当前位置:
X-MOL 学术
›
J. Netw. Comput. Appl.
›
论文详情
Our official English website, www.x-mol.net, welcomes your feedback! (Note: you will need to create a separate account there.)
HD-FUZZ: Hardware dependency-aware firmware fuzzing via hybrid MMIO modeling
Journal of Network and Computer Applications ( IF 8.7 ) Pub Date : 2024-02-01 , DOI: 10.1016/j.jnca.2024.103835 Juhwan Kim , Jihyeon Yu , Youngwoo Lee , Dan Dongseong Kim , Joobeom Yun
Journal of Network and Computer Applications ( IF 8.7 ) Pub Date : 2024-02-01 , DOI: 10.1016/j.jnca.2024.103835 Juhwan Kim , Jihyeon Yu , Youngwoo Lee , Dan Dongseong Kim , Joobeom Yun
Numerous interconnected small embedded systems, such as Internet of Things (IoT) devices, are pervasive in our daily lives; however, their security lags behind. In particular, firmware vulnerabilities in low-level infrastructure have a more severe impact than application-level vulnerabilities. Fuzzing is the most effective technique for detecting vulnerabilities in firmware, but it encounters several challenges such as hardware-dependency, input channel, and instrumentation. Existing studies attempt to overcome these challenges by applying fuzzing to firmware re-hosting. However, they explore only worthwhile paths based on heuristics and human assistance without identifying security-critical firmware code. This results in low code coverage and reduces the likelihood of discovering potential bugs. In this work, we propose a novel hardware dependency-aware re-hosting system named HD-FUZZ that focuses on the firmware fuzzing process to efficiently discover bugs by exploring all possible paths in security-critical firmware code. The key ideas of HD-FUZZ are: (1) to propose a hybrid memory-mapped I/O (MMIO) modeling; (2) to achieve efficiency by mainly performing MMIO modeling through fuzzing; and (3) to achieve completeness by performing MMIO modeling through symbolic execution only to satisfy complex checks affecting the execution flow. HD-FUZZ has been extensively evaluated on both unit test cases and real-world targets, covering 12 hardware platforms and 67 firmware images. Compared to state-of-the-art works, HD-FUZZ achieves the highest passing rate in unit test benchmarks, reaches up to 2.62 times higher code coverage in fuzzing benchmarks, and generates initial access models up to 11.6 times faster. Notably, HD-FUZZ finds two new bugs, including ones in targets that were previously analyzed by other works.
中文翻译:
HD-FUZZ:通过混合 MMIO 建模进行硬件依赖性感知固件模糊测试
众多互连的小型嵌入式系统,例如物联网 (IoT) 设备,在我们的日常生活中无处不在;然而,他们的安全落后。特别是,低级基础设施中的固件漏洞比应用程序级漏洞的影响更为严重。模糊测试是检测固件漏洞的最有效技术,但它遇到了一些挑战,例如硬件依赖性、输入通道和仪器。现有的研究试图通过将模糊测试应用于固件重新托管来克服这些挑战。然而,他们只探索基于启发式和人工协助的有价值的路径,而没有识别安全关键固件代码。这会导致代码覆盖率较低并降低发现潜在错误的可能性。在这项工作中,我们提出了一种名为 HD-FUZZ 的新型硬件依赖性感知重新托管系统,该系统专注于固件模糊过程,通过探索安全关键固件代码中的所有可能路径来有效发现错误。HD-FUZZ的关键思想是:(1)提出混合内存映射I/O(MMIO)建模;(2)主要通过模糊测试进行MMIO建模来提高效率;(3)通过符号执行进行MMIO建模来实现完整性,仅满足影响执行流程的复杂检查。HD-FUZZ 已在单元测试用例和实际目标上进行了广泛评估,涵盖 12 个硬件平台和 67 个固件映像。与最先进的作品相比,HD-FUZZ 在单元测试基准中实现了最高的通过率,在模糊测试基准中达到了高达 2.62 倍的代码覆盖率,并且生成初始访问模型的速度提高了 11.6 倍。值得注意的是,HD-FUZZ 发现了两个新的错误,其中包括之前由其他作品分析过的目标中的错误。
更新日期:2024-02-01
中文翻译:
HD-FUZZ:通过混合 MMIO 建模进行硬件依赖性感知固件模糊测试
众多互连的小型嵌入式系统,例如物联网 (IoT) 设备,在我们的日常生活中无处不在;然而,他们的安全落后。特别是,低级基础设施中的固件漏洞比应用程序级漏洞的影响更为严重。模糊测试是检测固件漏洞的最有效技术,但它遇到了一些挑战,例如硬件依赖性、输入通道和仪器。现有的研究试图通过将模糊测试应用于固件重新托管来克服这些挑战。然而,他们只探索基于启发式和人工协助的有价值的路径,而没有识别安全关键固件代码。这会导致代码覆盖率较低并降低发现潜在错误的可能性。在这项工作中,我们提出了一种名为 HD-FUZZ 的新型硬件依赖性感知重新托管系统,该系统专注于固件模糊过程,通过探索安全关键固件代码中的所有可能路径来有效发现错误。HD-FUZZ的关键思想是:(1)提出混合内存映射I/O(MMIO)建模;(2)主要通过模糊测试进行MMIO建模来提高效率;(3)通过符号执行进行MMIO建模来实现完整性,仅满足影响执行流程的复杂检查。HD-FUZZ 已在单元测试用例和实际目标上进行了广泛评估,涵盖 12 个硬件平台和 67 个固件映像。与最先进的作品相比,HD-FUZZ 在单元测试基准中实现了最高的通过率,在模糊测试基准中达到了高达 2.62 倍的代码覆盖率,并且生成初始访问模型的速度提高了 11.6 倍。值得注意的是,HD-FUZZ 发现了两个新的错误,其中包括之前由其他作品分析过的目标中的错误。
京公网安备 11010802027423号