Skip to main content
SpringerLink
Log in

Automated Search for Vulnerabilities in ARM Software Using Dynamic Symbolic Execution

  • Published:
Automatic Control and Computer Sciences Aims and scope Submit manuscript

Abstract—

Automated search for vulnerabilities in ARM IoT devices is considered. The problems of using symbolic execution for vulnerability detection are investigated. A dynamic symbolic execution approach with taint analysis is proposed to improve the efficiency of vulnerability detection, which eliminates the problems that arise when using classical symbolic execution.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Fig. 1.
Fig. 2.
Fig. 3.
Fig. 4.
Fig. 5.
Fig. 6.

Similar content being viewed by others

REFERENCES

  1. Sparks, P., The route to a trillion devices, White Paper, ARM. 2017. https://community.arm.com/cfs-file/__key/telligent-evolution-components-attachments/01-1996-00-00-00-01-30-09/ARM-_2D00_-The-route-to-a-trillion-devices-_2D00_-June-2017.pdf.

  2. Stanislav, M. and Beardsley, T., Hacking IoT: A case study on baby monitor exposures and vulnerabilities, Rapid7 Report, 2015. https://media.kasperskycontenthub.com/wp-content/uploads/sites/63/2015/11/21031739/Hacking-IoT-A-Case-Study-on-Baby-Monitor-Exposures-and-Vulnerabilities.pdf.

  3. Platonov, V.V. and Semenov, P.O., Detection of abnormal traffic in dynamic computer networks with mobile consumer devices, Autom. Control Comput. Sci., 2018, vol. 52, no. 8, pp. 959–964.  https://doi.org/10.3103/S0146411618080217

    Article  Google Scholar 

  4. Krundyshev, V.M., Preparing datasets for training in a neural network system of intrusion detection in industrial systems, Autom. Control Comput. Sci., 2019, vol. 53, no. 8, pp. 1012–1016.  https://doi.org/10.3103/S0146411619080121

    Article  Google Scholar 

  5. Krundyshev, V. and Kalinin, M., Hybrid neural network frame work for detection of cyber attacks at smart infrastructures, Proc. 12th Int. Conf. on Security of Information and Networks, Sochi, Russia, 2019, New York: Association for Computing Machinery, 2019, pp. 1–7.  https://doi.org/10.1145/3357613.3357623

  6. Belenko, V., Krundyshev, V., and Kalinin, M., Synthetic datasets generation for intrusion detection in VANET, Proc. 11th Int. Conf. on Security of Information and Networks, Cardiff, 2018, New York: Association for Computing Machinery, 2018, pp. 1–6.  https://doi.org/10.1145/3264437.3264479

  7. Belenko, V., Krundyshev, V., and Kalinin, M., Intrusion detection for internet of things applying metagenome fast analysis, Third World Conf. on Smart Trends in Systems Security and Sustainability (WorldS4), London, 2019, IEEE, 2019, pp. 129–135.  https://doi.org/10.1109/WorldS4.2019.8904022

  8. Kalinin, M.O., Lavrova, D.S., and Yarmak, A.V., Detection of threats in cyberphysical systems based on deep learning methods using multidimensional time series, Autom. Control Comput. Sci., 2018, vol. 52, no. 8, pp. 912–917.  https://doi.org/10.3103/S0146411618080151

    Article  Google Scholar 

  9. Kalinin, M. and Zegzhda, P., AI-based security for the smart networks, 13th Int. Conf. on Security of Information and Networks, Merkez, Turkey, 2020, New York: Association for Computing Machinery, 2020, pp. 1–4.  https://doi.org/10.1145/3433174.3433593

  10. Demidov, R.A., Zegzhda, P.D., and Kalinin, M.O., Threat analysis of cyber security in wireless adhoc networks using neural network model, Autom. Control Comput. Sci., 2018, vol. 52, no. 8, pp. 971–976.  https://doi.org/10.3103/S0146411618080084

    Article  Google Scholar 

  11. Demidov, R.A., Pechenkin, A.I., Zegzhda, P.D., and Kalinin, M.O., Application model of modern artificial neural network methods for the analysis of information systems security, Autom. Control Comput. Sci., 2018, vol. 52, no. 8, pp. 965–970.  https://doi.org/10.3103/S0146411618080072

    Article  Google Scholar 

  12. Belenko, V., Chernenko, V., Krundyshev, V., and Kalinin, M., Data-driven failure analysis for the cyber physical infrastructures, IEEE Int. Conf. on Industrial Cyber Physical Systems (ICPS), Taipei, 2019, IEEE, 2019, pp. 1–5.  https://doi.org/10.1109/ICPHYS.2019.8854888

