软件导刊2025,Vol.24Issue(3):109-118,10.DOI:10.11907/rjdk.241264
指针分析技术驱动的物联网漏洞挖掘方法
A Vulnerability Mining Method for the Internet of Things Driven by Pointer Analysis Technology
摘要
Abstract
IoT vulnerability mining mainly targets binary programs with unknown source code,but there is a significant amount of manual au-diting work that urgently requires a highly automated process for guidance.In the field of static analysis technology,pointer analysis,as an un-derlying technology,has shown the potential to adapt to various application scenarios with its highly automated analysis process and excellent results.By leveraging the advantages of pointer analysis and relying on the disassembly platform Ghidra,the introduced P-code is encapsulat-ed to form PIR;Then,based on PIR,we designed pointer analysis algorithms and taint analysis algorithms that meet the requirements of vul-nerability mining,and ultimately implemented an extensible analysis framework.The performance test results for CWE78 vulnerability detec-tion show that the proposed framework correctly detects most vulnerabilities.Compared with existing vulnerability analysis tools,the vulnera-bility detection rate has increased by 86.2%and the time efficiency has increased by 38.7%.This framework not only verifies known vulnerabil-ities,but also has the ability to discover new vulnerabilities.关键词
漏洞挖掘/P-code/指针分析/污点分析Key words
vulnerability mining/P-code/pointer analysis/taint analysis分类
信息技术与安全科学引用本文复制引用
时启亮,沙乐天,潘家晔..指针分析技术驱动的物联网漏洞挖掘方法[J].软件导刊,2025,24(3):109-118,10.基金项目
国家自然科学基金面上项目(62072253) (62072253)
