Finding and Exploiting Vulnerabilities in Embedded TCP/IP Stacks
Wang, Wenhui (2021-07-15)
Finding and Exploiting Vulnerabilities in Embedded TCP/IP Stacks
(15.07.2021)
Julkaisu on tekijänoikeussäännösten alainen. Teosta voi lukea ja tulostaa henkilökohtaista käyttöä varten. Käyttö kaupallisiin tarkoituksiin on kielletty.
avoin
Julkaisun pysyvä osoite on:
https://urn.fi/URN:NBN:fi-fe2021080942575
https://urn.fi/URN:NBN:fi-fe2021080942575
Tiivistelmä
In the context of the rapid development of IoT technology, cyber-attacks are becoming more frequent, and the damage caused by cyber-attacks is remaining obstinately high. How to take the initiative in the rivalry with attackers is a major problem in today's era of the Internet. Vulnerability research is of great importance in this contest, especially the study of vulnerability detection and exploitation methodologies.
The objective of the thesis is to examine vulnerabilities in DNS client implementations of embedded TCP/IP stacks, specifically in terms of vulnerability detection and vulnerability exploitation research. In the thesis, a detection method is developed for some anti-patterns in DNS client implementations using a static analysis platform. We tested it against 10 embedded TCP/IP stacks, the result shows that the developed detection method has high precision for detecting the vulnerabilities found by the Forescout research labs with a total of 88% accuracy. For different anti-patterns, the method has different detection precision and it is closely related to the implementation of the detection queries. The thesis also conducted vulnerability exploitation research for a heap overflow vulnerability that exists in a DNS client implementation of a popular TCP/IP stack. A proof-of-concept of this exploitation is developed. Though there are many constraints for successful exploitations, the ability to conduct remote code execution attacks still makes exploitation of heap overflow vulnerability dangerous. In addition, attacks against TCP/IP stacks can take advantage of the stacks and make it possible for an attacker to exploit vulnerabilities in other devices.
Often it takes a huge amount of time for researchers to have deep knowledge of a codebase and to find vulnerabilities in it. But with the developed detection method, we can automate the process of locating vulnerable code patterns to add support for detecting relevant vulnerabilities. Research on the exploitation of vulnerabilities can allow us to discover the potential impact of a vulnerability from the perspective of an attacker and implement targeted defences.
The objective of the thesis is to examine vulnerabilities in DNS client implementations of embedded TCP/IP stacks, specifically in terms of vulnerability detection and vulnerability exploitation research. In the thesis, a detection method is developed for some anti-patterns in DNS client implementations using a static analysis platform. We tested it against 10 embedded TCP/IP stacks, the result shows that the developed detection method has high precision for detecting the vulnerabilities found by the Forescout research labs with a total of 88% accuracy. For different anti-patterns, the method has different detection precision and it is closely related to the implementation of the detection queries. The thesis also conducted vulnerability exploitation research for a heap overflow vulnerability that exists in a DNS client implementation of a popular TCP/IP stack. A proof-of-concept of this exploitation is developed. Though there are many constraints for successful exploitations, the ability to conduct remote code execution attacks still makes exploitation of heap overflow vulnerability dangerous. In addition, attacks against TCP/IP stacks can take advantage of the stacks and make it possible for an attacker to exploit vulnerabilities in other devices.
Often it takes a huge amount of time for researchers to have deep knowledge of a codebase and to find vulnerabilities in it. But with the developed detection method, we can automate the process of locating vulnerable code patterns to add support for detecting relevant vulnerabilities. Research on the exploitation of vulnerabilities can allow us to discover the potential impact of a vulnerability from the perspective of an attacker and implement targeted defences.