Stringer: Measuring the Importance of Static Data Comparisons to Detect Backdoors and Undocumented Functionality

作者: Sam L. Thomas , Tom Chothia , Flavio D. Garcia

DOI: 10.1007/978-3-319-66399-9_28

关键词:

摘要: Finding undocumented functionality in commercial off-the-shelf (COTS) device firmware is an important and challenging task. This paper proposes a new static analysis method that measures the influence individual pieces of data (such as strings) have upon control flow binaries firmware. Our automatically identifies comparison functions within binaries, then labels each function’s basic blocks with set sequences must be matched against to reach them. Then using these sets, it assigns score function, which extent branching influenced by data. Special keywords triggering backdoor will large impact on program flow. allows us identify three authentication backdoors – two previously undocumented. Moreover, we show our effective aiding recovery both known proprietary text-based protocols. We developed tool, Stringer implements technique; demonstrate effectiveness approach well its applicability lightweight running 2,451,532 from 30 different COTS vendors.

参考文章(19)
David Brumley, Ivan Jager, Thanassis Avgerinos, Edward J. Schwartz, BAP: a binary analysis platform computer aided verification. pp. 463- 469 ,(2011) , 10.1007/978-3-642-22110-1_37
Xuxian Jiang, Dongyan Xu, Zhiqiang Lin, Xiangyu Zhang, Automatic Protocol Format Reverse Engineering through Context-Aware Monitored Execution. network and distributed system security symposium. ,(2008)
Thomas Ristenpart, Somesh Jha, Drew Davidson, Benjamin Moench, FIE on firmware: finding vulnerabilities in embedded systems using symbolic execution usenix security symposium. pp. 463- 478 ,(2013)
Cristian Cadar, Daniel Dunbar, Dawson Engler, KLEE: unassisted and automatic generation of high-coverage tests for complex systems programs operating systems design and implementation. pp. 209- 224 ,(2008) , 10.5555/1855741.1855756
Christian Rossow, Thorsten Holz, Jannik Pewny, Behrad Garmany, Robert Gawlik, Cross-Architecture Bug Search in Binary Executables 2015 IEEE Symposium on Security and Privacy. pp. 709- 724 ,(2015) , 10.1109/SP.2015.49
Felix Schuster, Thorsten Holz, Towards reducing the attack surface of software backdoors computer and communications security. pp. 851- 862 ,(2013) , 10.1145/2508859.2516716
T.J. McCabe, A Complexity Measure IEEE Transactions on Software Engineering. ,vol. SE-2, pp. 308- 320 ,(1976) , 10.1109/TSE.1976.233837
Jonas Zaddach, Luca Bruno, Aurélien Francillon, Davide Balzarotti, AVATAR: A framework to support dynamic security analysis of embedded systems' firmwares network and distributed system security symposium. ,(2014) , 10.14722/NDSS.2014.23229
Juan Caballero, Heng Yin, Zhenkai Liang, Dawn Song, Polyglot: automatic extraction of protocol message format using dynamic binary analysis computer and communications security. pp. 317- 329 ,(2007) , 10.1145/1315245.1315286
Yan Shoshitaishvili, Ruoyu Wang, Christophe Hauser, Christopher Kruegel, Giovanni Vigna, None, Firmalice - Automatic Detection of Authentication Bypass Vulnerabilities in Binary Firmware. network and distributed system security symposium. ,(2015) , 10.14722/NDSS.2015.23294