ABSTRACT
Component vulnerability matching offers an approach for discovering vulnerabilities existing in IoT firmware. In this work, A component composition analysis and reliability assessment (C2ARA) is developed to improve the component vulnerability matching. The C2ARA method employs a knowledge graph for discovering the components and their relationships from the extracted file system of the firmware. The key to the proposed method is to discover vulnerabilities from the component composition extracted from IoT firmware file systems, rather than only the information provided by CVE databases and firmware vendor. The results of the experiment with a large-scale dataset demonstrate the effectiveness of the C2ARA method.
- [1]David Y, Partush N, and Yahav E. 2018. Firmup: Precise static detection of common vulnerabilities in firmware. ACM SIGPLAN Notices, 53(2), 392-404.Google ScholarDigital Library
- [2]Hou J, Li T, and Chang C. 2017. Research for vulnerability detection of embedded system firmware. Procedia Computer Science, 107, 814-818.Google ScholarDigital Library
- [3]Yao Y, Zhou W, Jia Y, et al. Identifying privilege separation vulnerabilities in IoT firmware with symbolic execution[C]//European Symposium on Research in Computer Security. Springer, Cham, 2019: 638-657.Google Scholar
- [4]He D, Yu X, Li T, et al. Firmware Vulnerabilities Homology Detection Based on Clonal Selection Algorithm for IoT Devices[J]. IEEE Internet of Things Journal, 2022.Google ScholarCross Ref
Index Terms
- A Component Vulnerability Matching Approach for IoT Firmware
Recommendations
A large-scale empirical analysis of the vulnerabilities introduced by third-party components in IoT firmware
ISSTA 2022: Proceedings of the 31st ACM SIGSOFT International Symposium on Software Testing and AnalysisAs the core of IoT devices, firmware is undoubtedly vital. Currently, the development of IoT firmware heavily depends on third-party components (TPCs), which significantly improves the development efficiency and reduces the cost. Nevertheless, TPCs are ...
Firmware Update Attacks and Security for IoT Devices: Survey
ArabWIC 2019: Proceedings of the ArabWIC 6th Annual International Conference Research TrackThe increasing vulnerabilities found in Internet of Things (IoT) devices have raised the need for a solid mechanism of securing the firmware update of these connected objects, since firmware updates are one way to patch vulnerabilities and add security ...
A taxonomy of IoT firmware security and principal firmware analysis techniques
AbstractInternet of Things (IoT) has come a long way since its inception. However, the standardization process in IoT systems for a secure IoT solution is still in its early days. Numerous quality review articles have been contributed by ...
Graphical abstractDisplay Omitted
Comments