Abstract
The proliferation of IoT devices and their increasing integration into daily life has led to significant security concerns. Due to the presence of a multitude of easily exploitable security vulnerabilities, these devices are frequently targeted by malicious users. It follows that it is imperative to conduct thorough security evaluations of IoT devices to detect and prevent possible cyberattacks. To achieve this, it is of utmost importance to adopt comprehensive and reliable methodologies for vulnerability assessment. However, traditional vulnerability assessment techniques require the emulation of firmware in a controlled environment, a process known as firmware re-hosting. In this chapter, we provide an analysis of the current re-hosting methods for vulnerability assessment, identify their limitations, and discuss our approach to speed up security evaluations and allow the use of traditional security tools, such as binary fuzzers, to be applied on re-hosted firmware.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
G. Fortino, A. Guzzo, M. Ianni, F. Leotta, M. Mecella, Exploiting marked temporal point processes for predicting activities of daily living, in 2020 IEEE International Conference on Human-Machine Systems (ICHMS) (IEEE, 2020), pp. 1–6
G. Fortino, A. Guzzo, M. Ianni, F. Leotta, M. Mecella, Predicting activities of daily living via temporal point processes: approaches and experimental results. Comput. Electr. Eng. 96, 107567 (2021)
G. Fortino, A. Guerrieri, P. Pace, C. Savaglio, G. Spezzano, IoT platforms and security: an analysis of the leading industrial/commercial solutions. Sensors 22(6), 2196 (2022)
Y. He, Z. Zou, K. Sun, Z. Liu, K. Xu, Q. Wang, C. Shen, Z. Wang, Q. Li, {RapidPatch}: firmware hotpatching for {Real-Time} embedded devices, in 31st USENIX Security Symposium (USENIX Security 22) (2022), pp. 2225–2242
A. Guzzo, M. Ianni, A. Pugliese, D. Saccà , Modeling and efficiently detecting security-critical sequences of actions. Futur. Gener. Comput. Syst. 113, 196–206 (2020)
M. Salehi, L. Degani, M. Roveri, D. Hughes, B. Crispo, Discovery and identification of memory corruption vulnerabilities on bare-metal embedded devices. IEEE Trans. Dependable Secure Comput. 20(2), 1124–1138 (2022)
[Online]. Available: https://lcamtuf.coredump.cx/afl/
Y. Shoshitaishvili, R. Wang, C. Salls, N. Stephens, M. Polino, A. Dutcher, J. Grosen, S. Feng, C. Hauser, C. Kruegel, G. Vigna, SoK: (state of) the art of war: offensive techniques in binary analysis, in IEEE Symposium on Security and Privacy (2016)
J. Zaddach, L. Bruno, A. Francillon, D. Balzarotti et al., Avatar: a framework to support dynamic security analysis of embedded systems’ firmwares, in NDSS, vol. 14 (2014), pp. 1–16
M. Kammerstetter, C. Platzer, W. Kastner, Prospect: peripheral proxying supported embedded code testing, in Proceedings of the 9th ACM Symposium on Information, Computer and Communications Security (2014), pp.329–340
K. Koscher, T. Kohno, D. Molnar, {SURROGATES}: enabling {Near-Real-Time} dynamic analyses of embedded systems, in 9th USENIX Workshop on Offensive Technologies (WOOT 15) (2015)
S.M.S. Talebi, H. Tavakoli, H. Zhang, Z. Zhang, A.A. Sani, Z. Qian, Charm: facilitating dynamic analysis of device drivers of mobile systems, in 27th USENIX Security Symposium (USENIX Security 18) (2018), pp. 291–307
D.D. Chen, M. Woo, D. Brumley, M. Egele, Towards automated dynamic analysis for linux-based embedded firmware, in NDSS, vol. 1 (2016), pp. 1–1
A. Costin, A. Zarras, A. Francillon, Automated dynamic firmware analysis at scale: a case study on embedded web interfaces, in Proceedings of the 11th ACM on Asia Conference on Computer and Communications Security (2016), pp. 437–448
A.A. Clements, E. Gustafson, T. Scharnowski, P. Grosen, D. Fritz, C. Kruegel, G. Vigna, S. Bagchi, M. Payer, {HALucinator}: firmware re-hosting through abstraction layer emulation, in 29th USENIX Security Symposium (USENIX Security 20) (2020), pp. 1201–1218
E. Gustafson, M. Muench, C. Spensky, N. Redini, A. Machiry, Y. Fratantonio, D. Balzarotti, A. Francillon, Y.R. Choe, C. Kruegel et al., Toward the analysis of embedded firmware through automated re-hosting, in 22nd International Symposium on Research in Attacks, Intrusions and Defenses (RAID 2019) (2019), pp. 135–150
B. Feng, A. Mera, L. Lu, {P2IM}: scalable and hardware-independent firmware testing via automatic peripheral interface modeling, in 29th USENIX Security Symposium (USENIX Security 20) (2020), pp. 1237–1254
C. Cao, L. Guan, J. Ming, P. Liu, Device-agnostic firmware execution is possible: a concolic execution approach for peripheral emulation, in Annual Computer Security Applications Conference (2020), pp. 746–759
