| 摘要: |
| 随着物联网技术的兴起,物联网设备固件扮演越来越重要的作用。不幸的是,物联网设备固件在现实世界中仍然存在许多漏洞。近年来,物联网设备固件的安全性受到了广泛关注。对物联网设备固件进行安全测试主要包括静态分析和动态分析两种基本方法。最近,物联网设备固件的自动化动态分析取得了实质性进展。然而,一方面,由于固件的环境依赖关系复杂等,现有的动态分析技术仍然相当有限;另一方面,物联网设备数量的快速增长也使得动态分析难以适应大规模估计分析。与动态分析相比,静态分析在不实际执行固件代码的情况下分析代码,因此对于测试大规模物联网设备固件来说,静态分析是一种更实用、更经济的选择。虽然物联网设备的快速增长对二进制静态分析提出了新的需求,但二进制静态分析本身也面临着诸多挑战。与发展非常成熟的源代码静态分析技术相比,二进制静态分析发展缓慢。主要是因为二进制程序丢失了变量的符号名、数据类型和数据结构信息,这使得现有的基于源代码的数据流分析和指向分析技术无法直接复用于二进制分析。例如基于访问路径的按需别名分析技术。此外,设备固件中指令架构的多样性和大量的间接调用也给二进制静态分析带来了新的挑战。针对这些挑战,研究者们提出了多种二进制静态分析技术。本文以静态分析的基本原理为基础,从数据流分析、别名分析、符号执行和静态污点分析4个方面介绍目前二进制静态分析技术的研究现状和进展。最后,本文对今后该领域的研究重点和方向进行讨论和展望。 |
| 关键词: 二进制程序静态分析 数据流分析 别名分析 符号执行 静态污点分析 物联网设备 |
| DOI:10.19363/J.cnki.cn10-1380/tn.2026.01.18 |
| 投稿时间:2020-12-09修订日期:2021-02-22 |
| 基金项目:广东省重点研发计划(No.2019B010137004); 国家自然科学基金联合基金项目(No.U1766215)资助。 |
|
| A Survey of Static Analysis Techniques of Binary Code |
| CHENG Kai,SONG Zhanwei,LIU Mingdong,YU Nan,ZHU Hongsong,SUN Limin |
| School of Cyber Security, University of Chinese Academy of Sciences, Beijing 100049, China;Beijing Key Laboratory of IOT Information Security Technology, Institute of Information Engineering, Chinese Academy of Sciences, Beijing 100093, China |
| Abstract: |
| With the emerging of the Internet of Things(IoT) technologies, IoT device firmware is nowadays playing an increasingly important role. Unfortunately, Io T device firmware still suffers from a number of vulnerabilities in the real world. Recently, the security of IoT device firmware has gained widespread attention. To test the real-world IoT device firmware, static analysis and dynamic analysis are two basic approaches. Recently, substantial progress has been made on automated dynamic analysis of IoT device firmware. However, on the one hand, existing dynamic analysis techniques are still quite limited due to reasons such as complex environment dependencies of the firmware. On the other hand, the rapid growth of the number of IoT devices also makes dynamic analysis difficult to adapt to large-scale analysis. Compared to dynamic analysis, static analysis tests the code without actually executing it, and thus is a more practical and economical option for testing large-scale IoT device firmware. Although the rapid growth of IoT devices brings new demands for binary static analysis, binary static analysis itself has many challenges. Binary static analysis is slow to develop compared to the very mature static analysis techniques for source code. This is mainly because binary programs lose symbol names, data types, and data structure information of variables, which makes the existing source-based data-flow analysis and pointer-to analysis techniques unable to be reused directly in binary analysis. An example is on-demand alias analysis based on access path. In addition, the diversity of instruction architectures in device firmware and thehe large number of indirect calls also bring new challenges to binary static analysis. To address these challenges, researchers have proposed a variety of binary static analysis techniques. Based on the basic principles of static analysis, we will introduce and summarize the binary static analysis techniques from aspects of data-flow analysis, alias analysis, symbolic execution, and static taint analysis. Finally, we will discuss the research focus and direction in the future. |
| Key words: binary static analysis data-flow analysis alias analysis symbolic execution static taint analysis Internet of Things devices |
