A Patch Analysis Method Based on Multi-firmware Comparison

Abstract

A major user need is the completion of security audits by locating vulnerability functions using vulnerability information published by firmware manufacturers. However, it is difficult to manually analyze the relatively large number of patch functions involved in firmware updates. A patch analysis method based on multi-firmware comparison is presented in this study. This method narrows the search for suspected patch functions for vulnerability based on the similarities and differences between different firmware series involved in the vulnerability. Suspected patch functions in multiple firmware programs are first located and filtered based on intervals. Finally, a prototype system is implemented. The filtering results for the prototype system are used to manually locate two one-day vulnerabilities. The experimental results demonstrate that the two methods proposed in this study, namely, patch function location in multiple firmware programs and interval-based patch function filtering, effectively narrow the search for suspected patch functions and reduce the difficulty of manual analysis.