E. Bauman, Z. Lin, K.W. Hamlen et al., Superset disassembly: statically rewriting x86 binaries without heuristics, in NDSS (2018)
J.R. Larus, T. Ball, Rewriting executable files to measure program behavior. Softw.: Pract. Experience 24(2), 197–218 (1994)
G. Ravipati, A.R. Bernat, N. Rosenblum, B.P. Miller, J.K. Hollingsworth, Toward the deconstruction of dyninst. University of Wisconsin, Technical report, vol. 32, 2007
D.W. Wall, Systems for late code modification, in Code Generation–Concepts, Tools, Techniques: Proceedings of the International Workshop on Code Generation (Springer, London, 1992), pp. 275–293
L. Van Put, D. Chanet, B. De Bus, B. De Sutter, K. De Bosschere, Diablo: a reliable, retargetable and extensible link-time rewriting framework, in Proceedings of the Fifth IEEE International Symposium on Signal Processing and Information Technology, 2005 (IEEE, 2005), pp. 7–12
K. Scott, J. Davidson, Strata: a software dynamic translation infrastructure, in IEEE Workshop on Binary Translation (2001)
C. Cifuentes, B. Lewis, D. Ung, Walkabout-a retargetable dynamic binary translation framework, in Workshop on Binary Translation (2002), pp. 22–25
J.K. Hollingsworth, B.P. Miller, J. Cargille, Dynamic program instrumentation for scalable performance tools, in Proceedings of IEEE Scalable High Performance Computing Conference (IEEE, 1994), pp. 841–850
B. Buck, J.K. Hollingsworth, An API for runtime code patching. Int. J. High Perform. Comput. Appl. 14(4), 317–329 (2000)
C.-K. Luk, R. Cohn, R. Muth, H. Patil, A. Klauser, G. Lowney, S. Wallace, V.J. Reddi, K. Hazelwood, Pin: building customized program analysis tools with dynamic instrumentation. ACM SIGPLAN Not. 40(6), 190–200 (2005)
M. Wenzl, G. Merzdovnik, J. Ullrich, E. Weippl, From hack to elaborate technique–a survey on binary rewriting. ACM Comput. Surv. (CSUR) 52(3), 1–37 (2019)
F. Bellard, QEMU, a fast and portable dynamic translator. in USENIX Annual Technical Conference, FREENIX Track, vol. 41, no. 46. Califor-nia, USA (2005), pp. 10–5555
P.S. Magnusson, M. Christensson, J. Eskilson, D. Forsgren, G. Hallberg, J. Hogberg, F. Larsson, A. Moestedt, B. Werner, Simics: a full system simulation platform. Computer 35(2), 50–58 (2002)
M. Muench, D. Nisi, A. Francillon, D. Balzarotti, Avatar 2: a multi-target orchestration platform, in Proceedings Workshop Binary Analysis Research (Colocated NDSS Symposium), vol. 18 (2018), pp. 1–11
N. Corteggiani, G. Camurati, A. Francillon, Inception: {System-Wide} security testing of {Real-World} embedded systems software, in 27th USENIX Security Symposium (USENIX Security 18) (2018), pp. 309–326
W. Li, L. Guan, J. Lin, J. Shi, F. Li, From library portability to para-rehosting: natively executing microcontroller software on commodity hardware (2021). arXiv preprint arXiv:2107.12867
C. Spensky, A. Machiry, N. Redini, C. Unger, G. Foster, E. Blasband, H. Okhravi, C. Kruegel, G. Vigna, Conware: automated modeling of hardware peripherals, in Proceedings of the 2021 ACM Asia Conference on Computer and Communications Security (2021), pp. 95–109
E. Johnson, M. Bland, Y. Zhu, J. Mason, S. Checkoway, S. Savage, K. Levchenko, Jetset: targeted firmware rehosting for embedded systems, in 30th USENIX Security Symposium (USENIX Security 21) (2021), pp. 321–338
W. Zhou, L. Guan, P. Liu, Y. Zhang, Automatic firmware emulation through invalidity-guided knowledge inference, in USENIX Security Symposium (2021), pp. 2007–2024
G. Fortino, C. Greco, A. Guzzo, M. Ianni, Enabling faster security assessment of re-hosted firmware, in 2022 IEEE International Conference on Dependable, Autonomic and Secure Computing, International Conference on Pervasive Intelligence and Computing, International Conference on Cloud and Big Data Computing, International Conference on Cyber Science and Technology Congress (DASC/PiCom/CBDCom/CyberSciTech) (IEEE, 2022), pp. 1–6
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2024 The Author(s), under exclusive license to Springer Nature Switzerland AG
About this chapter
Cite this chapter
Greco, C., Ianni, M., Guzzo, A., Fortino, G. (2024). Firmware Dynamic Analysis Through Rewriting. In: Savaglio, C., Fortino, G., Zhou, M., Ma, J. (eds) Device-Edge-Cloud Continuum. Internet of Things. Springer, Cham. https://doi.org/10.1007/978-3-031-42194-5_2
Download citation
DOI: https://doi.org/10.1007/978-3-031-42194-5_2
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-031-42193-8
Online ISBN: 978-3-031-42194-5
eBook Packages: EngineeringEngineering (R0)