Design and Implementation of VxWorks System Vulnerability Mining Framework Based on Dynamic Symbol Execution

  • Wei Zheng
  • Yu ZhouEmail author
  • Boheng Wang
Conference paper
Part of the Advances in Intelligent Systems and Computing book series (AISC, volume 1143)


In recent years, with the popularity of VxWorks systems in various fields, VxWorks systems have been used in the underlying operating systems of industrial infrastructure in many countries. Therefore, in order to ensure the rights of the country and the people, the security requirements of the system are also increasing. This article introduces the technical details of the VxWorks system vulnerability mining framework based on dynamic symbolic execution, the overall framework flow, and the experimental results of the framework. The entire framework is mainly composed of the WDB RPC-based Trace module, the dynamic symbol execution module, and the fuzzing test module. During the testing phase, the framework successfully exploited the CVE-2015-7599 vulnerability and proved the effectiveness of the vulnerability mining framework designed in this paper.


VxWorks system Dynamic symbol execution WDB RPC protocol 


  1. 1.
    KNOWNSEC: VxWorks Fuzzing: VxWorks real-time operating system vulnerability mining debugging and utilizing secrets.
  2. 2.
  3. 3.
  4. 4.
    Zmap: ZMap Internet Scanner.
  5. 5.
  6. 6.
  7. 7.
    Sood, A.K.: Digging Inside the VxWorks OS and Firmware the Holistic Security. SecNiche Security Labs (2011)Google Scholar
  8. 8.
    Yannick Formaggio, Attacking VxWorks: from Stone Age to Interstellar (2015).
  9. 9.
    Wan, W.: Research of Wireless Security Transport Protocol in VxWorks Environment. Information Engineering University (2009)Google Scholar
  10. 10.
    Tian, L.: Research and Realization on Security Mechanism of Embedded RTOS VxWorks. Nanjing University of Aeronautics and Astronautics (2009)Google Scholar
  11. 11.
    Tian, Z.L., Liu, L.Q.: The study of security of network file transmission based on VxWorks. Inf. Technol. Informatization 4, 32–35 (2011)Google Scholar
  12. 12.
    Li, Y.S.: Research and Improvement of Application Layer SSH Security Protocol Based on VxWorks. Nanjing University of Aeronautics and Astronautics (2013)Google Scholar
  13. 13.
    Bi, J.B.: Research and Implementation of the Open Security Protocol Based on VxWorks. Lanzhou Jiaotong University (2014)Google Scholar
  14. 14.
    King, J.C.: Symbolic execution and program testing. Commun. ACM 19(7), 385–394 (1976)MathSciNetCrossRefGoogle Scholar
  15. 15.
    Gedefroid, P., Levin, M.Y., Molnar, D.: Sage: Whitebox fuzzing for security testing. Queue 10(1), 20–27 (2012)CrossRefGoogle Scholar
  16. 16.
    Z3Prover: The Z3 Theorem Prove.

Copyright information

© Springer Nature Singapore Pte Ltd. 2021

Authors and Affiliations

  1. 1.Information Technology ServicesEast China Normal UniversityShanghaiChina
  2. 2.Ant-Financial Light-Year Security LabHangzhouChina
  3. 3.School of Computer and SoftwareNanjing University of Information Science & TechnologyNanjingChina

Personalised recommendations