Automated Dynamic Firmware Analysis at Scale: A Case Study on Embedded Web Interfaces

Embedded devices are becoming more widespread, interconnected, and web-enabled than ever. However, recent studies showed that these devices are far from being secure. Moreover, many embedded systems rely on web interfaces for user interaction or administration. Unfortunately, web security is known to be difficult, and therefore the web interfaces of embedded systems represent a considerable attack surface. In this paper, we present the first fully automated framework that applies dynamic firmware analysis techniques to achieve, in a scalable manner, automated vulnerability discovery within embedded firmware images. We apply our framework to study the security of embedded web interfaces running in Commercial Off-The-Shelf (COTS) embedded devices, such as routers, DSL/cable modems, VoIP phones, IP/CCTV cameras. We introduce a methodology and implement a scalable framework for discovery of vulnerabilities in embedded web interfaces regardless of the vendor, device, or architecture. To achieve this goal, our framework performs full system emulation to achieve the execution of firmware images in a software-only environment, i.e., without involving any physical embedded devices. Then, we analyze the web interfaces within the firmware using both static and dynamic tools. We also present some interesting case-studies, and discuss the main challenges associated with the dynamic analysis of firmware images and their web interfaces and network services. The observations we make in this paper shed light on an important aspect of embedded devices which was not previously studied at a large scale. We validate our framework by testing it on 1925 firmware images from 54 different vendors. We discover important vulnerabilities in 185 firmware images, affecting nearly a quarter of vendors in our dataset. These experimental results demonstrate the effectiveness of our approach

A Modular Logic Approach for Expressing Web Services in XML Applying Dynamic Rules in XML

RuleML is considered to be a markup language for the semantic web. It allows the enrichment of web ontologies by adding definitions of derived concepts and it enhances interoperability among different systems and tools by publishing rules in an XML format. Moreover the in-creasing demand for interfaces that enhance information sharing has given rise to XML doc-uments that include embedded calls to web services. In this paper we propose a variation of RuleML that is based on modular logic programming. Our approach is based in a two level architecture. In the first level a modular logic language, called M-log, is presented. This lan-guage encompasses several mechanisms for invoking web services. In the second level we ex-ploit the semantics of M-log to present a variation of RuleML with rich modeling capabilities. Formal foundations for this variation are given through direct translation to M-log semantics.Knowledge Management, XML, Modular Logic Programming, E-Services

Minimalist Architecture to Generate Embedded System Web User Interfaces

Part 9: Embedded Systems and Petri NetsInternational audienceThis paper presents a new architecture to semi-automatically generate Web user interfaces for Embedded Systems designed using IOPT Petri Net models. The user interfaces can be used to remotely control, monitor and debug embedded systems using a standard Web Browser. The proposed architecture takes advantage of the distributed nature of the Internet to store all static user interface data and software on third-party Web services (the Cloud), and execute the user-interface code on the user’s Web Browser. A simplified protocol is proposed to enable remote control, status-monitoring, debugging and step-by-step execution, minimizing resource consumption on the physical embedded devices, including processing load, memory and communication bandwidth. As the user interface data and code are kept on third-party Web services, these resources can be shared among multiple embedded device units, and the hardware requirements to implement the devices can be simplified, leading to reduced cost solutions. To prevent down-time due to network problems or server failures, a fault-tolerant topology is suggested. The distributed architecture is transparent to end-users, observing just a Web interface for an embedded device on the other side of an Internet URL

Enabling the web of things: facilitating deployment, discovery and resource access to IoT objects using embedded web services

Today, the IETF Constrained Application Protocol (CoAP) is being standardised. CoAP takes the internet of things to the next level: it enables the implementation of RESTful web services on embedded devices, thus enabling the construction of an easily accessible web of things. However, before tiny objects can make themselves available through embedded web services, several manual configuration steps are still needed to integrate a sensor network within an existing networking environment. In this paper, we describe a novel self-organisation solution to facilitate the deployment of constrained networks and enable the discovery, end-to-end connectivity and service usage of these newly deployed sensor nodes. By using embedded web service technology, the need of other protocols on these resource constrained devices is avoided. It allows automatic hierarchical discovery of CoAP servers, resulting in a browsable hierarchy of CoAP servers, which can be accessed both over CoAP and hypertext transfer protocol

