Featured Discovery

Home > Featured Discovery > SJTU Team’s Latest Research Paper Accepted by USENIX Security 2021

SJTU Team’s Latest Research Paper Accepted by USENIX Security 2021

March 03, 2021      Author:

Recently, the research paper "Sharing More and Checking Less: Leveraging Common Input Keywords to Detect Bugs in Embedded Systems" by researchers and students from SJTU and other well-known research institutions at home and abroad has been officially accepted by USENIX Security 2021. It is one of the top-four international academic conferences in the field of network and system security, with an acceptance rate of 16.1% in 2020. Chen Libo from School of Cyber Science and Engineering, SJTU was the first author; SJTU student Cai Quanpu and Prof. Xue Zhi were the corresponding authors.

At present, due to the ecological fragmentation of the Internet of Things, we still face difficulties in developing a universal and efficient dynamic analysis approach for binary security analysis of terminal vulnerabilities. For example, the common Smart Fuzzing method cannot be applied to COTS often due to the lack of a general operating environment that effectively supports gray box testing. In addition, the static analysis method for firmware binaries is often low in efficiency due to various problems, such as path explosion in symbolic execution.

To solve these problems, Chen Libo and his team put forward the automated vulnerability mining method of embedded systems based on front-end and back-end data correlation. By using shared keywords from front and back ends as taint analysis inputs, we can focus on the data introduction points in the back-end executor which are strongly correlated with the front-end inputs, and use them as the starting location for taint analysis, reducing the complexity of symbolic execution, while enabling more accurate and efficient discovery of various types of security bugs.

This method has already been applied to actual vulnerability mining in IoT devices. 33 bugs have been found in 39 devices from 6 well-known manufacturers, 30 of which have been granted CVE/CNVD/PSV numbers. Before the paper was accepted, these security bugs had been disclosed through GeekPwn, Tianfu Cup and other top security cracking competitions and received acknowledgements from relevant manufacturers and the organizing committees.


Source: School of Electronic Information and Electrical Engineering, SJTU

Translated by: Zhou Rong

Proofread by: Xiao Yangning, Fu Yuhe