Automated Vulnerability Discovery and Exploitation in the Internet of Things

Wang, Zhongru; Zhang, Yuntao; Tian, Zhihong; Ruan, Qiang; Liu, Tong; Wang, Haichen; Liu, Zhehui; Lin, Jiao; Fang, Binxing; Shi, Wei

doi:10.3390/s19153362

Cited by 10 publications

(12 citation statements)

References 48 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Their approach is based on a brute-force process to generate messages automatically and a mutation-based algorithm to generate structure valid messages. Fuzzing testing is also considered in Reference [186] to discover new vulnerabilities by mutating test cases that represent a valid attack path for a vulnerability. Moreover, in Reference [123], different CoAP implementations are tested through several fuzzing testing techniques by modeling a CoAP packet.…”

Section: Security Testing: Analysis and Applicability To The Iot Contextmentioning

confidence: 99%

A Survey of Cybersecurity Certification for the Internet of Things

et al. 2020

View full text Add to dashboard Cite

In recent years, cybersecurity certification is gaining momentum as the baseline to build a structured approach to mitigate cybersecurity risks in the Internet of Things (IoT). This initiative is driven by industry, governmental institutions, and research communities, which have the goal to make IoT more secure for the end-users. In this survey, we analyze the current cybersecurity certification schemes, as well as the potential challenges to make them applicable for the IoT ecosystem. We also examine current efforts related to risk assessment and testing processes, which are widely recognized as the processes to build a cybersecurity certification framework. Our work provides a multidisciplinary perspective of a possible IoT cybersecurity certification framework by integrating research and technical tools and processes with policies and governance structures, which are analyzed against a set of identified challenges. This survey is intended to give a comprehensive overview of cybersecurity certification to facilitate the definition of a framework that fits in emerging scenarios, such as the IoT paradigm.

show abstract

Section: Security Testing: Analysis and Applicability To The Iot Contextmentioning

confidence: 99%

A Survey of Cybersecurity Certification for the Internet of Things

et al. 2020

View full text Add to dashboard Cite

show abstract

“…Ref. [29] analyze the characteristics of vulnerabilities and then propose to generate EXPs via the use of several proposed attack techniques that can produce a shell based on the detected vulnerabilities.…”

Section: Automatic Exploit Generationmentioning

confidence: 99%

AEMB: An Automated Exploit Mitigation Bypassing Solution

et al. 2021

View full text Add to dashboard Cite

Modern operating systems set exploit mitigations to thwart the exploit, which has also become a barrier to automated exploit generation (AEG). Many current AEG solutions do not fully account for exploit mitigations, and as a result, they are unable to accurately assess the exploitability of vulnerabilities in such settings.This paper proposes AEMB , an automated solution for bypassing exploit mitigations and generating useable exploits (EXPs). Initially, AEMB identifies exploit mitigations in the system based on characteristics of the program execution environment . Then, AEMB implements exploit mitigations bypassing the payload generation by modeling expert experience and constructs the corresponding constraints. Next, during the program’s execution, AEMB uses symbol execution to collect symbol information and create exploit constraints. Finally, AEMB utilizes a solver to solve the constraints, including payload constraints and exploit constraints, to generate the EXP. In this paper, we evaluated a prototype of AEMB on six test programs and seven real-world applications. Furthermore, we conducted 54 sets of experiments on six different combinations of exploit mitigations. Experiment results indicate that AEMB can automatically overcome exploit mitigations and produce successful exploits for 11 out of 13 applications.

show abstract

“…Therefore, a significant problem is determining how to produce sufficient testinputs. As mentioned in Section IV, there are two approaches in the test-input generation for fuzzers: a mutation-based approach which produces test-inputs according to the random mutation of the test-input files, or the use of predefined L Intriguer [140] L [141] AutoDES [142] L SHFuzz [143] L HFL [144] L FIoT [145] L BugMiner [146] L…”

Section: B Test-input Generationmentioning

confidence: 99%

“…al. [125] VUzzer [50] DeepFuzzer [107] Intriguer [140] Colossus [128] DigFuzz [119] Munch [133] SAFL [106] QSYM [64] Cyberdyne [72] Tinker [132] SHFuzz [143] SAVIOR [66] Wildfire [92] IoT Patching Kernel Java SAVIOR [63] FIoT [145] RedQueen [111] AutoDES [142] SynFuzz [127] DeepDiver [65] This article has been accepted for publication in a future issue of this journal, but has not been fully edited. Content may change prior to final publication.…”

Section: Hfs In Various Areasmentioning

confidence: 99%

See 1 more Smart Citation

Exploratory Review of Hybrid Fuzzing for Automated Vulnerability Detection

Rustamov

Kim

et al. 2021

IEEE Access

View full text Add to dashboard Cite

Recently, software testing has become a significant component of information security. The most reliable technique for automated software testing is a fuzzing tool that feeds programs with random test-input and detects software vulnerabilities that are critical to security. Similarly, symbolic execution has gained the most attention as an efficient testing tool for producing smart test-inputs and discovering hardto-reach bugs using search-based heuristics and compositional approaches. The combination of fuzzing and symbolic execution makes software testing more efficient by mitigating the limitations in each other. Although several studies have been conducted on hybrid fuzzing in recent years, a comprehensive and consistent review of hybrid fuzzing techniques has not been explored. To add coherence to the extensive literature on hybrid fuzzing and to make it reach a large audience, this study provides an overview of key concepts along with the taxonomy of existing hybrid fuzzing tools, problems, and solutions that have been developed in this sphere. It also includes evaluations of the proposed approaches and a number of suggestions for the development of hybrid fuzzing in the future.

show abstract

Automated Vulnerability Discovery and Exploitation in the Internet of Things

Cited by 10 publications

References 48 publications

A Survey of Cybersecurity Certification for the Internet of Things

A Survey of Cybersecurity Certification for the Internet of Things

AEMB: An Automated Exploit Mitigation Bypassing Solution

Exploratory Review of Hybrid Fuzzing for Automated Vulnerability Detection

Contact Info

Product

Resources

About