EmTaint: Detecting Vulnerabilities in Linux-based Embedded Firmware with SSE-based On-demand Alias Analysis 

What is EmTaint?

EmTaint, a novel static analysis tool for accurate and fast detection of taint-style vulnerabilities in embedded firmware. 

In EmTaint, we design a structured symbolic expression-based (SSE-based) on-demand alias analysis technique, which serves as a basis for resolving both implicit data flow and control flow on potential vulnerable paths. Based on it, we come up with indirect call resolution and accurate taint analysis scheme. Combined with sanitization rule checking, EmTaint can eventually discovers a large number of taint-style vulnerabilities accurately within a limited time.