Lightweight method and system for determining protocol vulnerabilities in embedded system firmware

A technology of embedded systems and embedded devices, applied in transmission systems, electrical components, computer components, etc.

Active Publication Date: 2019-03-26
CHINA ELECTRIC POWER RES INST +2
View PDF7 Cites 15 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0004] The present invention proposes a lightweight method and system for determining protocol vulnerabilities in embedded system firmware to solve the problem of how to discover protocol vulnerabilities in embedded system firmware

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Lightweight method and system for determining protocol vulnerabilities in embedded system firmware
  • Lightweight method and system for determining protocol vulnerabilities in embedded system firmware
  • Lightweight method and system for determining protocol vulnerabilities in embedded system firmware

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0038] Exemplary embodiments of the present invention will now be described with reference to the drawings; however, the present invention may be embodied in many different forms and are not limited to the embodiments described herein, which are provided for the purpose of exhaustively and completely disclosing the present invention. invention and fully convey the scope of the invention to those skilled in the art. The terms used in the exemplary embodiments shown in the drawings do not limit the present invention. In the figures, the same units / elements are given the same reference numerals.

[0039] Unless otherwise specified, the terms (including scientific and technical terms) used herein have the commonly understood meanings to those skilled in the art. In addition, it can be understood that terms defined by commonly used dictionaries should be understood to have consistent meanings in the context of their related fields, and should not be understood as idealized or over...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention discloses a lightweight method and a system for determining protocol vulnerabilities in an embedded system firmware. The method comprises the following steps: constructing a feature vector by analyzing a protocol and parsing code feature; using the constructed feature vector and a training set to train a support vector machine SVM, determining a protocol parsing code classifier modelfor identifying a protocol parsing module; using the trained protocol parsing code classifier model to identify the protocol parsing module in the firmware image code of a target system; for the identified protocol parsing module, using a dangerous code feature library to quickly scan the suspected vulnerable points of the protocol parsing module; extracting the data source paths of the vulnerable points on the basis of constructing a control flow graph, a control dependency graph, and a data dependency graph; and constructing a multi-type vulnerability mode based on a vulnerable-point-baseddata source path, and determining protocol vulnerabilities in the embedded system firmware by pattern matching. The lightweight method and the system for determining protocol vulnerabilities in the embedded system firmware can provide a technical support for network protocol security, Internet of Things / Industrial Control System security, and security testing.

Description

technical field [0001] The present invention relates to the technical fields of network protocol security, Internet of Things / industrial control system security and security testing, and more specifically, relates to a lightweight method and system for determining protocol vulnerabilities in embedded system firmware. Background technique [0002] Today, embedded systems are widely used in many applications. Firmware in embedded systems is often customized to provide a very specialized set of functions. They are prone to unusual risks, but traditional holistic program analysis is ineffective at finding vulnerabilities. First, source code and design documents are usually proprietary, so only binary firmware images are available, so static analysis is time-consuming due to lack of semantic information. However, due to the great differences in the peripherals of different embedded devices, it is extremely difficult to conduct a unified dynamic simulation analysis. In addition...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Applications(China)
IPC IPC(8): H04L29/06G06K9/62G06F21/57
CPCH04L63/1433G06F21/577G06F2221/034G06F18/2411
Inventor 王继业孙利民周亮韩丽芳朱朝阳应欢孙玉砚卢新岱缪思薇邱意民余文豪庞铖
Owner CHINA ELECTRIC POWER RES INST
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap