VSkLCG A Method for Cross-Platform Vulnerability Search in Firmware

摘要

Vulnerabilities in firmware will make a system at risk. Because of code reuse, the same vulnerability may occur on different platforms. Therefore, searching vulnerabilities across different platforms is of great significance. Due to the difficulty in obtaining the source code of firmware, there is a need to search vulnerabilities at the binary level. However, the prior methods mainly work at the same platform, which can't be directly extended to the case of cross-platform. In this paper, we propose a multistage method to search cross-platform vulnerabilities in firmware. Given a vulnerable function in a platform, our objective is to find its homologous vulnerability in another platform. To ensure the efficiency, we identify a set of robust numeric features and use the k-Nearest Neighbors (kNN) algorithm to obtain possible vulnerable functions. To improve the accuracy, we adopt the bipartite matching algorithm to calculate the distance between functions based on the local call graphs (LCGs) of functions and the call frequency between functions. We have implemented a prototype of our approach, called VSkLCG, which supports three platforms (ARM, MIPS, x86). The experimental results show that our method can search some vulnerabilities in firmware with a high accuracy while maintaining efficiency.