Reproduction Package for Article 'Detecting Vulnerabilities in Linux-based Embedded Firmware with SSE-based On-demand Alias Analysis'

doi:10.5281/zenodo.7976968

Published May 27, 2023 | Version 1.0

Conference paper Open

Reproduction Package for Article 'Detecting Vulnerabilities in Linux-based Embedded Firmware with SSE-based On-demand Alias Analysis'

Kai Cheng¹

1. Shenzhen Institute of Advanced Technology, Chinese Academy of Sciences / Sangfor Technologies Inc.

EmTaint, a novel static analysis tool for accurate and fast detection of taint-style vulnerabilities in embedded firmware.
In EmTaint, we design a structured symbolic expression-based (SSE-based) on-demand alias analysis technique, which serves as a basis for resolving both implicit data flow and control flow on potential vulnerable paths. Based on it, we come up with indirect call resolution and accurate taint analysis scheme. Combined with sanitization rule checking, EmTaint can eventually discovers a large number of taint-style vulnerabilities accurately within a limited time.

Files

Files (24.6 MB)

Name	Size	Download all
EmTaint.tar.gz md5:00193e417f0836f8c29255c76d52173a	24.6 MB	Download

166

Views

Downloads

Show more details

	All versions	This version
Views	166	162
Downloads	57	55
Data volume	1.5 GB	1.5 GB

More info on how stats are collected....

DOI

Resource type

Conference paper

Publisher

Zenodo

Creative Commons Attribution 4.0 International

The Creative Commons Attribution license allows re-distribution and re-use of a licensed work on the condition that the creator is appropriately credited. Read more

Technical metadata

Created: May 27, 2023
Modified: June 5, 2023

Reproduction Package for Article 'Detecting Vulnerabilities in Linux-based Embedded Firmware with SSE-based On-demand Alias Analysis'

Creators

Description

Files

Files (24.6 MB)