A Lightweight Method for Accelerating Discovery of Taint-Style Vulnerabilities in Embedded Systems

摘要

Nowadays, embedded systems have been widely deployed in numerous applications. Firmwares in embedded systems are typically custom-built to provide a set of very specialized functionalities. They are prone to taint-style vulnerability with a high probability, but traditional whole-program analysis has low efficiency in discovering the vulnerability. In this paper, we propose a two-stage mechanism to accelerate discovery of taint-style vulnerabilities in embedded firmware: first recognizing protocol parsers that are prone to taint-style vulnerabilities from firmware, and then constructing program dependence graph for security-sensitive sinks to analyze their input source. We conduct a real-world experiment to verify the mechanism. The result indicates that the mechanism can help find taint-style vulnerabilities in less time compared with whole-program analysis.