簡易檢索 / 詳目顯示

回結果列表
研究生: 鍾承諺
Cheng-Yen Chung
論文名稱: 整合污點分析與符號執行以實現物聯網周邊設備模型建置
Integrating Taint Analysis with Symbolic Execution for IoT Peripheral Modeling
指導教授: 鄭欣明
Shin-Ming Cheng
口試委員: 黃世昆
Shih-Kun Huang
黃俊穎
Chun-Ying Huang
蕭旭君
Hsu-Chun Hsiao
黎士瑋
Shih-Wei Li
學位類別: 碩士
Master
系所名稱: 電資學院 - 資訊工程系
Department of Computer Science and Information Engineering
論文出版年: 2022
畢業學年度: 110
語文別: 英文
論文頁數: 47
中文關鍵詞: 物聯網安全韌體模擬汙點分析符號執行
外文關鍵詞: IoT Security, Firmware Emulation, Taint Analysis, Symbolic Execution
相關次數: 點閱:342下載:0
分享至:
查詢本校圖書館目錄 查詢臺灣博碩士論文知識加值系統 勘誤回報

    • AbstractinChinese .......................... iii AbstractinEnglish .......................... iv Contents................................ v ListofFigures............................. vii ListofTables ............................. viii ListofAlgorithms........................... ix 1 Introduction ............................ 1 2 BackgroundandRelatedWork .................. 5 2.1 FirmwareEmulation .................... 5 2.2 SymbolicExecution..................... 7 2.3 TaintAnalysis........................ 8 3 Methodology ........................... 10 3.1 StaticAnalysisandInitialPairing . . . . . . . . . . . . . 11 3.2 TaintAnalysis........................ 14 3.3 SymbolicExecution..................... 16 3.4 VirtualPeripheralModel .................. 18 4 Implementation .......................... 20 4.1 Ghidra............................ 20 4.2 Angr-TaintAnalysis.................... 21 4.3 Angr-SymbolicExecution................. 22 4.4 SharedLibrary ....................... 23 5 Evaluation............................. 24 5.1 Evaluation of Taint Analysis Implementation . . . . . . . 26 5.2 Evaluation of Different Peripheral Models . . . . . . . . . 28 5.3 ImportanceofPeripheralModel .............. 30 5.4 IoTDeviceSecurityAnalysis................ 31 6 DiscussionandFutureWork ................... 33 6.1 CompletenessofInference ................. 33 6.2 PathExplosion ....................... 33 7 Conclusion............................. 34 References............................... 35

