Skip to main content
SpringerLink
Log in

Firmware Dynamic Analysis Through Rewriting

  • Chapter
  • First Online:
Device-Edge-Cloud Continuum

Part of the book series: Internet of Things ((ITTCC))

Abstract

The proliferation of IoT devices and their increasing integration into daily life has led to significant security concerns. Due to the presence of a multitude of easily exploitable security vulnerabilities, these devices are frequently targeted by malicious users. It follows that it is imperative to conduct thorough security evaluations of IoT devices to detect and prevent possible cyberattacks. To achieve this, it is of utmost importance to adopt comprehensive and reliable methodologies for vulnerability assessment. However, traditional vulnerability assessment techniques require the emulation of firmware in a controlled environment, a process known as firmware re-hosting. In this chapter, we provide an analysis of the current re-hosting methods for vulnerability assessment, identify their limitations, and discuss our approach to speed up security evaluations and allow the use of traditional security tools, such as binary fuzzers, to be applied on re-hosted firmware.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 129.00
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Hardcover Book
USD 169.99
Price excludes VAT (USA)
  • Durable hardcover edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Notes

  1. 1.

    https://llvm.org/docs/LibFuzzer.html

  2. 2.

    https://github.com/google/honggfuzz

References

  1. G. Fortino, A. Guzzo, M. Ianni, F. Leotta, M. Mecella, Exploiting marked temporal point processes for predicting activities of daily living, in 2020 IEEE International Conference on Human-Machine Systems (ICHMS) (IEEE, 2020), pp. 1–6

    Google Scholar 

  2. G. Fortino, A. Guzzo, M. Ianni, F. Leotta, M. Mecella, Predicting activities of daily living via temporal point processes: approaches and experimental results. Comput. Electr. Eng. 96, 107567 (2021)

    Article  Google Scholar 

  3. G. Fortino, A. Guerrieri, P. Pace, C. Savaglio, G. Spezzano, IoT platforms and security: an analysis of the leading industrial/commercial solutions. Sensors 22(6), 2196 (2022)

    Google Scholar 

  4. Y. He, Z. Zou, K. Sun, Z. Liu, K. Xu, Q. Wang, C. Shen, Z. Wang, Q. Li, {RapidPatch}: firmware hotpatching for {Real-Time} embedded devices, in 31st USENIX Security Symposium (USENIX Security 22) (2022), pp. 2225–2242

    Google Scholar 

  5. A. Guzzo, M. Ianni, A. Pugliese, D. Saccà, Modeling and efficiently detecting security-critical sequences of actions. Futur. Gener. Comput. Syst. 113, 196–206 (2020)

    Article  Google Scholar 

  6. M. Salehi, L. Degani, M. Roveri, D. Hughes, B. Crispo, Discovery and identification of memory corruption vulnerabilities on bare-metal embedded devices. IEEE Trans. Dependable Secure Comput. 20(2), 1124–1138 (2022)

    Article  Google Scholar 

  7. [Online]. Available: https://lcamtuf.coredump.cx/afl/

  8. Y. Shoshitaishvili, R. Wang, C. Salls, N. Stephens, M. Polino, A. Dutcher, J. Grosen, S. Feng, C. Hauser, C. Kruegel, G. Vigna, SoK: (state of) the art of war: offensive techniques in binary analysis, in IEEE Symposium on Security and Privacy (2016)

    Google Scholar 

  9. J. Zaddach, L. Bruno, A. Francillon, D. Balzarotti et al., Avatar: a framework to support dynamic security analysis of embedded systems’ firmwares, in NDSS, vol. 14 (2014), pp. 1–16

    Google Scholar 

  10. M. Kammerstetter, C. Platzer, W. Kastner, Prospect: peripheral proxying supported embedded code testing, in Proceedings of the 9th ACM Symposium on Information, Computer and Communications Security (2014), pp.329–340

    Google Scholar 

  11. K. Koscher, T. Kohno, D. Molnar, {SURROGATES}: enabling {Near-Real-Time} dynamic analyses of embedded systems, in 9th USENIX Workshop on Offensive Technologies (WOOT 15) (2015)

    Google Scholar 

  12. S.M.S. Talebi, H. Tavakoli, H. Zhang, Z. Zhang, A.A. Sani, Z. Qian, Charm: facilitating dynamic analysis of device drivers of mobile systems, in 27th USENIX Security Symposium (USENIX Security 18) (2018), pp. 291–307

