物联网设备中高阶命令注入漏洞的自动检测:动态数据流分析的模糊测试

IF 0.6 Q4 COMPUTER SCIENCE, INTERDISCIPLINARY APPLICATIONS

International Journal of Digital Crime and Forensics Pub Date : 2021-11-01 DOI:10.4018/ijdcf.286755

Lei Yu, Haoyu Wang, Linyu Li, Houhua He

{"title":"物联网设备中高阶命令注入漏洞的自动检测:动态数据流分析的模糊测试","authors":"Lei Yu, Haoyu Wang, Linyu Li, Houhua He","doi":"10.4018/ijdcf.286755","DOIUrl":null,"url":null,"abstract":"Command injection vulnerabilities are among the most common and dangerous attack vectors in IoT devices. Current detection approaches can detect single-step injection vulnerabilities well by fuzzing tests. However, an attacker could inject malicious commands in an IoT device via a multi-step exploit if he first abuses an interface to store the injection payload and later use it in a command interpreter through another interface. We identify a large class of such multi-step injection attacks to address these stealthy and harmful threats and define them as higher-order command injection vulnerabilities (HOCIVs). We develop an automatic system named Request Linking (ReLink) to detect data stores that would be transferred to command interpreters and then identify HOCIVs. ReLink is validated on an experimental embedded system injected with 150 HOCIVs. According to the experimental results, ReLink is significantly better than existing command injection detection tools in terms of detection rate, test space and time.","PeriodicalId":44650,"journal":{"name":"International Journal of Digital Crime and Forensics","volume":null,"pages":null},"PeriodicalIF":0.6000,"publicationDate":"2021-11-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"1","resultStr":"{\"title\":\"Towards Automated Detection of Higher-Order Command Injection Vulnerabilities in IoT Devices: Fuzzing With Dynamic Data Flow Analysis\",\"authors\":\"Lei Yu, Haoyu Wang, Linyu Li, Houhua He\",\"doi\":\"10.4018/ijdcf.286755\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Command injection vulnerabilities are among the most common and dangerous attack vectors in IoT devices. Current detection approaches can detect single-step injection vulnerabilities well by fuzzing tests. However, an attacker could inject malicious commands in an IoT device via a multi-step exploit if he first abuses an interface to store the injection payload and later use it in a command interpreter through another interface. We identify a large class of such multi-step injection attacks to address these stealthy and harmful threats and define them as higher-order command injection vulnerabilities (HOCIVs). We develop an automatic system named Request Linking (ReLink) to detect data stores that would be transferred to command interpreters and then identify HOCIVs. ReLink is validated on an experimental embedded system injected with 150 HOCIVs. According to the experimental results, ReLink is significantly better than existing command injection detection tools in terms of detection rate, test space and time.\",\"PeriodicalId\":44650,\"journal\":{\"name\":\"International Journal of Digital Crime and Forensics\",\"volume\":null,\"pages\":null},\"PeriodicalIF\":0.6000,\"publicationDate\":\"2021-11-01\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"1\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"International Journal of Digital Crime and Forensics\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.4018/ijdcf.286755\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"Q4\",\"JCRName\":\"COMPUTER SCIENCE, INTERDISCIPLINARY APPLICATIONS\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"International Journal of Digital Crime and Forensics","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.4018/ijdcf.286755","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q4","JCRName":"COMPUTER SCIENCE, INTERDISCIPLINARY APPLICATIONS","Score":null,"Total":0}

引用次数: 1

摘要

命令注入漏洞是物联网设备中最常见和最危险的攻击媒介之一。现有的检测方法可以通过模糊测试很好地检测出单步注入漏洞。但是，如果攻击者首先滥用接口来存储注入有效载荷，然后通过另一个接口在命令解释器中使用它，则攻击者可以通过多步骤漏洞在物联网设备中注入恶意命令。我们确定了一大类这样的多步骤注入攻击来解决这些隐形和有害的威胁，并将其定义为高阶命令注入漏洞(hociv)。我们开发了一个名为请求链接(ReLink)的自动系统，用于检测将传输给命令解释器的数据存储，然后识别HOCIVs。ReLink在一个注入150个hociv的实验性嵌入式系统上进行了验证。实验结果表明，ReLink在检测率、测试空间和时间上都明显优于现有的命令注入检测工具。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

查看原文本刊更多论文

Towards Automated Detection of Higher-Order Command Injection Vulnerabilities in IoT Devices: Fuzzing With Dynamic Data Flow Analysis

Command injection vulnerabilities are among the most common and dangerous attack vectors in IoT devices. Current detection approaches can detect single-step injection vulnerabilities well by fuzzing tests. However, an attacker could inject malicious commands in an IoT device via a multi-step exploit if he first abuses an interface to store the injection payload and later use it in a command interpreter through another interface. We identify a large class of such multi-step injection attacks to address these stealthy and harmful threats and define them as higher-order command injection vulnerabilities (HOCIVs). We develop an automatic system named Request Linking (ReLink) to detect data stores that would be transferred to command interpreters and then identify HOCIVs. ReLink is validated on an experimental embedded system injected with 150 HOCIVs. According to the experimental results, ReLink is significantly better than existing command injection detection tools in terms of detection rate, test space and time.

求助全文

通过发布文献求助，成功后即可免费获取论文全文。去求助

来源期刊

International Journal of Digital Crime and Forensics COMPUTER SCIENCE, INTERDISCIPLINARY APPLICATIONS-

CiteScore

2.70

自引率

0.00%

发文量