Automatic Vulnerability Detection in Embedded Devices and Firmware

Qasem, Abdullah; Shirani, Paria; Debbabi, Mourad; Wang, Lingyu; Lebel, Bernard; Agba, Basile L.

doi:10.1145/3432893

Cited by 39 publications

(17 citation statements)

References 121 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Ultrasonic data acquisition refers to the analysis of the source code or binary code of the program without running the program [16][17][18]. rough ultrasonic data acquisition, a clear framework understanding of the program can be realized, and the combination of dynamic and static is realized according to the corresponding ultrasonic data acquisition, focusing on solving the problem of false alarm rate [19,20].…”

Section: Binary Program Ultrasonic Data Acquisitionmentioning

confidence: 99%

Detection and Analysis of Man-Machine Interactive Software Vulnerabilities Based on Ultrasonic Data Acquisition and Signal Processing Algorithms

Lei

2021

Advances in Multimedia

View full text Add to dashboard Cite

With the gradual increase in the informatization, there is much software in various industries, such as data management, business execution, public orientation, and company OA, which greatly facilitates the development of various tasks, but it also brings many hidden dangers. There exist certain vulnerabilities in some software, which have become backdoors to be attacked. In view of these needs and potential hazards, the ultrasonic data acquisition and signal processing algorithms are introduced in this paper, analyzing and grasping the possibility of potentially dangerous paths by combining the instruction addresses and locations of software vulnerabilities, and avoid the existence of these software vulnerabilities through corresponding constraint instructions. The simulation experiment results prove that the ultrasonic data acquisition and signal processing algorithms are effective and can support the detection and analysis of man-machine interactive software vulnerabilities.

show abstract

Section: Binary Program Ultrasonic Data Acquisitionmentioning

confidence: 99%

Detection and Analysis of Man-Machine Interactive Software Vulnerabilities Based on Ultrasonic Data Acquisition and Signal Processing Algorithms

Lei

2021

Advances in Multimedia

View full text Add to dashboard Cite

show abstract

“…Furthermore, our goal was to investigate underexplored research questions in the field by conducting a series of rigorous experiments. For a complete survey, we refer readers to the recent surveys on BCSA [152], [153].…”

Section: Discussionmentioning

confidence: 99%

Revisiting Binary Code Similarity Analysis Using Interpretable Feature Engineering and Lessons Learned

Kim

Kil

et al. 2023

IIEEE Trans. Software Eng.

View full text Add to dashboard Cite

Binary code similarity analysis (BCSA) is widely used for diverse security applications, including plagiarism detection, software license violation detection, and vulnerability discovery. Despite the surging research interest in BCSA, it is significantly challenging to perform new research in this field for several reasons. First, most existing approaches focus only on the end results, namely, increasing the success rate of BCSA, by adopting uninterpretable machine learning. Moreover, they utilize their own benchmark, sharing neither the source code nor the entire dataset. Finally, researchers often use different terminologies or even use the same technique without citing the previous literature properly, which makes it difficult to reproduce or extend previous work. To address these problems, we take a step back from the mainstream and contemplate fundamental research questions for BCSA. Why does a certain technique or a certain feature show better results than the others? Specifically, we conduct the first systematic study on the basic features used in BCSA by leveraging interpretable feature engineering on a large-scale benchmark. Our study reveals various useful insights on BCSA. For example, we show that a simple interpretable model with a few basic features can achieve a comparable result to that of recent deep learning-based approaches. Furthermore, we show that the way we compile binaries or the correctness of underlying binary analysis tools can significantly affect the performance of BCSA. Lastly, we make all our source code and benchmark public and suggest future directions in this field to help further research.

show abstract

“…Various aspects regarding the analysis of firmware binaries and configuration security have been explored in previous studies. While it may seem like most aspects of firmware analysis have already been covered by previous studies, most such studies have focused on Linux-based systems [64]. We observe that the analysis of stripped binaries targeting nontraditional operating systems and the ARM Thumb instruction set, which is increasingly favoured by IoT peripherals and which is the focus of our analysis, has still not been explored sufficiently.…”

Section: Related Workmentioning

confidence: 96%

argXtract: Deriving IoT Security Configurations via Automated Static Analysis of Stripped ARM Binaries

Sivakumaran,

Blasco

2021

Preprint

View full text Add to dashboard Cite

Recent high-profile attacks on the Internet of Things (IoT) have brought to the forefront the vulnerability of "smart" devices, and have resulted in IoT technologies and devices being subjected to numerous security analyses. Many of the attacks had weak device configuration as the root cause, making the configuration of IoT devices a vector of interest for security analysis. One potential source of rich and definitive information about the configuration of an IoT device is the device's firmware itself. However, firmware analysis is complex and automated firmware analyses have thus far been confined to IoT hub or gateway devices, or peripheral devices with more traditional operating systems such as Linux or VxWorks. Most IoT peripherals, by their very nature of being resource-constrained, lacking traditional operating systems and implementing a wide variety of communication technologies, have only been the subject of smaller-scale analyses, typically confined to a certain class or brand of device. Analysing peripheral firmware is further complicated by the fact that peripheral firmware files are predominantly available as stripped binaries, without the ELF headers and symbol tables that would simplify reverse engineering.In this paper, we present argXtract, an open-source automated static analysis tool, which extracts security-relevant configuration information from stripped IoT peripheral firmware. Specifically, we target binaries that implement the ARM Cortex-M architecture, due to its growing popularity among IoT peripherals. argXtract overcomes the challenges associated with stripped Cortex-M analysis and is able to retrieve and process arguments to security-relevant supervisor and function calls, enabling automated bulk analysis of firmware files. We demonstrate this via three real-world case studies. The largest case study covers a dataset of 243 Bluetooth Low Energy binaries targeting Nordic Semiconductor chipsets, while the other two focus on Nordic ANT binaries and STMicroelectronics BlueNRG binaries. The results from all three case studies reveal widespread lack of security and privacy controls in IoT, such as minimal or no protection for data, fixed passkeys and trackable device addresses.

show abstract

Automatic Vulnerability Detection in Embedded Devices and Firmware

Cited by 39 publications

References 121 publications

Detection and Analysis of Man-Machine Interactive Software Vulnerabilities Based on Ultrasonic Data Acquisition and Signal Processing Algorithms

Detection and Analysis of Man-Machine Interactive Software Vulnerabilities Based on Ultrasonic Data Acquisition and Signal Processing Algorithms

Revisiting Binary Code Similarity Analysis Using Interpretable Feature Engineering and Lessons Learned

argXtract: Deriving IoT Security Configurations via Automated Static Analysis of Stripped ARM Binaries

Contact Info

Product

Resources

About