    Google Scholar 

  13. D.D. Chen, M. Woo, D. Brumley, M. Egele, Towards automated dynamic analysis for linux-based embedded firmware, in NDSS, vol. 1 (2016), pp. 1–1

    Google Scholar 

  14. A. Costin, A. Zarras, A. Francillon, Automated dynamic firmware analysis at scale: a case study on embedded web interfaces, in Proceedings of the 11th ACM on Asia Conference on Computer and Communications Security (2016), pp. 437–448

    Google Scholar 

  15. A.A. Clements, E. Gustafson, T. Scharnowski, P. Grosen, D. Fritz, C. Kruegel, G. Vigna, S. Bagchi, M. Payer, {HALucinator}: firmware re-hosting through abstraction layer emulation, in 29th USENIX Security Symposium (USENIX Security 20) (2020), pp. 1201–1218

    Google Scholar 

  16. E. Gustafson, M. Muench, C. Spensky, N. Redini, A. Machiry, Y. Fratantonio, D. Balzarotti, A. Francillon, Y.R. Choe, C. Kruegel et al., Toward the analysis of embedded firmware through automated re-hosting, in 22nd International Symposium on Research in Attacks, Intrusions and Defenses (RAID 2019) (2019), pp. 135–150

    Google Scholar 

  17. B. Feng, A. Mera, L. Lu, {P2IM}: scalable and hardware-independent firmware testing via automatic peripheral interface modeling, in 29th USENIX Security Symposium (USENIX Security 20) (2020), pp. 1237–1254

    Google Scholar 

  18. C. Cao, L. Guan, J. Ming, P. Liu, Device-agnostic firmware execution is possible: a concolic execution approach for peripheral emulation, in Annual Computer Security Applications Conference (2020), pp. 746–759

    Google Scholar 

  19. E. Bauman, Z. Lin, K.W. Hamlen et al., Superset disassembly: statically rewriting x86 binaries without heuristics, in NDSS (2018)

    Google Scholar 

  20. J.R. Larus, T. Ball, Rewriting executable files to measure program behavior. Softw.: Pract. Experience 24(2), 197–218 (1994)

    Google Scholar 

  21. G. Ravipati, A.R. Bernat, N. Rosenblum, B.P. Miller, J.K. Hollingsworth, Toward the deconstruction of dyninst. University of Wisconsin, Technical report, vol. 32, 2007

    Google Scholar 

  22. D.W. Wall, Systems for late code modification, in Code Generation–Concepts, Tools, Techniques: Proceedings of the International Workshop on Code Generation (Springer, London, 1992), pp. 275–293

    Book  Google Scholar 

  23. L. Van Put, D. Chanet, B. De Bus, B. De Sutter, K. De Bosschere, Diablo: a reliable, retargetable and extensible link-time rewriting framework, in Proceedings of the Fifth IEEE International Symposium on Signal Processing and Information Technology, 2005 (IEEE, 2005), pp. 7–12

    Google Scholar 

  24. K. Scott, J. Davidson, Strata: a software dynamic translation infrastructure, in IEEE Workshop on Binary Translation (2001)

    Google Scholar 

  25. C. Cifuentes, B. Lewis, D. Ung, Walkabout-a retargetable dynamic binary translation framework, in Workshop on Binary Translation (2002), pp. 22–25

    Google Scholar 

  26. J.K. Hollingsworth, B.P. Miller, J. Cargille, Dynamic program instrumentation for scalable performance tools, in Proceedings of IEEE Scalable High Performance Computing Conference (IEEE, 1994), pp. 841–850

    Google Scholar 

  27. B. Buck, J.K. Hollingsworth, An API for runtime code patching. Int. J. High Perform. Comput. Appl. 14(4), 317–329 (2000)

    Article  Google Scholar 

  28. C.-K. Luk, R. Cohn, R. Muth, H. Patil, A. Klauser, G. Lowney, S. Wallace, V.J. Reddi, K. Hazelwood, Pin: building customized program analysis tools with dynamic instrumentation. ACM SIGPLAN Not. 40(6), 190–200 (2005)

    Article  Google Scholar 

  29. M. Wenzl, G. Merzdovnik, J. Ullrich, E. Weippl, From hack to elaborate technique–a survey on binary rewriting. ACM Comput. Surv. (CSUR) 52(3), 1–37 (2019)

