Sharing more and checking less: satc
Webb17 nov. 2024 · IoT设备后端与用户交互往往需要通过Web,App等前端。许多嵌入式系统的漏洞都来自于Web。但是目前已有的漏洞检测方法都无法有效且高效地分析这样的web服务。这篇文章提出了一种新颖的静态污点分析的方法(SaTC),高效地检测嵌入式设备提供的web服务中的漏洞。 WebbWe implemented a prototype of SaTC and evaluated it on 39 embedded system firmwares from six popular vendors. SaTC discovered 33 unknown bugs, of which 30are confirmed …
Sharing more and checking less: satc
Did you know?
WebbSharing More and Checking Less: Leveraging Common Input Keywords to Detect Bugs in Embedded Systems @inproceedings{Chen2024SharingMA, title= ... in embedded firmware with static backtracking analysis and its efficacy is compared with the state-of-the-art method SaTC. Expand. Highly Influenced. View 6 excerpts, ... WebbSharing More and Checking Less: Leveraging Common Input Keywords to Detect Bugs in Embedded Systems LiboChen*, YanhaoWang*, QuanpuCai, YunfanZhan, Hong Hu, ... SaTC. Input Keyword Extraction. Input Keyword Extraction •Strings Extraction (Front-end) uHTML •Use regular expressions
WebbWe implemented a prototype of SaTC and evaluated it on 39 embedded system firmwares from six popular vendors. SaTC discovered 33 unknown bugs, of which 30 are confirmed by CVE/CNVD/PSV. Compared to the state-of-the-art tool KARONTE, SaTC found significantly more bugs on the test set. WebbSharing More and Checking Less: satc背景嵌入式系统的漏洞驻留在其开放的web服务中现有的web漏洞检测,不适用于此类web服务(开销、假阴假阳)本文利用前后端共享的关键字定位参考点从嵌入式系统中寻找bug的关键点在于从前端web中寻找处理用户数据的后端代码, …
Webb3 sep. 2024 · We implemented a prototype of SaTC and evaluated it on 39 embedded system firmwares from six popular vendors. SaTC discovered 33 unknown bugs, of … WebbTable 4: Vulnerabilities discovered by SaTC. For the bug type, BoF means buffer overflow; CI represents command injection; IAC indicates incorrect access control. Ksrc represents the type of the front-end file where the vulnerability-related keyword is found. Service represents the service where the vulnerability occurs. - "Sharing More and Checking …
WebbWe implemented a prototype of SaTC and evaluated it on 39 embedded system firmwares from six popular vendors. SaTC discovered 33 unknown bugs, of which 30 are confirmed by CVE/CNVD/PSV. Compared to the state-of-the-art tool KARONTE, SaTC found …
Webb19 aug. 2024 · Sharing More and Checking Less: satc背景嵌入式系统的漏洞驻留在其开放的web服务中现有的web漏洞检测,不适用于此类web服务(开销、假阴假阳)本文利用前后 … how far is bowling green ky from inez kyWebb27 jan. 2024 · Sharing More and Checking Less: satc背景嵌入式系统的漏洞驻留在其开放的web服务中现有的web漏洞检测,不适用于此类web服务(开销、假阴假阳)本文利用前 … hifn.cahttp://f0und.icu/article/11.html how far is bowie from dcWebb12 nov. 2010 · Sharing More and Checking Less: satc 背景 嵌入式系统的漏洞驻留在其开放的web服务中 现有的web漏洞检测,不适用于此类web服务 (开销、假阴假阳) 本文利用前后端共享的关键字定位参考点 从嵌入式系统中寻找bug的关键点在于从前端web中寻找处理用户数据的后端代码,那些输入会被后端处理 satc 工作流程 解压固件包,识别前后端文件 从前 … how far is bourton on the waterWebb•We propose SaTC, a novel approach to detect security vulnerabilities in embedded systems •Based on the insight that variable names are commonly shared between front … how far is bowling green kyWebbUSENIX The Advanced Computing Systems Association how far is bowie marylandWebbIn this paper, we propose a novel static taint checking solution, SaTC, to effectively detect security vulnerabilities in web services provided by embedded devices. Our key insight is … how far is bowie md from me