Design And Implementation Of A Cross-platform Firmware Security Analysis System Based On Static Homologous Similarity Analysis

With the development of Internet of things,Internet of things devices have been widely used in life.With the rapid development,security has become the primary concern in the field of Internet of things,especially firmware security.There is a lot of code reuse in the firmware development process that can cause the same known vulnerability to affect multiple different devices,so it is important to detect known vulnerabilities in firmware.Since the same source code is usually compiled into firmware programs under different instruction set architectures during the development process,it is of great significance to support a cross-platform detection scheme.Although the existing function-level cross-platform solutions such as Gmini have good results,there are still problems such as loss of semantic information and poor scalability due to manually selected statistical features.In view of the above problems,this thesis proposes a semantic based cross platform firmware binary function homology similarity detection scheme,designs and implements a firmware security analysis system based on static homology.The main research results are as follows:1.Proposes a binary function based on code semantic information across X86 and ARM platforms.Homologous similarity detection model.Aiming at the problem of the loss of semantic information and the introduction of human errors due to the artificial selection of statistical features in the existing cross-platform binary function-level detection methods based on feature learning such as Gmini,the model avoids the problem of manual feature selection by learning the semantic information of the instructions in the basic block.Firstly,a basic block-level crossplatform model is implemented based on the twin network,and then a function similarity analysis algorithm based on intra-block semantics is proposed,and a cross-platform binary function-level homology similarity detection model is constructed.Finally,the cross-platform effect of the model is tested through experiments.And the known vulnerability detection ability has been verified and evaluated.2.Design and implement a cross-platform firmware security detection system with visual interface.The system takes the binary function homology similarity detection model proposed in this paper as the core,and provides users with the function of firmware cross-platform known vulnerability detection.At the same time,it provides a number of static security detection functions for firmware,providing users with unknown security problem detection functions.Users interact with the system through a visual interface,submit firmware images or binary information,and initiate detection tasks.The system performs cross-platform known vulnerability detection and other security detections on the firmware according to the task information.In practical applications,in addition to effectively detecting whether there are known vulnerabilities in the firmware binary,This thesis also based on the results of other related detection items,Combined with manual analysis,two new vulnerabilities were discovered in a certain firmware,numbered CVE-2020-25010 and CVE-2020-25011.