Adaptive Emulation Framework for Multi-Architecture IoT Firmware Testing  

作　　者：Jihyeon Yu Juhwan Kim Youngwoo Lee Fayozbek Rustamov Joobeom Yun 

机构地区：[1]Department of Computer and Information Security,and Convergence Engineering for Intelligent Drone,Sejong University,Seoul,05006,Korea [2]Department of Computer and Information Security,Sejong University,Seoul,05006,Korea

出　　处：《Computers, Materials & Continua》2023年第5期3291-3315,共25页计算机、材料和连续体（英文）

基　　金：This work was supported by the Ministry of Science and ICT(MSIT);Korea,under the Information Technology Research Center(ITRC)support program(IITP-2022-2018-0-01423);supervised by the Institute for Information&Communications Technology Planning&Evaluation(IITP);by MSIT,Korea under the ITRC support program(IITP-2021-2020-0-01602);supervised by the IITP.

摘　　要：Internet of things(IoT)devices are being increasingly used in numerous areas.However,the low priority on security and various IoT types have made these devices vulnerable to attacks.To prevent this,recent studies have analyzed firmware in an emulation environment that does not require actual devices and is efficient for repeated experiments.However,these studies focused only on major firmware architectures and rarely considered exotic firmware.In addition,because of the diversity of firmware,the emulation success rate is not high in terms of large-scale analyses.In this study,we propose the adaptive emulation framework for multi-architecture(AEMA).In the field of automated emulation frameworks for IoT firmware testing,AEMA considers the following issues:(1)limited compatibility for exotic firmware architectures,(2)emulation instability when configuring an automated environment,and(3)shallow testing range resulting from structured inputs.To tackle these problems,AEMAcan emulate not onlymajor firmware architectures but also exotic firmware architectures not previously considered,such as Xtensa,ColdFire,and reduced instruction set computer(RISC)version five,by implementing a minority emulator.Moreover,we applied the emulation arbitration technique and input keyword extraction technique for emulation stability and efficient test case generation.We compared AEMA with other existing frameworks in terms of emulation success rates and fuzz testing.As a result,AEMA succeeded in emulating 864 out of 1,083 overall experimental firmware and detected vulnerabilities at least twice as fast as the experimental group.Furthermore,AEMAfound a 0-day vulnerability in realworld IoT devices within 24 h.

关 键 词：Internet of things(IoT) emulation framework FIRMWARE FUZZING concolic execution VULNERABILITY 

分 类 号：TP3[自动化与计算机技术—计算机科学与技术]