  13. Lim, S., Kalinin, M., and Zegzhda, P., Bioinspired intrusion detection in ITC infrastructures, Technological Transformation: A New Role for Human, Machines and Management. TT 2020, Schaumburg, H., Korablev, V., and Ungvari, L., Eds., Lecture Notes in Networks and Systems, vol. 157, Cham: Springer, 2021, pp. 10–22.  https://doi.org/10.1007/978-3-030-64430-7_2

  14. Lavrova, D., Poltavtseva, M., and Shtyrkina, A., Security analysis of cyber-physical systems network infrastructure, IEEE Industrial Cyber-Physical Systems (ICPS), St. Petersburg, 2018, IEEE, 2018, pp. 818–823.  https://doi.org/10.1109/ICPHYS.2018.8390812

  15. Zegzhda, D.P., Kalinin, M.O., and Levykin, M.V., Actual vulnerabilities of industrial automation protocols of an open platform communications series, Autom. Control Comput. Sci., 2019, vol. 53, no. 8, pp. 972–979. https://doi.org/10.3103/S0146411619080339

    Article  Google Scholar 

  16. Zegzhda, P.D., Zegzhda, D.P., Aleksandrova, E.B., Kalinin, M.O., and Lavrova, D.S., Ot informatsionnoi bezopasnosti k kiberbezopasnosti. Opyt issledovatel’skikh rabot i podgotovki kadrov v Sankt-Peterburgskom politekhnicheskom universitete Petra Velikogo (From Information Security to Cyber Security: Experience of Research and Training of Personnel at the Peter the Great St. Petersburg Polytechnic University), St. Petersburg: Izd. Politekh. Univ., 2017.  https://doi.org/10.18720/SPBPU/2/i17-197

  17. Miessler, D., Securing the internet of things: mapping attack surface areas using the OWASP IoT Top 10, in RSA Conf., San Francisco, 2015, pp. 20–24.

  18. Cadar, C. and Sen, K., Symbolic execution for software testing: three decades later, Commun. ACM, 2013, vol. 56, no. 2, pp. 82–90.  https://doi.org/10.1145/2408776.2408795

    Article  Google Scholar 

  19. Bucur, S., Ureche, V., Zamfir, C., and Candea, G., Parallel symbolic execution for automated real-world software testing, Proc. Sixth Conf. on Computer Systems, Salzburg, 2011, New York: Association for Computing Machinery, 2011, pp. 183–198.  https://doi.org/10.1145/1966445.1966463

  20. Garg, P., Ivančić, F., Balakrishnan, G., Maeda, N., and Gupta, A., Feedback-directed unit test generation for C/C++ using concolic execution, 35th Int. Conf. on Software Engineering (ICSE), San Francisco, 2013, IEEE, 2013, pp. 132–141.  https://doi.org/10.1109/ICSE.2013.6606559

  21. Belenko, V., Krundyshev, V., and Kalinin, M., Intrusion detection for internet of things applying metagenome fast analysis, Third World Conf. on Smart Trends in Systems Security and Sustainability (WorldS4), London, 2019, IEEE, 2019, pp. 129–135.  https://doi.org/10.1109/WorldS4.2019.8904022

  22. Ermolinskiy, A., Katti, S., Shenker, S., and Fowler, L., Towards practical taint tracking. EECS Department. Tech. Rep. UCB/EECS-2010-92, Berkeley, Calif.: Univ. of California, 2010.

  23. Ovasapyan, T.D., Knyazev, P.V., and Moskvin, D.A., Application of taint analysis to study the safety of software of the Internet of Things devices based on the ARM architecture, Autom. Control Comput. Sci., 2020, vol. 54, no 8, pp. 834–840.  https://doi.org/10.3103/S0146411620080246

    Article  Google Scholar 

Download references

Funding

The study is supported by the Russian Foundation for Basic Research, project no. 19-37-90027\19.

Author information

Authors and Affiliations

  1. Peter the Great St. Petersburg Polytechnic University, 195251, St. Petersburg, Russia

    T. D. Ovasapyan, P. V. Knyazev & D. A. Moskvin

Authors
  1. T. D. Ovasapyan
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. P. V. Knyazev
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. D. A. Moskvin
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding authors

Correspondence to T. D. Ovasapyan or D. A. Moskvin.

Ethics declarations

The authors declare that they have no conflicts of interest.

Additional information

Translated by O. Pismenov

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Ovasapyan, T.D., Knyazev, P.V. & Moskvin, D.A. Automated Search for Vulnerabilities in ARM Software Using Dynamic Symbolic Execution. Aut. Control Comp. Sci. 55, 932–940 (2021). https://doi.org/10.3103/S014641162108023X

Download citation

  • Received:

  • Revised:

  • Accepted:

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.3103/S014641162108023X

Keywords:

Search

Navigation