信息安全研究第10卷第1期2024年1月JournalotinformationSecurityResearchVol.10No.1Jan.2024DOl:10.12379/j.issn.2096-1057.2024.01.07基于静态分析和模糊测试的路由器漏洞检测方法王洪义1(南京邮电大学计算机学院、软件学院、网络空间安全学院南京210023)2(江苏省无线传感网高技术研究重点实验室南京210023)(hongyi0228@163.com)RouterVulnerabilityDetectionMethodBasedonStaticAnalysisandFuzzing沙乐天2WangHongyi'andShaLetianl.?1(SchoolofComputerScience,NanjingUniversityofPostsandTelecomunications,Nanjing210023)2(JiangsuHighTechnologyResearchKeyLaboratoryforWirelessSensorNetvorks,Nanjing210023)AbstractNetworkattackstargetingrouterdevicesoftenhaveseriousconsequences.Fuzzingtestingisaneffectivemethodtodetectsecurityvulnerabilitiesinrouterdevices.However,withoutsufficientanalysisofthefirmwareofthetargetdevice,fuzzytestingisoftenblindandineffective.Inthispaper,weproposeamethodofusingstaticanalysisassistedfuzzytestingtodetectvulnerabilitiesinrouterdevices.Specifically,theresultsgeneratedbystaticanalysisareusedtoconstructmoreeffectivetestcasestofuzzthewebinterfaceoftherouterdevice.Ouropinionisthatthereisalotofusefulinformationhiddenintherouterfirmware.Weusestaticanalysistoextractthepossibleloopholesintheprogramcodetobuildtestcasesandimprovetheefficiencyoffuzzing.Weimplementedaprototypesystemandtestediton46routerfirmwarefrom4mainstreamroutervendors,andfound16vulnerabilities,4ofwhichwereO-dayvulnerabilities.Theresultsshowthatoursystemcandetectvulnerabilitiesthatcannotbedetectedbyexistingvulnerabilitydetectiontoolscomparedtoadvancedautomatedvulnerabilityminingmethods.Keywordsstaticanalysis;fuzzing;firmware;vulnerabilitymining;Webinterface摘要针对路由器设备的网络攻击往往会造成严重后果,模糊测试是检测路由器设备安全漏洞的有效方法.然而,如果没有对目标设备的固件进行足够的分析,模糊测试往往是盲目和无效的.提出一种使用静态分析辅助模糊测试对路由器设备进行漏洞检测的方法.具体来讲,就是通过静态分析生成的结果指导测试用例的变异来对路由器设备的Web接口进行模糊测试.路由器固件中隐藏着大量有用的信息,通过静态分析提取...
