CASIA OpenIR  > 学术期刊  > IEEE/CAA Journal of Automatica Sinica
Detecting Vulnerability on IoT Device Firmware: A Survey
Xiaotao Feng; Xiaogang Zhu; Qing-Long Han; Wei Zhou; Sheng Wen; Yang Xiang
Source PublicationIEEE/CAA Journal of Automatica Sinica
AbstractInternet of things (IoT) devices make up 30% of all network-connected endpoints, introducing vulnerabilities and novel attacks that make many companies as primary targets for cybercriminals. To address this increasing threat surface, every organization deploying IoT devices needs to consider security risks to ensure those devices are secure and trusted. Among all the solutions for security risks, firmware security analysis is essential to fix software bugs, patch vulnerabilities, or add new security features to protect users of those vulnerable devices. However, firmware security analysis has never been an easy job due to the diversity of the execution environment and the close source of firmware. These two distinct features complicate the operations to unpack firmware samples for detailed analysis. They also make it difficult to create visual environments to emulate the running of device firmware. Although researchers have developed many novel methods to overcome various challenges in the past decade, critical barriers impede firmware security analysis in practice. Therefore, this survey is motivated to systematically review and analyze the research challenges and their solutions, considering both breadth and depth. Specifically, based on the analysis perspectives, various methods that perform security analysis on IoT devices are introduced and classified into four categories. The challenges in each category are discussed in detail, and potential solutions are proposed subsequently. We then discuss the flaws of these solutions and provide future directions for this research field. This survey can be utilized by a broad range of readers, including software developers, cyber security researchers, and software security engineers, to better understand firmware security analysis.
KeywordFirmware emulation internet of things (IoT) firmware network fuzzing security static analysis
Citation statistics
Document Type期刊论文
Collection学术期刊_IEEE/CAA Journal of Automatica Sinica
Recommended Citation
GB/T 7714
Xiaotao Feng,Xiaogang Zhu,Qing-Long Han,et al. Detecting Vulnerability on IoT Device Firmware: A Survey[J]. IEEE/CAA Journal of Automatica Sinica,2023,10(1):25-41.
APA Xiaotao Feng,Xiaogang Zhu,Qing-Long Han,Wei Zhou,Sheng Wen,&Yang Xiang.(2023).Detecting Vulnerability on IoT Device Firmware: A Survey.IEEE/CAA Journal of Automatica Sinica,10(1),25-41.
MLA Xiaotao Feng,et al."Detecting Vulnerability on IoT Device Firmware: A Survey".IEEE/CAA Journal of Automatica Sinica 10.1(2023):25-41.
Files in This Item: Download All
File Name/Size DocType Version Access License
JAS-2022-0767.pdf(3134KB)期刊论文出版稿开放获取CC BY-NC-SAView Download
Related Services
Recommend this item
Usage statistics
Export to Endnote
Google Scholar
Similar articles in Google Scholar
[Xiaotao Feng]'s Articles
[Xiaogang Zhu]'s Articles
[Qing-Long Han]'s Articles
Baidu academic
Similar articles in Baidu academic
[Xiaotao Feng]'s Articles
[Xiaogang Zhu]'s Articles
[Qing-Long Han]'s Articles
Bing Scholar
Similar articles in Bing Scholar
[Xiaotao Feng]'s Articles
[Xiaogang Zhu]'s Articles
[Qing-Long Han]'s Articles
Terms of Use
No data!
Social Bookmark/Share
File name: JAS-2022-0767.pdf
Format: Adobe PDF
All comments (0)
No comment.

Items in the repository are protected by copyright, with all rights reserved, unless otherwise indicated.