Journal of the Korea Institute of Information and Communication Engineering (한국정보통신학회논문지)

The Korea Institute of Information and Commucation Engineering (한국정보통신학회)
권호 표지
DOI QR코드

DOI QR Code

Vulnerability analysis on the ARMv7 Thumb Architecture

ARMv7 Thumb Architecture 취약성 분석

  • Kim, Si-Wan (Department of Information Security, Tongmyong University) ;
  • Seong, Ki-Taek (Department of Information Security, Tongmyong University)
  • Received : 2017.02.17
  • Accepted : 2017.03.27
  • Published : 2017.05.31
Download PDF
⟨ Previous Next ⟩

Abstract

The Internet of Things has attracted considerable research attention in recent years. In order for the new IoT technology to be widely used, the reliability and protection of information is required. IoT systems are very vulnerable to physical security due to their easy accessibility. Along with the development of SoC technology, many operating systems have been developed and many new operating systems have been introduced. In this paper, we describe the vulnerability analysis results for operating systems running on the ARMv7 Thumb Architecture hardware platform. For the recently introduced "Windows 10 IoT Core" operating system, I implemented the Zero-Day Attack by implanting the penetration code developed through the research into a specific IoT system. The virus detection test for the resulting penetration code was validated by referral to the "virustotal" site.

최근 몇 년간 사물인터넷은 중요한 연구적 관심을 끌어왔다. 새로운 IoT 기술이 널리 이용되기 위해서는 정보의 신뢰성과 보호가 전적으로 요구된다. IoT 시스템은 그 특성상 직접적인 접근이 쉬우므로 이로 인한 물리적인 보안에 매우 취약하다. SoC 기술의 발달과 함께 운영체제에 대한 기술도 많이 이루어졌으며 많은 새로운 운영체제가 소개되고 있다. 본 연구에서는 ARMv7 Thumb Architecture 하드웨어 플랫폼에서 동작하는 운영체제에 대한 취약성분석 결과에 대하여 기술하였다. 최근에 소개된 "Windows 10 IoT Core" 운영체제에 대하여, 연구를 통하여 개발된 침투코드를 특정 IoT 시스템에 이식시켜 Zero-Day Attack을 구현하였다. 결과의 침투코드에 대한 바이러스 검출 여부를 "virustotal" 사이트에 의뢰하여 유효성을 입증하였다.

Keywords

References

  1. M. S. Smith, "Protecting Privacy in an IoT-Connected World," Information Management Journal, vol. 49, Issue 6, pp. 36-39, Nov./Dec. 2015.
  2. R. H. Weber, "Internet of things: Privacy issues revisited," Computer Law & Security Review, Vol. 31, Issue 5, pp. 618 -627, Oct. 2015. https://doi.org/10.1016/j.clsr.2015.07.002
  3. Windows 10 IoT Core [Internet]. Available : https://developer.microsoft.com/ko-kr/windows/iot.
  4. The penetration testing standard [Internet]. Available : http://www.pentest-standard.org/index.php/PTES_Technical _Guidelines.
  5. ARM architecture penetration information [Internet]. Available : https://www.defcon.org/html/links/dc-archives/dc-18-archive.html.
  6. Microsoft Windows platform [Internet]. Available : https://docs.microsoft.com/ko-kr/windows/uwp/get-started/ universal-application-platform-guide.
  7. Microsoft Windsock code [Internet]. Available : https://msdn.microsoft.com/ko-kr/library/windows/desktop/ ms737593(v=vs.85).aspx.
  8. Analyzes malicious contents by online antivirus engines [Internet]. Available : https://www.virustotal.com/.