    Google Scholar 

  30. F. Bellard, QEMU, a fast and portable dynamic translator. in USENIX Annual Technical Conference, FREENIX Track, vol. 41, no. 46. Califor-nia, USA (2005), pp. 10–5555

    Google Scholar 

  31. P.S. Magnusson, M. Christensson, J. Eskilson, D. Forsgren, G. Hallberg, J. Hogberg, F. Larsson, A. Moestedt, B. Werner, Simics: a full system simulation platform. Computer 35(2), 50–58 (2002)

    Article  Google Scholar 

  32. M. Muench, D. Nisi, A. Francillon, D. Balzarotti, Avatar 2: a multi-target orchestration platform, in Proceedings Workshop Binary Analysis Research (Colocated NDSS Symposium), vol. 18 (2018), pp. 1–11

    Google Scholar 

  33. N. Corteggiani, G. Camurati, A. Francillon, Inception: {System-Wide} security testing of {Real-World} embedded systems software, in 27th USENIX Security Symposium (USENIX Security 18) (2018), pp. 309–326

    Google Scholar 

  34. W. Li, L. Guan, J. Lin, J. Shi, F. Li, From library portability to para-rehosting: natively executing microcontroller software on commodity hardware (2021). arXiv preprint arXiv:2107.12867

    Google Scholar 

  35. C. Spensky, A. Machiry, N. Redini, C. Unger, G. Foster, E. Blasband, H. Okhravi, C. Kruegel, G. Vigna, Conware: automated modeling of hardware peripherals, in Proceedings of the 2021 ACM Asia Conference on Computer and Communications Security (2021), pp. 95–109

    Google Scholar 

  36. E. Johnson, M. Bland, Y. Zhu, J. Mason, S. Checkoway, S. Savage, K. Levchenko, Jetset: targeted firmware rehosting for embedded systems, in 30th USENIX Security Symposium (USENIX Security 21) (2021), pp. 321–338

    Google Scholar 

  37. W. Zhou, L. Guan, P. Liu, Y. Zhang, Automatic firmware emulation through invalidity-guided knowledge inference, in USENIX Security Symposium (2021), pp. 2007–2024

    Google Scholar 

  38. G. Fortino, C. Greco, A. Guzzo, M. Ianni, Enabling faster security assessment of re-hosted firmware, in 2022 IEEE International Conference on Dependable, Autonomic and Secure Computing, International Conference on Pervasive Intelligence and Computing, International Conference on Cloud and Big Data Computing, International Conference on Cyber Science and Technology Congress (DASC/PiCom/CBDCom/CyberSciTech) (IEEE, 2022), pp. 1–6

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Department of Computer Science, Modeling, Electronics and System Engineering (DIMES), University of Calabria, Arcavacata, Italy

    Claudia Greco, Michele Ianni, Antonella Guzzo & Giancarlo Fortino

Authors
  1. Claudia Greco
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Michele Ianni
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Antonella Guzzo
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Giancarlo Fortino
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Claudia Greco .

Editor information

Editors and Affiliations

  1. DIMES, Università della Calabria, Rende, Cosenza, Italy

    Claudio Savaglio

  2. DIMES, Universita della Calabria, Rende, Cosenza, Italy

    Giancarlo Fortino

  3. New Jersey Institute of Technology, Newark, NJ, USA

    MengChu Zhou

  4. Hosei University, Tokyo, Japan

    Jianhua Ma

Rights and permissions

Reprints and permissions

Copyright information

© 2024 The Author(s), under exclusive license to Springer Nature Switzerland AG

About this chapter

Check for updates. Verify currency and authenticity via CrossMark

Cite this chapter

Greco, C., Ianni, M., Guzzo, A., Fortino, G. (2024). Firmware Dynamic Analysis Through Rewriting. In: Savaglio, C., Fortino, G., Zhou, M., Ma, J. (eds) Device-Edge-Cloud Continuum. Internet of Things. Springer, Cham. https://doi.org/10.1007/978-3-031-42194-5_2

Download citation

  • DOI: https://doi.org/10.1007/978-3-031-42194-5_2

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-031-42193-8

  • Online ISBN: 978-3-031-42194-5

  • eBook Packages: EngineeringEngineering (R0)

Publish with us

Policies and ethics

Search

Navigation