FITS: Inferring Intermediate Taint Sources for Effective Vulnerability Analysis of IoT Device Firmware
Puzhuo Liu, Yaowen Zheng, C. P. Sun, Chuan Qin, Dongliang Fang, M. L. Liu, Limin Sun
Abstract
Finding vulnerabilities in firmware is vital as any firmware vulnerability may lead to cyberattacks to the physical IoT devices. Taint analysis is one promising technique for finding firmware vulnerabilities thanks to its high coverage and scalability. However, sizable closed-source firmware makes it extremely difficult to analyze the complete data-flow paths from taint sources (i.e., interface library functions such as recv) to sinks.
Topics & Concepts
FirmwareComputer scienceVulnerability (computing)ScalabilityEmbedded systemMicrocodeInterface (matter)Operating systemComputer securityBubbleMaximum bubble pressure methodAdvanced Malware Detection TechniquesSecurity and Verification in ComputingSoftware Testing and Debugging Techniques