Anatomist: Enhanced Firmware Vulnerability Discovery Based on Program State Abnormality Determination with Whole-System Replay

  1. Home
  2. search page
  3. paper

Anatomist: Enhanced Firmware Vulnerability Discovery Based on Program State Abnormality Determination with Whole-System Replay

연구 분야: Strategies

논문 키워드: #vulnerabilities #internet #corruption #crashes #dangerous

학회: International Conference on Information Security

초록

With the widespread deployment of Internet of Things (IoT) devices, firmware vulnerabilities can result in considerable damage. However, existing firmware fuzzing methods, which rely on program exception signals, can only find memory corruption vulnerabilities that lead to program crashes. Fuzzing also misses vulnerabilities that exist in the execution path but are not triggered. To solve this problem, we propose Anatomist, the first enhanced firmware vulnerability discovery method based on program state abnormality determination with whole-system replay. The Anatomist first identifies the dangerous operation candidates during whole-system replay. Using single-path symbolic tracing, Anatomist determines whether the program states of dangerous operation candidates are abnormal. Also, Anatomist identifies vulnerabilities on the execution path based on program state abnormality determination. We implemented Anatomist and compared the results of Anatomist with those of FirmAFL, the most advanced firmware vulnerability discovery method, on the FirmAFL dataset. The experimental results showed that Anatomist increased the vulnerability discovery speed by 741.64% on average. Additionally, Anatomist successfully found 3 0-day vulnerabilities in 3 firmware, including 2 memory corruption vulnerabilities and 1 logic vulnerability. The experimental results demonstrated that Anatomist augments firmware vulnerability discovery in two aspects. Anatomist can detect untriggered vulnerabilities on the execution path that are missed by fuzzing. In addition, Anatomist can also identify logic vulnerabilities that cannot be detected by fuzzing.

Author Profile
Runhao Liu

College of Computer National University of Defense Technology Changsha China

China
Author Profile
Bo Yu

College of Computer National University of Defense Technology Changsha China

China
Author Profile
Baosheng Wang

College of Computer National University of Defense Technology Changsha China

China

📄 논문 정보

발행 연도 2022년
인용수 0
출판 국가 China
사이트 Springer
좋아요 수 0

연관 논문 목록 (255건)

Major Vulnerabilities of Web Application in Real World Scenarios and Their Prevention
저자: Basheer Riskhan , Md Amin Ullah Sheikh , Md Shakil Hossain , Khalid Hussain , Zurinahni Zainol , N Zaman Jhanjh
키워드: #vulnerabilities #security #attackers #forgery #misconfigurations
파트: Strategies | 연도: 2025
Precision-guided Smart Contract Fuzzing by static Analyses
저자: Tianyi Zhang , Qi Xia , Jianbin Gao , Hu Xia
키워드: #vulnerabilities #fuzzer #smartfuzz #fuzz #fuzzing
파트: Strategies | 연도: 2025
SSRFSeek: An LLM-based Static Analysis Framework for Detecting SSRF Vulnerabilities in PHP Applications
저자: Yuan Zhou , Enze Wang , Shuoyoucheng Ma
키워드: #vulnerabilities #web #forgery #taint #shortcomings
파트: Strategies | 연도: 2025
Anomaly Detection Services for Blockchain Smart Contracts with Unknown Vulnerabilities
저자: Chunhong Liu , Zihang Sang , Li Duan , Jingxiong Wang , Wei Ni , Wei Wang
키워드: #vulnerabilities #security #economic #anomalies #anomalous
파트: Strategies | 연도: 2025
CSAFuzzer: Fuzzing smart contracts combining with static analysis
저자: Jiahui Yang , Xiangfu Zhao , Hanfeng Zhang , Long He , Shiji Wang , Naixiang Gou
키워드: #vulnerabilities #bugs #hackers #blockchain #csafuzzer
파트: Strategies | 연도: 2025
Cyber defense in OCPP for EV charging security risks
저자: Safa Hamdare , David J. Brown , Devki Nandan Jha , Mohammad Aljaidi , Yue Cao , Sushil Kumar , Rupak Kharel , Manish Jugran , Omprakash Kaiwartya
키워드: #vulnerabilities #cyber #electric #mitigation #authentication
파트: Strategies | 연도: 2025
Poster Abstract: Time Attacks using Kernel Vulnerabilities
저자: Muhammad Abdullah Soomro , Adeel Nasrullah , Fatima Muhammad Anwar
키워드: #vulnerabilities #randomized #mitigation #timekeeping #disrupting
파트: Strategies | 연도: 2025
Designing and Optimizing Alignment Datasets for IoT Security: A Synergistic Approach with Static Analysis Insights
저자: Ahmad Al-Zuraiqi , Des Greer
키워드: #optimize #vulnerabilities #security #hard #mitigation
파트: Strategies | 연도: 2025
Identifying factors influencing the duration of zero-day vulnerabilities
저자: Yaman Roumani
키워드: #vulnerabilities #cyber #threats #weaknesses #damage
파트: Strategies | 연도: 2025
Vulnerability Repair via Concolic Execution and Code Mutations
저자: Abhik Roychoudhury , Ridwan Salihin Shariffdeen , Christopher Steven Timperley , Yannic Noller , Claire Le Goues
키워드: #vulnerabilities #automated #mutations #crashrepair #repairs
파트: Strategies | 연도: 2025