FirmDep:利用动态分析的嵌入式应用托管方案  

作　　者：吴华茂 姜木慧 周亚金 李金库 WU Hua-Mao;JIANG Mu-Hui;ZHOU Ya-Jin;LI Jin-Ku(College of Computer Science and Technology,Zhejiang University,Hangzhou 310027,China;Department of Computing,The Hong Kong Polytechnic University,Hong Kong 999077,China;School of Cyber Engineering,Xidian University,Xi’an 710126,China)

机构地区：[1]浙江大学计算机科学与技术学院,浙江杭州310027 [2]香港理工大学电子计算学系,中国香港999077 [3]西安电子科技大学网络与信息安全学院,陕西西安710126

出　　处：《软件学报》2024年第8期3591-3609,共19页Journal of Software

基　　金：国家重点研发计划(2022YFE0113200)。

摘　　要：固件托管(firmware rehosting)是一种对嵌入式设备的软硬件进行建模和仿真,并在仿真环境中运行和分析嵌入式设备软件的技术.现有的基于全系统仿真的固件托管方案只能预防性地修复已知的软硬件依赖问题,而无法解决未知的问题.为应对这一现状,提出了一种由动态分析辅助的固件托管方案FirmDep.在托管过程中,FirmDep对被分析应用的执行轨迹和系统状态进行记录.若目标应用无法被成功托管, FirmDep对执行轨迹进行信息提取和系统状态补全,并使用多种执行轨迹分析方法识别和仲裁应用的环境依赖问题.基于PANDA和angr实现了FirmDep的原型系统,并使用217个来自真实设备固件的嵌入式Web应用对其进行了测试.结果表明:FirmDep可有效识别嵌入式设备应用的环境依赖问题,提高固件托管的成功率.Through providing a virtual environment modeled from embedded devices,firmware rehosting enables dynamic analysis on embedded device firmware.Existing full-emulation firmware hosting solutions can only preventatively fix known hardware and software dependencies but cannot address undetected dependencies during the rehosting process.This study proposes FirmDep,an embedded application rehosting solution assisted with dynamic analysis.During the rehosting process,FirmDep records the execution trace and system state of the embedded application to be analyzed.If FirmDep fails to rehost the application,FirmDep extracts information and recover system states from the execution trace,then uses several algorithms to identify and arbitrate the unresolved dependency problems.The prototype system of FirmDep is implemented based on PANDA and angr,and it is tested with embedded Web applications from 217 real-world firmware images.The results show that FirmDep can effectively identify unresolved dependencies of embedded application and improve the success rate of rehosting.

关 键 词：嵌入式设备 固件 动态分析 固件托管 录制重放 

分 类 号：TP311[自动化与计算机技术—计算机软件与理论]