이인혁, 박정흠, 정수은,

Vol. 34, No. 6, pp. 1307-1319, 12월. 2024
10.13089/JKIISC.2024.34.6.1307, Full Text:
Keywords: Software Security, Security infrastructure, Internet-of-Things, firmware, sbom
Abstract

The rapid proliferation of Internet of Things (IoT) devices has been accompanied by a corresponding rise in security threats. High-profile incidents, such as IP camera hacking, underscore the critical importance of ensuring IoT device security. Addressing these challenges necessitates providing analysts with comprehensive insights to characterize firmware components by version, identify inter-version differences, and assess potential vulnerabilities. This study introduces a novel methodology for generating a Bill of Materials (BOM) that considers the relationships between binaries within firmware. To support this approach, a dataset comprising 13,880 publicly available firmware samples for IoT devices was collected and analyzed. Furthermore, an automated firmware information extraction tool, FIRE (Firmware InfoRmation Extractor), was developed based on the proposed methodology. FIRE extends the concept of the Software Bill of Materials (SBOM) to generate BOMs tailored specifically for firmware. The constructed firmware dataset and the proposed methodology enable the verification of firmware components and provide actionable insights for subsequent analysis, ultimately contributing to the development of more secure IoT devices.

Statistics
Cite this article