| 引用本文: |
-
焦卫华,李清宝,李希龙,陈志锋,张贵民,姚伟平,曹飞.MCU安全及模糊测试研究综述[J].信息安全学报,已采用 [点击复制]
- jiaoweihua,liqingbao,lixilong,chenzhifeng,zhangguimin,yaoweiping,caofei.A Review of MCU Security and Fuzzing Research[J].Journal of Cyber Security,Accept [点击复制]
|
|
| |
|
|
| 本文已被:浏览 30次 下载 0次 |
|
| MCU安全及模糊测试研究综述 |
|
焦卫华, 李清宝, 李希龙, 陈志锋, 张贵民, 姚伟平, 曹飞
|
|
|
| (信息工程大学) |
|
| 摘要: |
| 微控制器(Microcontroller Units,MCU)是众多嵌入式设备的核心以及复杂电子设备的控制单元。然而,由于计算性能低、开发成本有限以及固件更新不及时等原因的限制,MCU的安全性面临着严峻的考验。随着MCU的应用逐渐渗透到各个关键领域,其存在的安全脆弱性为网络空间安全带来了严重威胁。因此,开展MCU安全性分析及安全测试至关重要。模糊测试技术作为一种高效的安全性动态测试方法,在MCU的系统层安全测试和应用层安全测试方面发挥着重要作用。近些年,研究人员提出了一些优秀的MCU模糊测试工具和方法。然而,由于MCU的硬件架构、固件类型以及外部设备均具有多样性,导致这些测试方法分类多且技术路线繁杂。为了帮助读者更加深入全面地理解MCU安全及测试技术,本文围绕MCU模糊测试技术分析和总结了国内外典型的和最新的研究成果,系统分析相关研究进展。这是首个聚焦于MCU安全及模糊测试的综述性研究。首先,本文介绍了模糊测试的概念、MCU的架构、固件类型以及MCU在三个层次上暴露的攻击面,结合MCU的特点分析了MCU模糊测试在硬件依赖性、测试反馈以及测试效率等方面所面临的挑战。然后,介绍了基于硬件、硬件在环以及全仿真的三类MCU模糊测试方法,并且对三类方法的典型研究成果的优势和局限性进行了总结分析。其次,分析了MCU模糊测试在动态错误检测方面所面临的挑战,以及插桩和Sanitizer技术在协助MCU模糊测试实现信息反馈与错误检测方面的应用。最后,总结分析了MCU安全性研究的两个发展趋势以及未来的研究方向。 |
| 关键词: MCU 模糊测试 固件 安全 |
| DOI: |
| 投稿时间:2025-05-15修订日期:2025-08-19 |
| 基金项目:国家重点基础研究发展计划(973计划) |
|
| A Review of MCU Security and Fuzzing Research |
|
jiaoweihua, liqingbao, lixilong, chenzhifeng, zhangguimin, yaoweiping, caofei
|
| (Information Engineering University) |
| Abstract: |
| Microcontroller Units (MCUs) are the core of many embedded devices and the control units of complex electronic equipment. However, due to low computational performance, limited development cost, and untimely firmware updates, the security of MCUs is facing significant challenges. Cyberspace security is seriously threatened by MCU's vulnerabilities as its application progressively expands into various vital domains. Therefore, it is crucial to carry out security analysis and testing for MCUs. Fuzzing, as an efficient dynamic testing method for security, plays a crucial role in system-level and application-level security testing of MCUs. In recent years, researchers have proposed some excellent fuzzing methods and fuzzers for MCUs. However, due to the diversity of MCU hardware architectures, firmware types, and external devices, the methods used in these studies are diverse and confusingly categorized. In order to help readers have a more in-depth and comprehensive understanding of MCU security and test technology, this paper summarizes the typical and recent research results, and systematically analyzes the related research progress around MCU fuzzing. To our knowledge, this is the first review article focusing on MCU security and MCU fuzzing. Firstly, this paper introduces the concept of fuzzing, the architecture of MCU, firmware types and the attack surface exposed by MCU at three levels. The challenges faced by MCU fuzzing in terms of hardware dependency, test feedback, accuracy, and efficiency are analyzed based on the characteristics of MCUs. Then, three types of MCU fuzzing methods are introduced, including hardware-based test, hardware-in-the-loop test, and full simulation test. Furthermore, the advantages and limitations of typical research results of the three types of methods were analyzed. Next, we analyzed the challenges faced by MCU fuzzing in dynamic error detection, as well as the application of Instrumentation and Sanitizer in assisting MCU fuzzing to achieve information feedback and error detection is introduced. Finally, we summarize two trends and future directions of MCU security research. |
| Key words: microcontroller unit fuzzing firmware security |
|
|
|
|
|
