데이터 흐름분석을 통한 심볼이 제거된 임베디드 시스템의 취약점 탐지

Vol. 35, No. 2, pp. 287-298, 4월. 2025
10.13089/JKIISC.2025.35.2.287, Full Text:
Keywords: firmware, Static Analysis, Binary Similarity
Abstract

Detecting vulnerabilities in IoT firmware using traditional static analysis methods faces challenges in scalability and accuracy when dealing with binaries that are stripped of symbols or not statically linked. Our investigation of 88 firmware samples revealed that vendors often utilize the same SDK. Leveraging this characteristic, our research employs binary diffing and reaching definition analysis to identify source functions, uncovering bugs that conventional static analysis tools may miss. In addition to existing studies, we created a new dataset for testing and cover five CVEs and uncover four new vulnerabilities. The results demonstrate that our approach effectively identifies critical vulnerabilities.

Statistics
Show / Hide Statistics

Statistics (Cumulative Counts from December 1st, 2017)
Multiple requests among the same browser session are counted as one view.
If you mouse over a chart, the values of data points will be shown.


Cite this article
[IEEE Style]
박성준, 박상준, 조해현, 서창배, 류한얼, 조병모, "Detecting Vulnerabilities in Symbol-Deprived Embedded Systems with Data Flow Analysis," Journal of The Korea Institute of Information Security and Cryptology, vol. 35, no. 2, pp. 287-298, 2025. DOI: 10.13089/JKIISC.2025.35.2.287.

[ACM Style]
박성준, 박상준, 조해현, 서창배, 류한얼, and 조병모. 2025. Detecting Vulnerabilities in Symbol-Deprived Embedded Systems with Data Flow Analysis. Journal of The Korea Institute of Information Security and Cryptology, 35, 2, (2025), 287-298. DOI: 10.13089/JKIISC.2025.35.2.287.