VulHunter: A Discovery for Unknown Bugs Based on Analysis for Known Patches in Industry Internet of Things

With Industry 4.0 or Internet of Things (IoT) era coming, security problem plays a key role in Industry Internet of Things (IIoT), especially vulnerability discovery and analysis. However, how to discover some new bugs or vulnerabilities based on analysis for known patches is an open issue. To our best knowledge, few effective methods are established, especially for vulnerabilities in software or firmware of IIoT. In order to deal with these problems, we propose VulHunter, a discovery for unknown vulnerabilities based on analysis for known vulnerability patch packs in IIoT. Some new algorithms in binary comparison, pack extractor and background semantic solver are designed and realized in this paper. To verify our proposal, experimental tests are verified in a large number of vulnerabilities in IIoT applications and devices, and test results demonstrated that we can discover some new bugs based on analysis for known patch pack as expected, some of which can be picked to report CVE list.

[1]  Jonathon T. Giffin,et al.  Static detection of C++ vtable escape vulnerabilities in binary code , 2012, NDSS.

[2]  Xuxian Jiang,et al.  AutoPaG: towards automated software patch generation with source code root cause identification and repair , 2007, ASIACCS '07.

[3]  Aurélien Francillon,et al.  A Large-Scale Analysis of the Security of Embedded Firmwares , 2014, USENIX Security Symposium.

[4]  Jing Zhang,et al.  Fast Detection of Transformed Data Leaks , 2016, IEEE Transactions on Information Forensics and Security.

[5]  Tianjie Cao,et al.  Collecting Sensitive Information from Windows Physical Memory , 2009, J. Comput..

[6]  Yunhao Liu,et al.  Peer-to-Peer Indoor Navigation Using Smartphones , 2017, IEEE Journal on Selected Areas in Communications.

[7]  Ding Yuan,et al.  How do fixes become bugs? , 2011, ESEC/FSE '11.

[8]  Dawn Xiaodong Song,et al.  TaintEraser: protecting sensitive data leaks using application-level taint tracking , 2011, OPSR.

[9]  Yunhao Liu,et al.  Incentives for Mobile Crowd Sensing: A Survey , 2016, IEEE Communications Surveys & Tutorials.

[10]  Jonas Zaddach Embedded devices security and firmware reverse engineering , 2013 .

[11]  Yingshu Li,et al.  Collective Data-Sanitization for Preventing Sensitive Information Inference Attacks in Social Networks , 2018, IEEE Transactions on Dependable and Secure Computing.

[12]  Djamal Zeghlache,et al.  Trust management system design for the Internet of Things: A context-aware and multi-service approach , 2013, Comput. Secur..

[13]  Tal Garfinkel,et al.  Shredding Your Garbage: Reducing Data Lifetime Through Secure Deallocation , 2005, USENIX Security Symposium.

[14]  Mianxiong Dong,et al.  Securing distributed storage for Social Internet of Things using regenerating code and Blom key agreement , 2015, Peer Peer Netw. Appl..

[15]  Haibo Chen,et al.  Why software hangs and what can be done with it , 2010, 2010 IEEE/IFIP International Conference on Dependable Systems & Networks (DSN).

[16]  Johan Karlsson,et al.  Software Mechanisms for Tolerating Soft Errors in an Automotive Brake-Controller , 2009, DSN 2009.

[17]  Zhenkai Liang,et al.  Identifying and Analyzing Pointer Misuses for Sophisticated Memory-corruption Exploit Diagnosis , 2012, NDSS.

[18]  Guofei Gu,et al.  TaintScope: A Checksum-Aware Directed Fuzzing Tool for Automatic Software Vulnerability Detection , 2010, 2010 IEEE Symposium on Security and Privacy.

[19]  Yunhao Liu,et al.  STPP: Spatial-Temporal Phase Profiling-Based Method for Relative RFID Tag Localization , 2017, IEEE/ACM Transactions on Networking.

[20]  Minyi Guo,et al.  LSCD: A Low-Storage Clone Detection Protocol for Cyber-Physical Systems , 2016, IEEE Transactions on Computer-Aided Design of Integrated Circuits and Systems.

[21]  Gary McGraw,et al.  An automated approach for identifying potential vulnerabilities in software , 1998, Proceedings. 1998 IEEE Symposium on Security and Privacy (Cat. No.98CB36186).

[22]  Ralf-Philipp Weinmann,et al.  Baseband Attacks: Remote Exploitation of Memory Corruptions in Cellular Protocol Stacks , 2012, WOOT.

[23]  Ramayya Krishnan,et al.  An Empirical Analysis of Software Vendors' Patch Release Behavior: Impact of Vulnerability Disclosure , 2010, Inf. Syst. Res..

[24]  David Brumley,et al.  Automatic Patch-Based Exploit Generation is Possible: Techniques and Implications , 2008, 2008 IEEE Symposium on Security and Privacy (sp 2008).

[25]  Felix Wortmann,et al.  Internet of Things , 2015, Business & Information Systems Engineering.

[26]  Hovav Shacham,et al.  Mouse Trap: Exploiting Firmware Updates in USB Peripherals , 2014, WOOT.

[27]  David A. Wagner,et al.  Dynamic Test Generation to Find Integer Bugs in x86 Binary Linux Programs , 2009, USENIX Security Symposium.

[28]  Wenhua Wang,et al.  A combinatorial approach to detecting buffer overflow vulnerabilities , 2011, 2011 IEEE/IFIP 41st International Conference on Dependable Systems & Networks (DSN).

[29]  Zhendong Su,et al.  Has the bug really been fixed? , 2010, 2010 ACM/IEEE 32nd International Conference on Software Engineering.

[30]  Ricardo Neisse,et al.  A Model-Based Security Toolkit for the Internet of Things , 2014, 2014 Ninth International Conference on Availability, Reliability and Security.

[31]  Minyi Guo,et al.  Mobile Target Detection in Wireless Sensor Networks With Adjustable Sensing Frequency , 2016, IEEE Systems Journal.

[32]  Jeffrey R. Jones,et al.  Estimating Software Vulnerabilities , 2007, IEEE Security & Privacy.