检索规则说明:AND代表“并且”;OR代表“或者”;NOT代表“不包含”;(注意必须大写,运算符两边需空一格)
检 索 范 例 :范例一: (K=图书馆学 OR K=情报学) AND A=范并思 范例二:J=计算机应用与软件 AND (U=C++ OR U=Basic) NOT M=Visual
名 称:
注 释:
作 者:方恩博 高凡 张群兴 FANG Enbo;GAO Fang;ZHANG Qunxing(No.30 Institute of CETC,Chengdu Sichuan 610041,China;No.3 Military Delegate Department of Army Equipment Department in Chengdu,Chengdu Sichuan 610041,China)
机构地区:[1]中国电子科技集团公司第三十研究所,四川成都610041 [2]陆军装备部驻成都地区第三军事代表室,四川成都610041
出 处:《通信技术》2024年第7期718-724,共7页Communications Technology
基 金:国家重点研发计划(2022YFB3105000)。
摘 要:近年来,蓝牙设备的应用越发广泛。若蓝牙设备存在漏洞可能会导致信息泄露、经济损失等后果。而蓝牙设备的固件程序更新存在滞后的情况,有些甚至无法进行热更新。目前,针对固件蓝牙协议的漏洞挖掘工具相对缺乏。现有的固件模糊测试工具无法同时满足虚拟化、可交互、微控制器(MCU)适用,以及具备反馈与引导机制、仿真精确性和错误检测机制等需求。因此,提出了一种基于虚拟化的固件蓝牙协议栈模糊测试方案——BBFirmBTFuzz。该方案通过对多种设备进行仿真,以同时支持实时操作系统(RTOS)固件程序和无系统固件程序(bare-metal),并对蓝牙控制器进行仿真。实验结果显示,BBFirmBTFuzz能够有效地对Cordio蓝牙协议栈进行模糊测试。In recent years,the applications of Bluetooth devices become increasingly widespread.Bluetooth devices that are vulnerable could lead to information leakage,economic loss and other consequences.However,there is a delay in updating the firmware program for Bluetooth devices,and some of them cannot even be updated in real time.Currently,there is a relative lack of vulnerability mining tools for the firmware Bluetooth protocol.Existing firmware fuzz testing tools fail to simultaneously meet the requirements of virtualization,interactivity,MCU applicability,and the availability of feedback and guidance mechanisms,simulation accuracy,and error detection mechanisms.Therefore,this paper proposes a virtualization-based fuzz testing scheme for firmware Bluetooth protocol stacks,named BBFirmBTFuzz.The scheme achieves simulation of various devices to simultaneously support RTOS firmware programs and bare-metal firmware programs.It also simulates Bluetooth controllers.Experimental results demonstrate that BBFirmBTFuzz can effectively conduct fuzz testing on the Cordio Bluetooth protocol stack.
分 类 号:TN918.91[电子电信—通信与信息系统]
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在链接到云南高校图书馆文献保障联盟下载...
云南高校图书馆联盟文献共享服务平台 版权所有©
您的IP:216.73.216.33