Login | Register

Vulnerabilities Identification in Closed-Source Binary Files and IoT Firmware

Title:

Vulnerabilities Identification in Closed-Source Binary Files and IoT Firmware

Qasem, Abdullah (2025) Vulnerabilities Identification in Closed-Source Binary Files and IoT Firmware. PhD thesis, Concordia University.

[thumbnail of Qasem_PhD_F2025.pdf]
Text (application/pdf)
Qasem_PhD_F2025.pdf - Accepted Version
Restricted to Repository staff only until 10 December 2027.
Available under License Spectrum Terms of Access.
2MB

Abstract

The proliferation of binary executables and IoT/IIoT firmware in modern computing environments has created an urgent need for robust security analysis methods that can withstand the challenges of code transformation, scalability, and false positives. This dissertation advances the state-of-the-art in binary and firmware security through three complementary research directions. First, we address the challenge of binary function similarity under compiler optimizations, obfuscations, and multi-architecture deployments. We design BinFinder, a neural embedding–based system that significantly improves clone detection accuracy, achieving resilience to complex code transformations and delivering substantial gains in recall over existing approaches. Second, we investigate the detection of taint-based vulnerabilities in IoT/IIoT firmware, where static taint analysis often leads to over-tainting and dynamic symbolic execution results in prohibitive computational costs. To overcome these limitations, we develop OctopusTaint, a static taint analysis framework that integrates advanced data flow analysis, backtracking, sanitization inspection, and post-processing filters. OctopusTaint reduces false positives, accelerates analysis, and uncovers both known and potential 0-day vulnerabilities across real-world firmware datasets. Finally, we focus on the crucial task of validating alerts from static analyzers, mitigating the long-standing problem of excessive false positives. We propose TaintPolygraph, a hybrid validation framework that couples static taint analysis with semantic-aware symbolic execution. By incorporating context-specific constraints and exploitability checks, TaintPolygraph effectively distinguishes genuine vulnerabilities from safe cases, reducing false positives by up to 83% across multiple architectures and operating systems. Collectively, these contributions establish a comprehensive methodology for analyzing binaries and IoT/IIoT firmware, encompassing clone detection, scalable vulnerability discovery, and precise alert validation. This research improves the accuracy of function clone search, enhances the reliability of firmware security analysis, alleviates the burden on analysts, and lays the foundation for scalable and trustworthy security solutions in embedded and IoT ecosystems.

Divisions:Concordia University > Gina Cody School of Engineering and Computer Science > Concordia Institute for Information Systems Engineering
Item Type:Thesis (PhD)
Authors:Qasem, Abdullah
Institution:Concordia University
Degree Name:Ph. D.
Program:Information and Systems Engineering
Date:12 December 2025
Thesis Supervisor(s):Debbabi, Mourad
ID Code:996573
Deposited By: Abdullah Mohammed Abdu Qasem
Deposited On:29 Jun 2026 17:54
Last Modified:29 Jun 2026 17:54
All items in Spectrum are protected by copyright, with all rights reserved. The use of items is governed by Spectrum's terms of access.

Repository Staff Only: item control page

Downloads per month over past year

Research related to the current document (at the CORE website)
- Research related to the current document (at the CORE website)
Back to top Back to top