Attackers can exploit known vulnerabilities to infiltrate a device's firmware and the communication between firmware binaries, in order to pass between them. To improve cybersecurity, organizations must identify and mitigate the risks of the firmware they use. An attack graph (AG) can be used to assess and visually display firmware's risks by organizing the identified vulnerabilities into attack paths composed of sequences of actions attackers may perform to compromise firmware images. In this paper, we utilize AGs for firmware risk assessment. We propose MIRAGE (Multi-binary Image Risk Assessment with Attack Graph Employment), a framework for identifying potential attack vectors and vulnerable interactions between firmware binaries; MIRAGE accomplishes this by generating AGs for firmware inter-binary communication. The use cases of the proposed firmware AG generation framework include the identification of risky external interactions, supply chain risk assessment, and security analysis with digital twins. To evaluate the MIRAGE framework, we collected a dataset of 703 firmware images. We also propose a model for examining the risks of firmware binaries, demonstrate the model's implementation on the dataset of firmware images, and list the riskiest binaries.

翻译：攻击者可利用已知漏洞渗透设备固件及固件二进制文件间的通信，从而在不同组件间进行渗透。为增强网络安全，组织必须识别并降低所使用固件的风险。攻击图能够通过将已识别漏洞组织成攻击路径（即攻击者可能为危害固件镜像而执行的一系列动作序列），评估并可视化固件的风险。本文利用攻击图进行固件风险评估，提出MIRAGE（基于攻击图的多二进制固件风险评估）框架，用于识别固件二进制文件间的潜在攻击向量与脆弱交互。MIRAGE通过生成固件二进制间通信的攻击图实现上述功能。所提出的固件攻击图生成框架的应用场景包括：识别高风险外部交互、供应链风险评估及基于数字孪生的安全分析。为评估MIRAGE框架，我们收集了703个固件镜像数据集，并提出了固件二进制风险分析模型，在数据集上验证了该模型的实现效果，最终列出了风险最高的二进制文件。