    [1] W. H. Hassan et al., “Current research on Internet of Things (IoT) security: A survey,” Computer networks, vol. 148, pp. 283–294, Jan. 2019.
    [2] K. Sha, W. Wei, T. A. Yang, Z. Wang, and W. Shi, “On security challenges and open issues in Internet of Things,” Future generation computer systems, vol. 83, pp. 326–337, June 2018.
    [3] J. Zaddach, L. Bruno, A. Francillon, and D. Balzarotti, “AVATAR: a framework to support dynamic security analysis of embedded systems’ firmwares,” in Proc. NDSS 2014, Feb. 2014.
    [4] M. Muench, D. Nisi, A. Francillon, and D. Balzarotti, “Avatar 2: A multi-target orchestration plat- form,” vol. 18, pp. 1–11, Feb. 2018.
    [5] E. Gustafson, M. Muench, C. Spensky, N. Redini, A. Machiry, Y. Fratantonio, D. Balzarotti, A. Fran- cillon, Y. R. Choe, C. Kruegel, and G. Vigna, “Toward the analysis of embedded firmware through automated Re-hosting,” in Proc. RAID 2019, Sept. 2019.
    [6] C. Spensky, A. Machiry, et al., “Conware: Automated modeling of hardware peripherals,” in Proc. ACM Asia CCS 2021, pp. 95–109, May 2021.
    [7] E. Johnson, M. Bland, Y. Zhu, J. Mason, S. Checkoway, S. Savage, and K. Levchenko, “Jetset: Tar- geted firmware rehosting for embedded systems,” in Proc. USENIX Security 2021, pp. 321–338, Aug. 2021.
    [8] C. Cao, L. Guan, J. Ming, and P. Liu, “Device-agnostic firmware execution is possible: A concolic execution approach for peripheral emulation,” in Proc. ACSAC 2020, p. 746–759, Dec. 2020.
    [9] B. Feng, A. Mera, and L. Lu, “P2IM: Scalable and hardware-independent firmware testing via auto- matic peripheral interface modeling,” in Proc. USENIX Security 2020, pp. 1237–1254, Aug. 2020.
    [10] E. Hwang, H. Lee, S. Jeong, M. Cho, and T. Kwon, “Towards fast and scalable firmware fuzzing with dual-level peripheral modeling,” Aug. 2021.
    [11] W. Zhou, L. Guan, P. Liu, and Y. Zhang, “Automatic firmware emulation through invalidity-guided knowledge inference,” in Proc. USENIX Security 2021, pp. 2007–2024, Aug. 2021.
    [12] T. Scharnowski, N. Bars, M. Schloegel, E. Gustafson, M. Muench, G. Vigna, C. Kruegel, T. Holz, and A. Abbasi, “Fuzzware: Using precise MMIO modeling for effective firmware fuzzing,” in Proc. USENIX Security Symposium 2022, Aug. 2022.
    [13] A. A. Clements, E. Gustafson, T. Scharnowski, P. Grosen, D. Fritz, C. Kruegel, G. Vigna, S. Bagchi, and M. Payer, “HALucinator: Firmware re-hosting through abstraction layer emulation,” in Proc. USENIX Security 2020, pp. 1201–1218, Aug. 2020.
    [14] W. Li, L. Guan, J. Lin, J. Shi, and F. Li, “From library portability to Para-rehosting: Natively executing microcontroller software on commodity hardware,” July 2021.
    [15] D. D. Chen, M. Egele, M. Woo, and D. Brumley, “Towards automated dynamic analysis for Linux- based embedded firmware,” in Proc. NDSS 2016, Feb. 2016.
    [16] M. Kim, D. Kim, E. Kim, S. Kim, Y. Jang, and Y. Kim, “FirmAE: Towards large-scale emulation of IoT firmware for dynamic analysis,” in Proc. ACSAC 2020, p. 733–745, Dec. 2020.
    [17] Y. Zheng, A. Davanian, H. Yin, C. Song, H. Zhu, and L. Sun, “Firm-AFL: high-throughput greybox fuzzing of IoT firmware via augmented process emulation,” in Proc. USENIX Security 2019, p. 1099– 1114, Aug. 2019.
    [18] A. Fasano, T. Ballo, et al., “SoK: Enabling security analyses of embedded systems via rehosting,” in Proc. ACM Asia CCS 2021, pp. 687–701, May 2021.
    [19] K.-L. Zhang, “FirmSE: Toward peripheral modeling for IoT firmware emulation via symbolic execu- tion,” Master’s thesis, National Taiwan University of Science and Technology, Aug. 2021.
    [20] R. Baldoni, E. Coppa, D. C. D’elia, C. Demetrescu, and I. Finocchi, “A survey of symbolic execution techniques,” ACM Computing Surveys, vol. 51, pp. 1–39, May 2018.
    [21] C. Cadar, D. Dunbar, and D. Engler, “KLEE: unassisted and automatic generation of high-coverage tests for complex systems programs,” in Proc. OSDI 2008, pp. 209–224, Dec. 2008.
    [22] V. Chipounov, V. Kuznetsov, and G. Candea, “S2E: A platform for in-vivo multi-path analysis of software systems,” Acm Sigplan Notices, vol. 46, pp. 265–278, Mar. 2011.
    [23] N. A. Quynh and D. H. Vu, “Unicorn: Next generation cpu emulator framework,” BlackHat USA, vol. 476, Aug. 2015.
    [24] O. Tripp, M. Pistoia, S. J. Fink, M. Sridharan, and O. Weisman, “TAJ: effective taint analysis of web applications,” ACM Sigplan Notices 2009, vol. 44, pp. 87–97, June 2009.
    [25] S. Arzt, S. Rasthofer, C. Fritz, E. Bodden, A. Bartel, J. Klein, Y. Le Traon, D. Octeau, and P. Mc- Daniel, “Flowdroid: Precise context, flow, field, object-sensitive and lifecycle-aware taint analysis for Android apps,” ACM Sigplan Notices 2014, vol. 49, pp. 259–269, June 2014.
    [26] P. Biondi, R. Rigo, S. Zennou, and X. Mehrenberger, “BinCAT: purrfecting binary static analysis,” June 2017.
    [27] M. G. Kang, S. McCamant, P. Poosankam, and D. Song, “Dta++: dynamic taint analysis with targeted control-flow propagation,” Feb. 2011.
    [28] A. Davanian, Z. Qi, Y. Qu, and H. Yin, “DECAF++: Elastic Whole-System dynamic taint analysis,” pp. 31–45, Sept. 2019.
    [29] E. J. Schwartz, T. Avgerinos, and D. Brumley, “All you ever wanted to know about dynamic taint analysis and forward symbolic execution (but might have been afraid to ask),” pp. 317–331, May 2010.
    [30] Wikipedia, “Radare2.” https://en.wikipedia.org/wiki/Radare2.
    [31] Wikipedia, “Ghidra.” https://en.wikipedia.org/wiki/Ghidra.
    [32] IncludeSecurity, “Rtsphuzz.” https://github.com/IncludeSecurity/RTSPhuzz, 2020.
    [33] P. Joshua, “boofuzz.” https://github.com/jtpereyda/boofuzz, 2012.

    無法下載圖示 全文公開日期 2025/08/08 (校內網路)
    全文公開日期 2025/08/08 (校外網路)
    全文公開日期 2025/08/08 (國家圖書館:臺灣博碩士論文系統)
    QR CODE