Abstract
Power IoT (Internet of Things) has been developing for a few years where various types of terminals are deployed. Since the power IoT devices need to be connected to the public network, the security situation is more severe, and it is imperative to develop an efficient and reliable vulnerability mining model for the device firmware in the power IoT field. Based on this, this paper analyzes the common mining means of power IoT device firmware vulnerabilities including static and dynamic analysis methods. By comparing the characteristics of different mining techniques and their applicability, an IoT device firmware vulnerability mining model applicable to the power system environment is proposed and its process and associated methods are designed. Finally, a test system is established to verify the effectiveness of the proposed model compared to the common static and dynamic analysis tools. The test results show that the proposed model demonstrates better performance in terms of execution time and code coverage efficiency.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Ren, Y., Zhang, Y., Ai, C.: Survey on taint analysis technology. Comput. Appl. 39(8), 2302–2309 (2019)
Wang, L., Li, F., Li, L., Feng, X.: Principle and practice of taint analysis. J. Softw. 28(04), 860–882 (2017)
Wu, Z., Chen, X., Yang, Z., Du, X.: Survey on information flow control. J. Softw. 28(1), 135–159 (2017)
Zhang, X., Zhang, K., Sang, H., Zhang, H., Wei, P., Zhou, H.: IoT security annual report. Inf. Secur. Commun. Priv. 2020(01), 45–62 (2019)
Zheng, Y., Davanian, A., Yin, H.: FIRM-AFL: high-throughput grey box fuzzing of IoT firmware via augmented process emulation. In: Proceedings of the 28th USENIX Conference on Security Symposium (SEC 2019), pp. 1099–1114 (2019)
Pereira, J.D.: Techniques and tools for advanced software vulnerability detection. In: 2020 IEEE International Symposium on Software Reliability Engineering Workshops (ISSREW), pp. 123–126 (2020)
Mera, A., Feng, B., Lu, L., Kirda, E. DICE: automatic emulation of DMA input channels for dynamic firmware analysis. In: 2021 IEEE Symposium on Security and Privacy (SP), pp. 1938–1954 (2021)
Wang, Y., Shen, J., Lin, J., Lou, R.: Staged method of code similarity analysis for firmware vulnerability detection. IEEE Access 7, 14171–14185 (2019)
Sun, Y., Sun, L., Shi, Z., Yu, W., Ying, H.: Vulnerability finding and firmware association in power grid. In: 2019 Fifth Conference on Mobile and Secure Services (MobiSecServ), pp. 1–5 (2019)
Zhang, B., Xi, Z., Gao, K.: Fuzzy test guidance technology for power internet of things firmware vulnerability detection. In: 2021 IEEE International Conference on Energy Internet (ICEI), pp. 157–163 (2021)
Zhang, H., Zhou, A., Jia, P., Liu, L., Ma, J., Liu, L.: InsFuzz: fuzzing binaries with location sensitivity. IEEE Access 7, 22434–22444 (2019)
Böhme, M., Pham, V., Roychoudhury, A.: Coverage-based greybox fuzzing as Markov chain. IEEE Trans. Softw. Eng. 45(5), 489–506 (2019)
Cheng, K., et al.: DTaint: detecting the taint-style vulnerability in embedded device firmware. In: 2018 48th Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN), pp. 430–441 (2018)
Nicho, M., Girija, S.: IoTVT model: a model mapping IoT sensors to IoT vulnerabilities and threats. In: 2021 20th International Conference on Ubiquitous Computing and Communications (IUCC/CIT/DSCI/SmartCNS), pp. 123–129 (2021)
Chen, Y., Tao, Y., Zhai, S., Sui, S.: Design and implementation of a universal offline reading system for embedded device firmware. In: 2022 7th International Conference on Intelligent Computing and Signal Processing (ICSP), pp. 1307–1310 (2022)
Acknowledgments
The research in this paper is supported by the science and technology project of State Grid Jiangsu Electric Power Co., Ltd. under Grant No. J2021154.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2023 The Author(s), under exclusive license to Springer Nature Singapore Pte Ltd.
About this paper
Cite this paper
Zhou, C. et al. (2023). Research on Firmware Vulnerability Mining Model of Power Internet of Things. In: Tian, Y., Ma, T., Jiang, Q., Liu, Q., Khan, M.K. (eds) Big Data and Security. ICBDS 2022. Communications in Computer and Information Science, vol 1796. Springer, Singapore. https://doi.org/10.1007/978-981-99-3300-6_52
Download citation
DOI: https://doi.org/10.1007/978-981-99-3300-6_52
Published:
Publisher Name: Springer, Singapore
Print ISBN: 978-981-99-3299-3
Online ISBN: 978-981-99-3300-6
eBook Packages: Computer ScienceComputer Science (R0)