Towards Automated Dynamic Analysis for Linux-based Embedded Firmware

23rd Annual Network and Distributed System Security Symposium, NDSS 2016

Volumn , Issue , 2016, Pages

  Chen, Daming D ^a   Egele, Manuel ^b   Woo, Maverick ^a   Brumley, David ^a  

^a CARNEGIE MELLON UNIVERSITY   (United States)

^b BOSTON UNIVERSITY   (United States)

Author keywords

[No Author keywords available]

Indexed keywords

IMAGE PROCESSING; LINUX; PERSONAL COMPUTING; ROUTERS; SCALABILITY;

COMMERCIAL OFF THE SHELVES; COMMERCIAL OFF-THE SHELVES; COMMERCIAL-OFF-THE-SHELF; DAILY LIVES; DYNAMICS ANALYSIS; EMBEDDED DEVICE; EMBEDDED FIRMWARES; HOME ROUTERS; HOME USERS; INTEGRAL FUNCTION;

FIRMWARE;

EID: 85169465657     PISSN: None     EISSN: None     Source Type: Conference Proceeding    
DOI: 10.14722/ndss.2016.23415     Document Type: Conference Paper

References (19)

1. “Binwalk.” [Online]. Available: http://binwalk.org/
2. “Metasploit.” [Online]. Available: http://www.metasploit. com/
3. “Nmap security scanner.” [Online]. Available: https: //nmap.org/
4. F. Bellard, “QEMU, a fast and portable dynamic translator,” in Proceedings of the USENIX 2005 Annual Technical Conference. USENIX, 2005, pp. 41-46. [Online]. Available: https://www.usenix.org/legacy/publications/ library/proceedings/usenix05/tech/freenix/bellard.html
5. A. Bessey, K. Block, B. Chelf, A. Chou, B. Fulton, S. Hallem, C. Henri-Gros, A. Kamsky, S. McPeak, and D. Engler, “A few billion lines of code later,” Communications of the ACM, vol. 53, no. 2, pp. 66-75, 2010. [Online]. Available: http://portal.acm.org/citation. cfm?doid=1646353.1646374
6. A. Bonkoski, R. Bielawski, and J. A. Halderman, “Illuminating the security issues surrounding lights-out server management,” in Proceedings of the 7th USENIX Workshop on Offensive Technologies. USENIX, 2013, pp. 1-9. [Online]. Available: https://www.usenix.org/conference/woot13/ workshop-program/presentation/bonkoski
7. C. Cadar, D. Dunbar, and D. Engler, “KLEE: Unassisted and automatic generation of high-coverage tests for complex systems programs,” in Proceedings of the 8th USENIX Symposium on Operating System Design and Implementation. USENIX, 2008, pp. 209-224. [Online]. Available: https://www.usenix.org/legacy/events/osdi08/ tech/
8. A. Costin, J. Zaddach, A. Francillon, and D. Balzarotti, “A large-scale analysis of the security of embedded firmwares,” in Proceedings of the 23rd USENIX Security Symposium. USENIX, 2014, pp. 95-110. [Online]. Available: https://www.usenix.org/conference/ usenixsecurity14/technical-sessions/presentation/costin
9. A. Cui, M. Costello, and S. J. Stolfo, “When firmware modifications attack: A case study of embedded exploitation,” in Proceedings of the 20th Annual Network and Distributed System Security Symposium. The Internet Society, 2013. [Online]. Available: http://www.internetsociety.org/doc/when-firmwaremodifications- attack-case-study-embedded-exploitation
10. A. Cui and S. J. Stolfo, “A quantitative analysis of the insecurity of embedded network devices: Results of a wide-area scan,” in Proceedings of the 26th Annual Computer Security Applications Conference, 2010, pp. 97-106. [Online]. Available: http://www.scopus.com/ inward/record.url?eid=2-s2.0-78751540482&partnerID= 40&md5=759904ebe0eca35e4297072f7224cf55
11. D. Davidson, B. Moench, S. Jha, and T. Ristenpart, “FIE on firmware: Finding vulnerabilities in embedded systems using symbolic execution finding vulnerabilities in embedded systems using symbolic execution,” in Proceedings of the 22nd USENIX Security Symposium. USENIX, 2013, pp. 463-478. [Online]. Available: https://www.usenix.org/conference/ usenixsecurity13/technical-sessions/paper/davidson
12. U. Drepper, “How to write shared libraries,” 2006.
13. Z. Durumeric, E. Wustrow, and J. A. Halderman, “ZMap: Fast internet-wide scanning and its security applications,” in Proceedings of the 22nd USENIX Security Symposium. USENIX, 2013, pp. 605-619. [Online]. Available: https://www.usenix.org/conference/ usenixsecurity13/technical-sessions/paper/durumeric
14. N. Heninger, Z. Durumeric, E. Wustrow, and J. A. Halderman, “Mining your Ps and Qs: Detection of widespread weak keys in network devices,” in Proceedings of the 21st USENIX Security Symposium. USENIX, 2012, pp. 205-220. [Online]. Available: https://www.usenix.org/conference/usenixsecurity12/ technical-sessions/presentation/heninger
15. H. Li, D. Tong, K. Huang, and X. Cheng, “FEMU: A firmware-based emulation framework for SoC verification,” in Proceedings of the 2010 IEEE/ACM/IFIP International Conference on Hardware/Software Codesign and System Synthesis, no. 257. IEEE, 2010, pp. 257-266. [Online]. Available: http://ieeexplore.ieee.org/xpls/abs_all. jsp?arnumber=5751510&tag=1
16. J. Maskiewicz, B. Ellis, J. Mouradian, and H. Shacham, “Mouse trap: Exploiting firmware updates in USB peripherals,” in Proceedings of the 8th USENIX Workshop on Offensive Technologies. USENIX, 2014, pp. 1-10. [Online]. Available: https://www.usenix.org/conference/ woot14/workshop-program/presentation/maskiewicz
17. K. Nohl and J. Lell, “BadUSB-on accessories that turn evil,” 2014. [Online]. Available: https://www.blackhat.com/us-14/briefings.html# badusb-on-accessories-that-turn-evil
18. R.-P. Weinmann, “Baseband attacks: Remote exploitation of memory corruptions in cellular protocol stacks,” in Proceedings of the 6th USENIX Workshop on Offensive Technologies. USENIX, 2012, pp. 1-10. [Online]. Available: https://www.usenix.org/conference/ woot12/workshop-program/presentation/weinmann
19. J. Zaddach, L. Bruno, A. Francillon, and D. Balzarotti, “Avatar: A framework to support dynamic security analysis of embedded systems’ firmwares,” in Proceedings of the 2014 Network and Distributed System Security Symposium. The Internet Society, 2014, pp. 23-26. [Online]. Available: http://dx.doi.org/10.14722/ndss.2014.23229