![[Review] A Large-Scale Empirical Analysis of the Vulnerabilities Introduced by Third-Party Components in IoT Firmware](/images/14/cover.png)
[Review] A Large-Scale Empirical Analysis of the Vulnerabilities Introduced by Third-Party Components in IoT Firmware
This paper doesn’t propose anything new, but creates a system called FirmSec that can detect the TPCs(third-part components) at version-level in firmware, and then recognizes the corresponding vulnerabilities. FirmSec takes IoT firmware images as input and output the vulnerabilities of TPCs contained in the firmware image.
Also, their work creates a database consisting of 34, 136 firmware images. FirmSecDataset
Implementation:
Preprocess the database, gathering various firmware images both public and private.
Preprocess the database, gathering various TPCs and their vulnerabilities.
Take in the firmware image, identify its characters and determines the TPCs(at version level) contained in the firmware.
Generate the vulnerability report of the firmware.
![[Review] GPTScan: Detecting Logic Vulnerabilities in Smart Contracts by Combining GPT with Program Analysis](/images/40/cover.png)
![[Review] MoonShine: Optimizing OS Fuzzer Seed Selection with Trace Distillation](/images/39/cover.png)
![[Review] One Simple API Can Cause Hundreds of Bugs: An Analysis of Refcounting Bugs in All Modern Linux Kernels](/images/38/cover.png)
![[Review] HEALER: Relation Learning Guided Kernel Fuzzing](/images/37/cover.png)
![[Review] Towards Precise Reporting of Cryptographic Misuses](/images/36/cover.png)