Unlock instant, AI-driven research and patent intelligence for your innovation.

Firmware security assessment method and system

A security and firmware technology, applied in the field of information security, can solve problems such as failure of equipment to operate according to the predetermined method, threat to the safe and stable operation of the power system, huge time and resource consumption, etc., to alleviate the consumption of time and resources, reduce work, The effect of improving work efficiency

Pending Publication Date: 2021-10-19
ELECTRIC POWER RESEARCH INSTITUTE OF STATE GRID SHANDONG ELECTRIC POWER COMPANY +1
View PDF0 Cites 0 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

Considering that the firmware usually directly interacts with the underlying hardware, if there is a security hole, it will cause the device to fail to operate as intended, and pose a very serious threat to the safe and stable operation of the power system. Therefore, it is necessary to conduct a security analysis of the firmware
However, if a complete security analysis is performed on each firmware, it will cause huge time and resource consumption. Therefore, how to provide a more efficient firmware security assessment method is a technical problem that needs to be solved

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Firmware security assessment method and system
  • Firmware security assessment method and system
  • Firmware security assessment method and system

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 1

[0032] In one or more embodiments, a firmware security assessment method is disclosed. Considering that if the firmware is initially screened and the potentially threatening firmware is selected for further security analysis, the time spent on firmware security analysis can be greatly reduced. Work, effectively improve the overall work efficiency.

[0033] Since the extracted firmware code is usually binary assembly code, it is usually composed of operation instructions and their parameters. For example, MOV%eax,[%esp+8] means adding 8 bytes to the address in the ESP register to get a new address, and then take the data from this address and write it into the EAX register, the operation instruction of the assembly code. For example, the above MOV instruction, its arrangement structure reflects the operating logic of the program to a certain extent. The higher the similarity of the operation instructions of the two assembly codes, the more similar the code functions are. If one...

Embodiment 2

[0084] In one or more implementations, a firmware security assessment system is disclosed, referring to image 3 ,include:

[0085] The data extraction module 301 is used to analyze the firmware to be tested, and extract the assembly code of the firmware to be tested;

[0086] The data comparison module 302 is used to compare the assembly code of the firmware to be tested with the assembly code of known sample firmware to obtain the similarity between the firmware to be tested and the sample firmware;

[0087] The data evaluation module 303 is configured to evaluate the security of the firmware to be tested according to the similarity and the security score of the sample firmware.

[0088] It should be noted that the specific implementation manners of the above modules have been described in detail in Embodiment 1, and will not be described in detail here.

[0089] Optionally, since the firmware to be tested needs to be compared with the sample firmware in the subsequent ste...

Embodiment 3

[0101] In one or more embodiments, a terminal device is disclosed, including a server, the server includes a memory, a processor, and a computer program stored on the memory and operable on the processor, and the processor executes the The program implements the firmware security evaluation method in the first embodiment. For the sake of brevity, details are not repeated here.

[0102] It should be understood that in this embodiment, the processor can be a central processing unit CPU, and the processor can also be other general-purpose processors, digital signal processors DSP, application specific integrated circuits ASIC, off-the-shelf programmable gate array FPGA or other programmable logic devices , discrete gate or transistor logic devices, discrete hardware components, etc. A general-purpose processor may be a microprocessor, or the processor may be any conventional processor, or the like.

[0103] The memory may include read-only memory and random access memory, and p...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention discloses a firmware security assessment method and system, and the method comprises the steps: analyzing to-be-tested firmware, and extracting an assembly code of the to-be-tested firmware; comparing the assembly code of the to-be-tested firmware with an assembly code of known sample firmware to obtain the similarity between the to-be-tested firmware and the sample firmware; and according to the similarity and the security score of the sample firmware, evaluating the security of the to-be-tested firmware. According to the method, the huge time and resource consumption caused by complete firmware security analysis on all the firmware is effectively relieved, the firmware security analysis work can be greatly reduced, and the overall working efficiency is effectively improved.

Description

technical field [0001] The invention relates to the technical field of information security, in particular to a firmware security evaluation method and system. Background technique [0002] The statements in this section merely provide background information related to the present invention and do not necessarily constitute prior art. [0003] With the continuous improvement of my country's informatization level, as a key infrastructure involving national security, the wave of informatization and intelligent construction of power systems is also developing rapidly. Subsequently, a large number of power system IoT devices have been introduced and applied to a series of important tasks such as equipment control, data acquisition, and environmental monitoring of the power grid. On the one hand, this has greatly improved the informatization and intelligence level of the power grid, but at the same time, it has also introduced a large number of information security loopholes, wh...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Applications(China)
IPC IPC(8): G06F21/57
CPCG06F21/572G06F21/577G06F2221/034
Inventor 刘冬兰刘晗王睿张昊张方哲马雷刘新郭山清李正浩陈剑飞姚洪磊焦洋于灏赵洋赵晓红赵勇吕国栋
Owner ELECTRIC POWER RESEARCH INSTITUTE OF STATE GRID SHANDONG ELECTRIC POWER COMPANY