CSChecker : A binary taint-based vulnerability detection method based on static taint analysis

Wei Guo,Zhimin Guo,Qianqiong Wu,Qiang Wei

doi:10.1088/1742-6596/2258/1/012069

Wei Guo, Zhimin Guo + Show 2 more

Open Access

https://doi.org/10.1088/1742-6596/2258/1/012069

Copy DOI

Abstract

Abstract Embedded devices such as routers not only bring convenience to people’s daily life, but also increase the attack surface and security risks of devices. Embedded device applications tend to be closed source and therefore cannot be searched for vulnerabilities through source code audits. Even open source applications can be insecure because they reference third-party libraries. Binary file vulnerability mining is an important means to solve this kind of problem, but it has the problems of path explosion and low efficiency. This article uses the static stain analysis with the method of combining the vulnerability characteristics, in the type of stain into classes and class assignment holes for testing. Based on function call graph, this paper uses atomic combinational optimization to detect the vulnerability of router firmware. The prototype tool -- CSChecker is implemented in D-Link, Tenda, the test was carried out on 267 firmware files of Netgear and other well-known brands, and the experimental results showed that the accuracy of CSChecker in the data set reached 92.51%, indicating that CSChecker could effectively search the injection vulnerabilities and assignment vulnerabilities of binary files.

Full Text