研究生: |
鍾承諺 Cheng-Yen Chung |
---|---|
論文名稱: |
整合污點分析與符號執行以實現物聯網周邊設備模型建置 Integrating Taint Analysis with Symbolic Execution for IoT Peripheral Modeling |
指導教授: |
鄭欣明
Shin-Ming Cheng |
口試委員: |
黃世昆
Shih-Kun Huang 黃俊穎 Chun-Ying Huang 蕭旭君 Hsu-Chun Hsiao 黎士瑋 Shih-Wei Li |
學位類別: |
碩士 Master |
系所名稱: |
電資學院 - 資訊工程系 Department of Computer Science and Information Engineering |
論文出版年: | 2022 |
畢業學年度: | 110 |
語文別: | 英文 |
論文頁數: | 47 |
中文關鍵詞: | 物聯網安全 、韌體模擬 、汙點分析 、符號執行 |
外文關鍵詞: | IoT Security, Firmware Emulation, Taint Analysis, Symbolic Execution |
相關次數: | 點閱:342 下載:0 |
分享至: |
查詢本校圖書館目錄 查詢臺灣博碩士論文知識加值系統 勘誤回報 |
[1] W. H. Hassan et al., “Current research on Internet of Things (IoT) security: A survey,” Computer networks, vol. 148, pp. 283–294, Jan. 2019.
[2] K. Sha, W. Wei, T. A. Yang, Z. Wang, and W. Shi, “On security challenges and open issues in Internet of Things,” Future generation computer systems, vol. 83, pp. 326–337, June 2018.
[3] J. Zaddach, L. Bruno, A. Francillon, and D. Balzarotti, “AVATAR: a framework to support dynamic security analysis of embedded systems’ firmwares,” in Proc. NDSS 2014, Feb. 2014.
[4] M. Muench, D. Nisi, A. Francillon, and D. Balzarotti, “Avatar 2: A multi-target orchestration plat- form,” vol. 18, pp. 1–11, Feb. 2018.
[5] E. Gustafson, M. Muench, C. Spensky, N. Redini, A. Machiry, Y. Fratantonio, D. Balzarotti, A. Fran- cillon, Y. R. Choe, C. Kruegel, and G. Vigna, “Toward the analysis of embedded firmware through automated Re-hosting,” in Proc. RAID 2019, Sept. 2019.
[6] C. Spensky, A. Machiry, et al., “Conware: Automated modeling of hardware peripherals,” in Proc. ACM Asia CCS 2021, pp. 95–109, May 2021.
[7] E. Johnson, M. Bland, Y. Zhu, J. Mason, S. Checkoway, S. Savage, and K. Levchenko, “Jetset: Tar- geted firmware rehosting for embedded systems,” in Proc. USENIX Security 2021, pp. 321–338, Aug. 2021.
[8] C. Cao, L. Guan, J. Ming, and P. Liu, “Device-agnostic firmware execution is possible: A concolic execution approach for peripheral emulation,” in Proc. ACSAC 2020, p. 746–759, Dec. 2020.
[9] B. Feng, A. Mera, and L. Lu, “P2IM: Scalable and hardware-independent firmware testing via auto- matic peripheral interface modeling,” in Proc. USENIX Security 2020, pp. 1237–1254, Aug. 2020.
[10] E. Hwang, H. Lee, S. Jeong, M. Cho, and T. Kwon, “Towards fast and scalable firmware fuzzing with dual-level peripheral modeling,” Aug. 2021.
[11] W. Zhou, L. Guan, P. Liu, and Y. Zhang, “Automatic firmware emulation through invalidity-guided knowledge inference,” in Proc. USENIX Security 2021, pp. 2007–2024, Aug. 2021.
[12] T. Scharnowski, N. Bars, M. Schloegel, E. Gustafson, M. Muench, G. Vigna, C. Kruegel, T. Holz, and A. Abbasi, “Fuzzware: Using precise MMIO modeling for effective firmware fuzzing,” in Proc. USENIX Security Symposium 2022, Aug. 2022.
