Semantic-Enhanced Static Vulnerability Detection in Baseband Firmware
The title of our paper is Semantic-Enhanced Static Vulnerability Detection in Baseband Firmware. And we want to get a available badge.We recommend that the reviewers evaluating this research artifact should be experts in the field of firmware unpacking, reverse engineering, and binary program analysis. BVFinder is a baseband firmware static vulnerability prototype detection tool developed based on BinAbsInspector. It identifies a vulnerability by locating whether a predefined sensitive memory operation is tainted by any attacker-controllable input. Specifically, to reach high automation and preciseness, it made two key improvements: a semantic-based taint source identification and an enhanced taint propagation. The former employs semantic search techniques to identify registers and memory offsets that carry attacker-controllable inputs. This is achieved by matching the inputs to their corresponding message and data types using textual features and addressing patterns within the assemblies.On the other hand, the latter technology guarantees effective taint propagation by employing additional indirect call resolution algorithms.