Portal de Periódicos da CAPES

A Dynamic Taint Analysis Framework Based on Entity Equipment

2019; Institute of Electrical and Electronics Engineers; Volume: 7; Linguagem: Inglês

10.1109/access.2019.2961144

2169-3536

Yuzhu Ren, Weiyu Dong, Jian Lin, Xinliang Miao,

Software Testing and Debugging Techniques

With the development of the Internet of Things, the security of embedded device has received extensive attention. Taint analysis technology can improve the understanding of the firmware program operating mechanism and improve the effectiveness of security analysis. It is an important method in security analysis. Traditional taint analysis of embedded device firmware requires complex pre-preparation work, setting up a virtual operating environment. Those security analysts have to invest a lot of time and effort in this work, and the results are usually unsatisfactory. In this paper, we propose a dynamic taint analysis method based on entity equipment. The core idea of our approach is to divide the taint analysis into two parts: the simulation analysis on the host and the real execution on the entity equipment. Since one of the features of our method is based on entity equipment, there is no need to build a dedicated virtual environment. Another feature is that the tested firmware program runs on entity equipment and can ensure the accuracy of the analysis by comparing the results of the taint analysis with the device firmware run-time information. We implement a prototype system and verified the effectiveness of the method, which can perform taint analysis on multiple architecture embedded firmware programs and detect vulnerabilities such as stack overflow, heap overflow and so on. Finally, we verify our prototype with a test case to effectively detect vulnerabilities in the firmware program. And we evaluate the performance of the prototype, compared with PANDA, the time overhead of our prototype is reduced by 5.9%.