4,489 research outputs found
Automated Dynamic Firmware Analysis at Scale: A Case Study on Embedded Web Interfaces
Embedded devices are becoming more widespread, interconnected, and
web-enabled than ever. However, recent studies showed that these devices are
far from being secure. Moreover, many embedded systems rely on web interfaces
for user interaction or administration. Unfortunately, web security is known to
be difficult, and therefore the web interfaces of embedded systems represent a
considerable attack surface.
In this paper, we present the first fully automated framework that applies
dynamic firmware analysis techniques to achieve, in a scalable manner,
automated vulnerability discovery within embedded firmware images. We apply our
framework to study the security of embedded web interfaces running in
Commercial Off-The-Shelf (COTS) embedded devices, such as routers, DSL/cable
modems, VoIP phones, IP/CCTV cameras. We introduce a methodology and implement
a scalable framework for discovery of vulnerabilities in embedded web
interfaces regardless of the vendor, device, or architecture. To achieve this
goal, our framework performs full system emulation to achieve the execution of
firmware images in a software-only environment, i.e., without involving any
physical embedded devices. Then, we analyze the web interfaces within the
firmware using both static and dynamic tools. We also present some interesting
case-studies, and discuss the main challenges associated with the dynamic
analysis of firmware images and their web interfaces and network services. The
observations we make in this paper shed light on an important aspect of
embedded devices which was not previously studied at a large scale.
We validate our framework by testing it on 1925 firmware images from 54
different vendors. We discover important vulnerabilities in 185 firmware
images, affecting nearly a quarter of vendors in our dataset. These
experimental results demonstrate the effectiveness of our approach
Cutting Through the Complexity of Reverse Engineering Embedded Devices
Performing security analysis of embedded devices is a challenging task. They present many difficulties not usually found when analyzing commodity systems: undocumented peripherals, esoteric instruction sets, and limited tool support. Thus, a significant amount of reverse engineering is almost always required to analyze such devices. In this paper, we present Incision, an architecture and operating-system agnostic reverse engineering framework. Incision tackles the problem of reducing the upfront effort to analyze complex end-user devices. It combines static and dynamic analyses in a feedback loop, enabling information from each to be used in tandem to improve our overall understanding of the firmware analyzed. We use Incision to analyze a variety of devices and firmware. Our evaluation spans firmware based on three RTOSes, an automotive ECU, and a 4G/LTE baseband. We demonstrate that Incision does not introduce significant complexity to the standard reverse engineering process and requires little manual effort to use. Moreover, its analyses produce correct results with high confidence and are robust across different OSes and ISAs
The STAR MAPS-based PiXeL detector
The PiXeL detector (PXL) for the Heavy Flavor Tracker (HFT) of the STAR
experiment at RHIC is the first application of the state-of-the-art thin
Monolithic Active Pixel Sensors (MAPS) technology in a collider environment.
Custom built pixel sensors, their readout electronics and the detector
mechanical structure are described in detail. Selected detector design aspects
and production steps are presented. The detector operations during the three
years of data taking (2014-2016) and the overall performance exceeding the
design specifications are discussed in the conclusive sections of this paper
Hardware/Software Co-verification Using Path-based Symbolic Execution
Conventional tools for formal hardware/software co-verification use
bounded model checking techniques to construct a single monolithic propositional formula. Formulas generated in this way are extremely complex and contain a great deal of irrelevant logic, hence
are difficult to solve even by the state-of-the-art Satisfiability (SAT)
solvers. In a typical hardware/software co-design the firmware only
exercises a fraction of the hardware state-space, and we can use this
observation to generate simpler and more concise formulas. In this
paper, we present a novel verification algorithm for hardware/software co-designs that identify partitions of the firmware and the hardware logic pertaining to the feasible execution paths by means of
path-based symbolic simulation with custom path-pruning, propertyguided slicing and incremental SAT solving. We have implemented
this approach in our tool COVERIF. We have experimentally compared COVERIF with HW-CBMC, a monolithic BMC based co-verification
tool, and observed an average speed-up of 5× over HW-CBMC for
proving safety properties as well as detecting critical co-design bugs
in an open-source Universal Asynchronous Receiver Transmitter
design and a large SoC design
Firmware Counterfeiting and Modification Attacks on Programmable Logic Controllers
Recent attacks on industrial control systems (ICSs), like the highly publicized Stuxnet malware, have perpetuated a race to the bottom where lower level attacks have a tactical advantage. Programmable logic controller (PLC) firmware, which provides a software-driven interface between system inputs and physically manifested outputs, is readily open to modification at the user level. Current efforts to protect against firmware attacks are hindered by a lack of prerequisite research regarding details of attack development and implementation. In order to obtain a more complete understanding of the threats posed by PLC firmware counterfeiting and the feasibility of such attacks, this research explores the vulnerability of common controllers to intentional firmware modifications. After presenting a general analysis process that takes advantage of various techniques and methodologies applied to similar scenarios, this work derives the firmware update validation method used for the Allen-Bradley ControlLogix PLC. A proof of concept demonstrates how to alter a legitimate firmware update and successfully upload it to a ControlLogix L61. Possible mitigation strategies discussed include digitally signed and encrypted firmware as well as preemptive and post-mortem analysis methods to provide protection. Results of this effort facilitate future research in PLC firmware security through direct example of firmware counterfeiting
Automated testing with Wireless Communication in the digitalised industry : A case study of Mirka Oy
Advanced automation technologies are changing the dynamics of the process and manufacturing industries. Product development processes are becoming smarter with the application of intelligent solutions and automated testing. The industry 4.0 concept of centralized control for industrial devices results in a rapid increase in the demand for the industrial Internet of Things (IoT) and cordless machines. Wireless communication protocols are integral to the functioning of such devices.
This thesis work is performed with Mirka Oy during the development process of a smart industrial cordless tool. Various available short-range wireless communication protocols are studied to find out the best possible solution to match the product requirements. Besides, an automated testing platform is developed to verify and validate the functional description of the devices. All the stages, starting from the types of embedded system testing, device test requirements, test case designing leading to a comprehensive testing platform are explained. Results generated by the automated platform are analysed, which shows that all the test execution is successful.
The successful implantation of this automated testing platform would significantly increase the efficiency of the development and testing process. Moreover, this dissertation highlights further development in terms of the application of the Artificial Intelligence (AI) and Machine learning (ML) technique for smarter testing processes and increase the overall performance of the testing framework
- …