Skip to main content
SpringerLink
Log in

Extended Abstract: Towards Reliable and Scalable Linux Kernel CVE Attribution in Automated Static Firmware Analyses

  • Conference paper
  • First Online:
Detection of Intrusions and Malware, and Vulnerability Assessment (DIMVA 2023)

Part of the book series: Lecture Notes in Computer Science ((LNCS,volume 13959))

  • 489 Accesses

Abstract

In vulnerability assessments, software component-based CVE attribution is a common method to identify possibly vulnerable systems at scale. However, such version-centric approaches yield high false-positive rates for binary distributed Linux kernels in firmware images. Not filtering included vulnerable components is a reason for unreliable matching, as heterogeneous hardware properties, modularity, and numerous development streams result in a plethora of vendor-customized builds. To make a step towards increased result reliability while retaining scalability of the analysis method, we enrich version-based CVE matching with kernel-specific build data from binary images using automated static firmware analysis. In a case study with 127 router firmware images, we show that in comparison to naive version matching, our approach identifies 68% of all version CVE matches as false-positives and reliably removes them from the result set. For 12% of all matches it provides additional evidence of issue applicability.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 99.00
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 129.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Notes

  1. 1.

    https://www.embedded.com/wp-content/uploads/2019/11/EETimes_Embedded_2019_Embedded_Markets_Study.pdf.

  2. 2.

    https://github.com/fkie-cad/cve-attribution-s2.

  3. 3.

    https://www.cve.org/.

  4. 4.

    https://nvd.nist.gov/.

  5. 5.

    https://www.zyxel.com/form/gpl_oss_software_notice.shtml.

  6. 6.

    https://github.com/fkie-cad/embedded-evaluation-corpus/blob/master/2020/FKIE-HRS-2020.md.

References

  1. Benthin Sanguino, L.A., Uetz, R.: Software Vulnerability Analysis Using CPE and CVE. ArXiv (2017). https://doi.org/10.48550/arXiv.1705.05347

  2. Costin, A., Zaddach, J., Francillon, A., Balzarotti, D.: A Large-Scale Analysis of the Security of Embedded Firmwares. In: 23rd USENIX Conference on Security Symposium (SEC ’14). USENIX Association, San Diego, USA (2014)

    Google Scholar 

  3. David, Y., Partush, N., Yahav, E.: FirmUp: precise Static Detection of Common Vulnerabilities in Firmware. In: 23rd International Conference on Architectural Support for Programming Languages and Operating Systems (ASPLOS ’18). ACM, Williamsburg, USA (2018)

    Google Scholar 

  4. Fraunhofer FKIE: FACT - Firmware Analysis and Comparison Tool. https://github.com/fkie-cad/FACT_core

  5. Haq, I.U., Caballero, J.: A Survey of Binary Code Similarity. ACM Comput. Surv. 54(3), 01–38 (2021)

    Google Scholar 

  6. Kim, M., Kim, D., Kim, E., Kim, S., Jang, Y., Kim, Y.: FirmAE: towards Large-Scale Emulation of IoT Firmware for Dynamic Analysis. In: 2020 Annual Computer Security Applications Conference (ACSAC ’20). ACM, Austin, USA (2020)

    Google Scholar 

  7. Manès, V.J., et al.: The Art, Science, and Engineering of Fuzzing: a Survey. IEEE Trans. Softw. Eng. 47(11), 2312–2331 (2021)

    Google Scholar 

  8. Neshenko, N., Bou-Harb, E., Crichigno, J., Kaddoum, G., Ghani, N.: Demystifying IoT Security: an exhaustive survey on iot vulnerabilities and a first empirical look on internet-scale IoT exploitations. IEEE Commun. Surv. Tutorials 21(3) (2019)

    Google Scholar 

  9. ONEKEY GmbH: ONEKEY Automated Firmware Analysis Platform. Accessed 5 Sep 2022. https://onekey.com/

  10. Qasem, A., Shirani, P., Debbabi, M., Wang, L., Lebel, B., Agba, B.L.: Automatic Vulnerability Detection in Embedded Devices and Firmware: survey and layered taxonomies. ACM Comput. Surv. 54(2), 1–42 (2021)

    Google Scholar 

  11. Tan, X., et al.: Locating the Security Patches for Disclosed OSS Vulnerabilities with Vulnerability-Commit Correlation Ranking. In: 2021 ACM SIGSAC Conference on Computer and Communications Security (CCS ’21). ACM, Virtual, Republic of Korea (2021)

    Google Scholar 

  12. Weidenbach, P., Vom Dorp, J.: Home Router Security Report 2020. Fraunhofer Institute for Communication, Information Processing and Ergonomics (FKIE), Tech. Rep. (2020). https://www.fkie.fraunhofer.de/en/press-releases/Home-Router.html

  13. Wright, C., Moeglein, W.A., Bagchi, S., Kulkarni, M., Clements, A.A.: Challenges in Firmware Re-Hosting, Emulation, and Analysis. ACM Comput. Surv. 54(1), 1–36 (2021)

    Google Scholar 

  14. Zhao, B., et al.: A Large-Scale Empirical Analysis of the Vulnerabilities Introduced by Third-Party Components in IoT Firmware. In: 31st ACM SIGSOFT International Symposium on Software Testing and Analysis (ISSTA ’22). ACM, South Korea (2022)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Fraunhofer FKIE, Zanderstraße 5, 53177, Bonn, Germany

    R. Helmke & J. vom Dorp

Authors
  1. R. Helmke
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. J. vom Dorp
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to R. Helmke .

Editor information

Editors and Affiliations

  1. Graz University of Technology, Graz, Austria

    Daniel Gruss

  2. AWS Italy, Milan, Italy

    Federico Maggi

  3. Universität Hamburg, Hamburg, Germany

    Mathias Fischer

  4. Politecnico di Milano, Milan, Italy

    Michele Carminati

Rights and permissions

Reprints and permissions

Copyright information

© 2023 The Author(s), under exclusive license to Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Helmke, R., vom Dorp, J. (2023). Extended Abstract: Towards Reliable and Scalable Linux Kernel CVE Attribution in Automated Static Firmware Analyses. In: Gruss, D., Maggi, F., Fischer, M., Carminati, M. (eds) Detection of Intrusions and Malware, and Vulnerability Assessment. DIMVA 2023. Lecture Notes in Computer Science, vol 13959. Springer, Cham. https://doi.org/10.1007/978-3-031-35504-2_10

Download citation

  • DOI: https://doi.org/10.1007/978-3-031-35504-2_10

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-031-35503-5

  • Online ISBN: 978-3-031-35504-2

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation