| CPC G06F 11/3696 (2013.01) [G06F 11/3684 (2013.01); G06F 11/3688 (2013.01); G06F 11/3692 (2013.01); G06F 21/577 (2013.01); G06F 2221/033 (2013.01)] | 16 Claims |
|
1. A method comprising:
obtaining a binary code of an embedded device;
performing static analysis of the binary code to identify a potentially vulnerable code region, wherein the potentially vulnerable code region is associated with providing input or output from code units of the binary code;
identifying propagation paths associated with the potentially vulnerable code region in the binary code;
analyzing the propagation paths to identify a potentially exploitable propagation path, wherein the potentially exploitable propagation path is potentially affected by external input that is inputted to a device executing the binary code;
determining a code patch associated with the potentially exploitable propagation path;
performing fuzz testing on the code patch independently from the binary code, whereby detecting vulnerabilities of the code patch; and
wherein said performing the fuzz testing comprises:
generating an emulation of the code patch independently from the binary code;
detecting vulnerabilities of the code patch by fuzz testing the emulation;
wherein the static analysis comprises:
determining a characterization of the potentially vulnerable code region based on influences between the potentially vulnerable code region and at least another code region in the binary code, wherein the characterization of the potentially vulnerable code region indicates a role of the potentially vulnerable code region in the binary code;
based on the characterization of the potentially vulnerable code region, determining that the potentially vulnerable code region is potentially affected by external input that is inputted to the device executing the binary code;
wherein said identifying the potentially exploitable propagation path comprises:
determining for the potentially vulnerable code region a corresponding potentially exploitable propagation path within the binary code, wherein the corresponding potentially exploitable propagation path indicates a reachability of the potentially vulnerable code region within the binary code;
locating in the binary code the code patch, wherein the code patch is associated with a functionality of interest of the binary code, wherein the code patch is associated with the potentially exploitable propagation path of the code region, wherein the code patch comprises the code region, wherein the code patch can be executed independently from the binary code.
|