试技术存在的不足并提出下一步的研究方向.
IoT devices have brought convenience to national defense,military operations and daily life,but also introduced significant security risks due to problems such as slow device firmware updates and weak security protection.Therefore,it becomes crucial to quickly identify and fix security problems in firmware.Fuzzing is an efficient method for identifying software defects,and this article focuses on researching this method.First,it introduces the concept of embedded systems and their firmware,summarizing the fuzzing process for embedded firmware.Second,it analyzes the challenges faced by the fuzzing technology of embedded firmware and the corresponding solutions.Then,it conducts in-depth research on two fuzzing techniques:simulation-based and interface-based,by analyzing the current development status of fuzz testing for embedded firmware from advanced fuzzing tools.Finally,it summarizes the shortcomings of the current firmware fuzzing technology and proposes the next research direction.
作者
计江安
井靖
王奕森
董卫宇
孙浩楠
JI Jiangan;JING Jing;WANG Yisen;DONG Weiyu;SUN Haonan(Cyberspace Security Institute,Information Engineering University,Zhengzhou 450001,China)
出处
《小型微型计算机系统》
CSCD
北大核心
2024年第5期1173-1180,共8页
Journal of Chinese Computer Systems
基金
国家重点研发项目(2019QY502)资助。
