Security Analysis of Vendor Customized Code in Firmware of Embedded Device
Despite thc increased concerning about embedded systcm security, the security assessment of commodity embedded devices is far from being adcquatc.The lack of assessment is mainly due to the tedious,time-consuming, and thc very ad hoc reverse engineering procedure of the embedded device firmware.To simplify this procedure, we argue that only a particular part of the entire embedded device”s firmware, as we called vendor customizcd code, should be thoroughly analyzed.Vendor customized codc is usually developed to deal with external inputs and is especially sensitive to attacks compared to other parts of the system.Moreovcr, vendor customized code is often highly specific and proprictary, which lacks security implementation guideliues.Therefore, the security demands of analyzing this kind of code is urgent.In this paper, we present empirical security analysis of vendor customized code on commodity embedded devices.We fir, st survey the feasibility aud limitations of the state-of-the-art analysis tools.We focus on investigating typical program analysis tools used for classical security assessment and check their usability on conducting practical embedded devices” firmware reverse engineering.Then, we propose a methodology of vendor customized code analysis corresponding to both the feature of embedded devices and the usability of current analysis tools.It first locates the vendor cust omized code part of t he firmware through black-box testing and firmware unpacking, and focuses on assessing typical aspects of common weakness of embedded devices in the particularly featured code part.Based on our analysis methodology, we assess five popular embedded devices and find critical vulncrabilitics.Our results show that: a) the workload of assessing embedded devices could be significantly reduced according to our analysis methodology and only a small portion of programs on the device arc needcd to be assessed;b) the vendor customized code is often more error-prone and thus vuluerable to attacks;c) using existing tools to conduct automated analysis for many embedded devices is still infeasible, and manual intervention is essential to fulfil an effective assessment.
Muqing Liu Juanru Li Juliang Shu Yuanyuan Zhang Dawu Gu
Shanghai Jiao Tong University
国内会议
北京
英文
73-87
2016-08-29(万方平台首次上网日期,不代表论文的发表时间)