Keyword Sensitive Fuzzing Method for Embedded Device Firmware
The firmware of most embedded devices provides a Web interface,which is convenient for the users to configure and manage the devices.However,the security problems of these Web interfaces usually bring challenges to the security of embedded devices.However,the existing vulnerability detection methods for Web interfaces in embedded device firmware have high false positive rates.This paper proposes a keyword-sensitive embedded device fuzzing method KS-Fuzz(keyword sensitive fuzzing),which efficiently performs fuzzing in the processing logic of the Web interface in the embedded device firmware.The proposed method generates high-quality test cases through the association analysis of front-end and back-end files,and records the refe-rences of keywords in the target device's back-end files to front-end files during the fuzzing process,to guide the direction of test case mutation,and improve the fuzzing coverage.In this paper,we use KS-Fuzz to test embedded devices of major brands to eva-luate the fuzzing ability of KS-Fuzz,and compare KS-Fuzz with existing vulnerability mining methods,such as SaTC,IOTScope,and FirmFuzz.The results show that by analyzing the correlation of front-end and back-end files,KS-Fuzz can quickly traverse the functional interfaces of the target devices and discover vulnerabilities effectively.
NETL
NSTL
万方数据
