Litcius/Paper detail

FITS: Inferring Intermediate Taint Sources for Effective Vulnerability Analysis of IoT Device Firmware

Puzhuo Liu, Yaowen Zheng, C. P. Sun, Chuan Qin, Dongliang Fang, M. L. Liu, Limin Sun

202318 citationsDOIOpen Access PDF

Abstract

Finding vulnerabilities in firmware is vital as any firmware vulnerability may lead to cyberattacks to the physical IoT devices. Taint analysis is one promising technique for finding firmware vulnerabilities thanks to its high coverage and scalability. However, sizable closed-source firmware makes it extremely difficult to analyze the complete data-flow paths from taint sources (i.e., interface library functions such as recv) to sinks.

Topics & Concepts

FirmwareComputer scienceVulnerability (computing)ScalabilityEmbedded systemMicrocodeInterface (matter)Operating systemComputer securityBubbleMaximum bubble pressure methodAdvanced Malware Detection TechniquesSecurity and Verification in ComputingSoftware Testing and Debugging Techniques
FITS: Inferring Intermediate Taint Sources for Effective Vulnerability Analysis of IoT Device Firmware | Litcius