Strcmp-like Function Identification Method Based on Data Flow Feature Matching
Embedded devices have become visible everywhere, and they are used in a range of security-critical and privacy-sensitive applications.However, recent studies show that many embedded devices have backdoor, of which hard-coded backdoor(password backdoor) is the most common.In the triggering process of...
Saved in:
Published in | Ji suan ji ke xue Vol. 49; no. 9; pp. 326 - 332 |
---|---|
Main Authors | , , , |
Format | Journal Article |
Language | Chinese |
Published |
Chongqing
Guojia Kexue Jishu Bu
01.09.2022
Editorial office of Computer Science |
Subjects | |
Online Access | Get full text |
Cover
Loading…
Summary: | Embedded devices have become visible everywhere, and they are used in a range of security-critical and privacy-sensitive applications.However, recent studies show that many embedded devices have backdoor, of which hard-coded backdoor(password backdoor) is the most common.In the triggering process of password backdoor, strcmp-like functions are necessary and important absolutely.However, the current identification of strcmp-like functions mainly relies on function signature and control flow feature matching.The former can't recognize user-defined strcmp-like functions, and the identify effect is greatly affected by the compile environment.The latter has high false positive rate and false negative rate.To solve the above problems, this paper proposes a novel strcmp-like recognition technology CMPSeek.This method builds a model for strcmp-like function identification based on the analysis of control flow and data flow characteristics, which is used to identify strcmp-like functions in binary programs, and is sui |
---|---|
ISSN: | 1002-137X |
DOI: | 10.11896/jsjkx.220200163 |