ABSTRACT
As the number of Internet of Things (IoT) devices proliferate, an in-depth understanding of the IoT attack surface has become quintessential for dealing with the security and reliability risks. IoT devices and components execute implementations of various communication protocols. Vulnerabilities in the protocol stack implementations form an important part of the IoT attack surface. Therefore, finding memory errors in such implementations is essential for improving the IoT security and reliability. This paper presents a protocol knowledge guided hybrid program analysis for detecting memory errors in protocol stack implementations. Our approach utilizes the program structure, the precise memory model of symbolic execution, and the high coverage of static analysis for scalable bug finding. We have implemented our approach in a tool called SEESAW and applied it to the USB and Bluetooth modules within the Linux kernel. SEESAW can reproduce known memory vulnerabilities and reach protocol relevant targets in a more scalable way (up to 99% speedup) compared to baseline symbolic execution.
- [n.d.]. BlueBorne. https://www.armis.com/blueborne/.Google Scholar
- [n.d.]. CVE-2017-1000251 Detail. https://nvd.nist.gov/vuln/detail/CVE-2017-1000251.Google Scholar
- [n.d.]. CVE-2018-20169 Detail. https://nvd.nist.gov/vuln/detail/CVE-2018-20169.Google Scholar
- [n.d.]. mac80211: Properly access radiotap vendor data. https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/net/mac80211/rx.c?id=d359bbce0601c6a19203a4b813a7e3910fcba282. last accessed October 2021.Google Scholar
- Fraser Brown, Deian Stefan, and Dawson Engler. 2020. Sys: a Static/Symbolic Tool for Finding Good Bugs in Good (Browser) Code. (2020).Google Scholar
- Cristian Cadar, Daniel Dunbar, and Dawson Engler. 2008. KLEE: Unassisted and Automatic Generation of High-coverage Tests for Complex Systems Programs. In Proceedings of the 8th USENIX Conference on Operating Systems Design and Implementation (San Diego, California) (OSDI’08). 209–224.Google ScholarDigital Library
- Heming Cui, Gang Hu, Jingyue Wu, and Junfeng Yang. 2013. Verifying systems rules using rule-directed symbolic execution. ACM SIGPLAN Notices 48, 4 (2013), 329–342.Google ScholarDigital Library
- Dawson Engler and Daniel Dunbar. 2007. Under-constrained execution: making automatic code destruction easy and scalable. In Proceedings of the 2007 international symposium on Software testing and analysis. 1–4.Google ScholarDigital Library
- David Gens, Simon Schmitt, Lucas Davi, and Ahmad-Reza Sadeghi. 2018. K-Miner: Uncovering Memory Corruption in Linux.. In NDSS.Google Scholar
- Istvan Haller, Asia Slowinska, Matthias Neugschwandtner, and Herbert Bos. 2013. Dowser: a guided fuzzer to find buffer overflow vulnerabilities. In Proceedings of the 22nd USENIX Security Symposium. 49–64.Google Scholar
- Kin-Keung Ma, Khoo Yit Phang, Jeffrey S Foster, and Michael Hicks. 2011. Directed symbolic execution. In International Static Analysis Symposium. Springer, 95–111.Google ScholarCross Ref
- David A Ramos and Dawson Engler. 2015. Under-constrained symbolic execution: Correctness checking for real code. In 24th {USENIX} Security Symposium ({USENIX} Security 15). 49–64.Google Scholar
- Yulei Sui and Jingling Xue. 2016. SVF: interprocedural static value-flow analysis in LLVM. In Proceedings of the 25th international conference on compiler construction. 265–266.Google ScholarDigital Library
- Tuba Yavuz and Ken Yihang Bai. 2020. Analyzing system software components using API model guided symbolic execution. Autom. Softw. Eng. 27, 3 (2020), 329–367.Google ScholarDigital Library
Index Terms
- Finding Memory Vulnerabilities in Protocol Stack Implementations using Hybrid Program Analysis
Recommendations
SEESAW: a tool for detecting memory vulnerabilities in protocol stack implementations
MEMOCODE '21: Proceedings of the 19th ACM-IEEE International Conference on Formal Methods and Models for System DesignAs the number of Internet of Things (IoT) devices proliferate, an in-depth understanding of the IoT attack surface has become quintessential for dealing with the security and reliability risks. IoT devices and components execute implementations of ...
Taxonomy and analysis of security protocols for Internet of Things
AbstractThe Internet of Things (IoT) is a system of physical as well as virtual objects (each with networking capabilities incorporated) that are interconnected to exchange and collect information locally or remotely over the Internet. Since ...
Highlights- We first discuss essential security requirements that are needed to secure IoT environment. We also discuss the threat model and various attacks related to ...
Static analysis for discovering IoT vulnerabilities
AbstractThe Open Web Application Security Project (OWASP), released the “OWASP Top 10 Internet of Things 2018” list of the high-priority security vulnerabilities for IoT systems. The diversity of these vulnerabilities poses a great challenge toward ...
Comments