[13] A. A. Clements, E. Gustafson, T. Scharnowski, P. Grosen, D. Fritz, C. Kruegel, G. Vigna, S. Bagchi, and M. Payer, “HALucinator: Firmware re-hosting through abstraction layer emulation,” in Proc. USENIX Security 2020, pp. 1201–1218, Aug. 2020.
[14] W. Li, L. Guan, J. Lin, J. Shi, and F. Li, “From library portability to Para-rehosting: Natively executing microcontroller software on commodity hardware,” July 2021.
[15] D. D. Chen, M. Egele, M. Woo, and D. Brumley, “Towards automated dynamic analysis for Linux- based embedded firmware,” in Proc. NDSS 2016, Feb. 2016.
[16] M. Kim, D. Kim, E. Kim, S. Kim, Y. Jang, and Y. Kim, “FirmAE: Towards large-scale emulation of IoT firmware for dynamic analysis,” in Proc. ACSAC 2020, p. 733–745, Dec. 2020.
[17] Y. Zheng, A. Davanian, H. Yin, C. Song, H. Zhu, and L. Sun, “Firm-AFL: high-throughput greybox fuzzing of IoT firmware via augmented process emulation,” in Proc. USENIX Security 2019, p. 1099– 1114, Aug. 2019.
[18] A. Fasano, T. Ballo, et al., “SoK: Enabling security analyses of embedded systems via rehosting,” in Proc. ACM Asia CCS 2021, pp. 687–701, May 2021.
[19] K.-L. Zhang, “FirmSE: Toward peripheral modeling for IoT firmware emulation via symbolic execu- tion,” Master’s thesis, National Taiwan University of Science and Technology, Aug. 2021.
[20] R. Baldoni, E. Coppa, D. C. D’elia, C. Demetrescu, and I. Finocchi, “A survey of symbolic execution techniques,” ACM Computing Surveys, vol. 51, pp. 1–39, May 2018.
[21] C. Cadar, D. Dunbar, and D. Engler, “KLEE: unassisted and automatic generation of high-coverage tests for complex systems programs,” in Proc. OSDI 2008, pp. 209–224, Dec. 2008.
[22] V. Chipounov, V. Kuznetsov, and G. Candea, “S2E: A platform for in-vivo multi-path analysis of software systems,” Acm Sigplan Notices, vol. 46, pp. 265–278, Mar. 2011.
[23] N. A. Quynh and D. H. Vu, “Unicorn: Next generation cpu emulator framework,” BlackHat USA, vol. 476, Aug. 2015.
[24] O. Tripp, M. Pistoia, S. J. Fink, M. Sridharan, and O. Weisman, “TAJ: effective taint analysis of web applications,” ACM Sigplan Notices 2009, vol. 44, pp. 87–97, June 2009.
[25] S. Arzt, S. Rasthofer, C. Fritz, E. Bodden, A. Bartel, J. Klein, Y. Le Traon, D. Octeau, and P. Mc- Daniel, “Flowdroid: Precise context, flow, field, object-sensitive and lifecycle-aware taint analysis for Android apps,” ACM Sigplan Notices 2014, vol. 49, pp. 259–269, June 2014.
[26] P. Biondi, R. Rigo, S. Zennou, and X. Mehrenberger, “BinCAT: purrfecting binary static analysis,” June 2017.
[27] M. G. Kang, S. McCamant, P. Poosankam, and D. Song, “Dta++: dynamic taint analysis with targeted control-flow propagation,” Feb. 2011.
[28] A. Davanian, Z. Qi, Y. Qu, and H. Yin, “DECAF++: Elastic Whole-System dynamic taint analysis,” pp. 31–45, Sept. 2019.
[29] E. J. Schwartz, T. Avgerinos, and D. Brumley, “All you ever wanted to know about dynamic taint analysis and forward symbolic execution (but might have been afraid to ask),” pp. 317–331, May 2010.
[30] Wikipedia, “Radare2.” https://en.wikipedia.org/wiki/Radare2.
[31] Wikipedia, “Ghidra.” https://en.wikipedia.org/wiki/Ghidra.
[32] IncludeSecurity, “Rtsphuzz.” https://github.com/IncludeSecurity/RTSPhuzz, 2020.
[33] P. Joshua, “boofuzz.” https://github.com/jtpereyda/boofuzz, 2012.