SFtaint: Leveraging Precise Taint Source Recognition to Enhance Efficiency of Static Taint Analysis in Embedded Systems

SFtaint: Leveraging Precise Taint Source Recognition to Enhance Efficiency of Static Taint Analysis in Embedded Systems

연구 분야: Analysis

학회: SPCNC '24: Proceedings of the 3rd International Conference on Signal Processing, Computer Networks and Communications

The widespread adoption of diverse embedded devices has made our lives more convenient, yet these devices are frequently susceptible to security flaws due to the web interfaces commonly found in their firmware. These interfaces can permit unverified input to reach critical operations, potentially leading to vulnerabilities. Static taint analysis is a proven technique for detecting and addressing such vulnerabilities. Regrettably, current static taint analysis techniques struggle to accurately and completely pinpoint the origins of contamination. To tackle this challenge, we introduce SFtaint, an optimization technique for identifying taint sources in embedded devices. Based on the relationship between the front and back ends of firmware, SFtaint leverages semantic similarity to discover more taint keywords, identifies taint import functions according to the characteristics of function data flow, and checks the validity of taint sources on the path from taint keywords to sinks. We implemented a prototype of SFtaint and evaluated its effectiveness on ten IoT devices from four vendors. Compared with the current SOTA method SaTC[1], SFtaint shows better performance in taint source identification, with an increase of 154% in taint source effectiveness.