Litcius/Paper detail

FIRMCORN: Vulnerability-Oriented Fuzzing of IoT Firmware via Optimized Virtual Execution

Zhijie Gui, Hui Shu, Fei Kang, Xiaobing Xiong

2020IEEE Access42 citationsDOIOpen Access PDF

Abstract

The security situation of the Internet of Things (IoT) is particularly severe, and a large number of IoT devices are prone to vulnerabilities. In this study, we present FIRMCORN, the first vulnerability-oriented fuzzer for IoT firmware. Based on the novel technology of optimized virtual execution, FIRMCORN focuses on three typical problems of IoT firmware fuzzing: (1) high throughput required by fuzzing, (2) inaccuracy of emulation compared with real devices, and (3) instability of emulation due to lack of hardware. Here, we optimize the initial environment and the execution process of virtual execution to achieve faster, more accurate, and more stable fuzz testing. To improve the efficiency of vulnerability mining with FIRMCORN, a vulnerable-code search algorithm is designed to obtain the entry points of fuzzing according to the characteristics of IoT firmware; further, this vulnerability-oriented fuzzing is applied to IoT device firmware. Our evaluation results show that optimized virtual execution used by FIRMCORN can significantly improve the throughput, accuracy, and stability compared with conventional virtual execution. FIRMCORN runs for only 2 hours to mine two 0-day vulnerabilities on a machine. Thus, compared with the current state-of-the-art IoT firmware fuzzing framework, FIRMCORN can more effectively mine vulnerabilities in real-world devices.

Topics & Concepts

Fuzz testingFirmwareComputer scienceEmulationVulnerability (computing)Embedded systemVirtual machineProcess (computing)ThroughputOperating systemSoftwareComputer securityWirelessEconomic growthEconomicsAdvanced Malware Detection TechniquesSecurity and Verification in ComputingAdversarial Robustness in Machine Learning
FIRMCORN: Vulnerability-Oriented Fuzzing of IoT Firmware via Optimized Virtual Execution | Litcius