物联网设备中高阶命令注入漏洞的自动检测:动态数据流分析的模糊测试

IF 0.6 Q4 COMPUTER SCIENCE, INTERDISCIPLINARY APPLICATIONS International Journal of Digital Crime and Forensics Pub Date : 2021-11-01 DOI:10.4018/ijdcf.286755
Lei Yu, Haoyu Wang, Linyu Li, Houhua He
{"title":"物联网设备中高阶命令注入漏洞的自动检测:动态数据流分析的模糊测试","authors":"Lei Yu, Haoyu Wang, Linyu Li, Houhua He","doi":"10.4018/ijdcf.286755","DOIUrl":null,"url":null,"abstract":"Command injection vulnerabilities are among the most common and dangerous attack vectors in IoT devices. Current detection approaches can detect single-step injection vulnerabilities well by fuzzing tests. However, an attacker could inject malicious commands in an IoT device via a multi-step exploit if he first abuses an interface to store the injection payload and later use it in a command interpreter through another interface. We identify a large class of such multi-step injection attacks to address these stealthy and harmful threats and define them as higher-order command injection vulnerabilities (HOCIVs). We develop an automatic system named Request Linking (ReLink) to detect data stores that would be transferred to command interpreters and then identify HOCIVs. ReLink is validated on an experimental embedded system injected with 150 HOCIVs. According to the experimental results, ReLink is significantly better than existing command injection detection tools in terms of detection rate, test space and time.","PeriodicalId":44650,"journal":{"name":"International Journal of Digital Crime and Forensics","volume":null,"pages":null},"PeriodicalIF":0.6000,"publicationDate":"2021-11-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"1","resultStr":"{\"title\":\"Towards Automated Detection of Higher-Order Command Injection Vulnerabilities in IoT Devices: Fuzzing With Dynamic Data Flow Analysis\",\"authors\":\"Lei Yu, Haoyu Wang, Linyu Li, Houhua He\",\"doi\":\"10.4018/ijdcf.286755\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Command injection vulnerabilities are among the most common and dangerous attack vectors in IoT devices. Current detection approaches can detect single-step injection vulnerabilities well by fuzzing tests. However, an attacker could inject malicious commands in an IoT device via a multi-step exploit if he first abuses an interface to store the injection payload and later use it in a command interpreter through another interface. We identify a large class of such multi-step injection attacks to address these stealthy and harmful threats and define them as higher-order command injection vulnerabilities (HOCIVs). We develop an automatic system named Request Linking (ReLink) to detect data stores that would be transferred to command interpreters and then identify HOCIVs. ReLink is validated on an experimental embedded system injected with 150 HOCIVs. According to the experimental results, ReLink is significantly better than existing command injection detection tools in terms of detection rate, test space and time.\",\"PeriodicalId\":44650,\"journal\":{\"name\":\"International Journal of Digital Crime and Forensics\",\"volume\":null,\"pages\":null},\"PeriodicalIF\":0.6000,\"publicationDate\":\"2021-11-01\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"1\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"International Journal of Digital Crime and Forensics\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.4018/ijdcf.286755\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"Q4\",\"JCRName\":\"COMPUTER SCIENCE, INTERDISCIPLINARY APPLICATIONS\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"International Journal of Digital Crime and Forensics","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.4018/ijdcf.286755","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q4","JCRName":"COMPUTER SCIENCE, INTERDISCIPLINARY APPLICATIONS","Score":null,"Total":0}
引用次数: 1

摘要

命令注入漏洞是物联网设备中最常见和最危险的攻击媒介之一。现有的检测方法可以通过模糊测试很好地检测出单步注入漏洞。但是,如果攻击者首先滥用接口来存储注入有效载荷,然后通过另一个接口在命令解释器中使用它,则攻击者可以通过多步骤漏洞在物联网设备中注入恶意命令。我们确定了一大类这样的多步骤注入攻击来解决这些隐形和有害的威胁,并将其定义为高阶命令注入漏洞(hociv)。我们开发了一个名为请求链接(ReLink)的自动系统,用于检测将传输给命令解释器的数据存储,然后识别HOCIVs。ReLink在一个注入150个hociv的实验性嵌入式系统上进行了验证。实验结果表明,ReLink在检测率、测试空间和时间上都明显优于现有的命令注入检测工具。
本文章由计算机程序翻译,如有差异,请以英文原文为准。
查看原文
分享 分享
微信好友 朋友圈 QQ好友 复制链接
本刊更多论文
Towards Automated Detection of Higher-Order Command Injection Vulnerabilities in IoT Devices: Fuzzing With Dynamic Data Flow Analysis
Command injection vulnerabilities are among the most common and dangerous attack vectors in IoT devices. Current detection approaches can detect single-step injection vulnerabilities well by fuzzing tests. However, an attacker could inject malicious commands in an IoT device via a multi-step exploit if he first abuses an interface to store the injection payload and later use it in a command interpreter through another interface. We identify a large class of such multi-step injection attacks to address these stealthy and harmful threats and define them as higher-order command injection vulnerabilities (HOCIVs). We develop an automatic system named Request Linking (ReLink) to detect data stores that would be transferred to command interpreters and then identify HOCIVs. ReLink is validated on an experimental embedded system injected with 150 HOCIVs. According to the experimental results, ReLink is significantly better than existing command injection detection tools in terms of detection rate, test space and time.
求助全文
通过发布文献求助,成功后即可免费获取论文全文。 去求助
来源期刊
International Journal of Digital Crime and Forensics
International Journal of Digital Crime and Forensics COMPUTER SCIENCE, INTERDISCIPLINARY APPLICATIONS-
CiteScore
2.70
自引率
0.00%
发文量
15
期刊最新文献
Efficient Task Offloading for Mobile Edge Computing in Vehicular Networks Examining the Behavior of Web Browsers Using Popular Forensic Tools Laboratory Dangerous Operation Behavior Detection System Based on Deep Learning Algorithm A Novel Watermarking Scheme for Audio Data Stored in Third Party Servers Assurance of Network Communication Information Security Based on Cyber-Physical Fusion and Deep Learning
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
现在去查看 取消
×
提示
确定
0
微信
客服QQ
Book学术公众号 扫码关注我们
反馈
×
意见反馈
请填写您的意见或建议
请填写您的手机或邮箱
已复制链接
已复制链接
快去分享给好友吧!
我知道了
×
扫码分享
扫码分享
Book学术官方微信
Book学术文献互助
Book学术文献互助群
群 号:481959085
Book学术
文献互助 智能选刊 最新文献 互助须知 联系我们:info@booksci.cn
Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。
Copyright © 2023 Book学术 All rights reserved.
ghs 京公网安备 11010802042870号 京ICP备2023020795号-1