Transparent and scalable client-side server selection using netlets

Replication of web content in the Internet has been found to improve service response time, performance and reliability offered by web services. When working with such distributed server systems, the location of servers with respect to client nodes is found to affect service response time perceived by clients in addition to server load conditions. This is due to the characteristics of the network path segments through which client requests get routed. Hence, a number of researchers have advocated making server selection decisions at the client-side of the network. In this paper, we present a transparent approach for client-side server selection in the Internet using Netlet services. Netlets are autonomous, nomadic mobile software components which persist and roam in the network independently, providing predefined network services. In this application, Netlet based services embedded with intelligence to support server selection are deployed by servers close to potential client communities to setup dynamic service decision points within the network. An anycast address is used to identify available distributed decision points in the network. Each service decision point transparently directs client requests to the best performing server based on its in-built intelligence supported by real-time measurements from probes sent by the Netlet to each server. It is shown that the resulting system provides a client-side server selection solution which is server-customisable, scalable and fault transparent

Embedding Web-based Statistical Translation Models in Cross-Language Information Retrieval

Although more and more language pairs are covered by machine translation services, there are still many pairs that lack translation resources. Cross-language information retrieval (CLIR) is an application which needs translation functionality of a relatively low level of sophistication since current models for information retrieval (IR) are still based on a bag-of-words. The Web provides a vast resource for the automatic construction of parallel corpora which can be used to train statistical translation models automatically. The resulting translation models can be embedded in several ways in a retrieval model. In this paper, we will investigate the problem of automatically mining parallel texts from the Web and different ways of integrating the translation models within the retrieval process. Our experiments on standard test collections for CLIR show that the Web-based translation models can surpass commercial MT systems in CLIR tasks. These results open the perspective of constructing a fully automatic query translation device for CLIR at a very low cost.Comment: 37 page

Lightweight XML-based query, integration and visualization of distributed, multimodality brain imaging data

A need of many neuroimaging researchers is to integrate multimodality brain data that may be stored in separate databases. To address this need we have developed a framework that provides a uniform XML-based query interface across multiple online data sources. The development of this framework is driven by the need to integrate neurosurgical and neuroimaging data related to language. The data sources for the language studies are 1) a web-accessible relational database of neurosurgical cortical stimulation mapping data (CSM) that includes patient-specific 3-D coordinates of each stimulation site mapped to an MRI reconstruction of the patient brain surface; and 2) an XML database of fMRI and structural MRI data and analysis results, created automatically by a batch program we have embedded in SPM. To make these sources available for querying each is wrapped as an XML view embedded in a web service. A top level web application accepts distributed XQueries over the sources, which are dispatched to the underlying web services. Returned results can be displayed as XML, HTML, CSV (Excel format), a 2-D schematic of a parcellated brain, or a 3-D brain visualization. In the latter case the CSM patient-specific coordinates returned by the query are sent to a transformation web-service for conversion to normalized space, after which they are sent to our 3-D visualization program MindSeer, which is accessed via Java WebStart through a generated link. The anatomical distribution of pooled CSM sites can then be visualized using various surfaces derived from brain atlases. As this framework is further developed and generalized we believe it will have appeal for researchers who wish to query, integrate and visualize results across their own databases as well as those of collaborators

Implementing Dynamically Evolvable Communication with Embedded Systems through WEB Services

Embedded systems that monitor and control safety and mission critical system are communicated with by a HOST located at a remote location through Internet. Such kind of embedded systems are developed to be dynamically evolvable with respect to syntax, semantics, online testing and communication subsystems. All these systems are to be dynamically evolvable and the components needed for evolution are also to be added into the embedded system. Architectural  models describe  various components using which dynamically evolvable sub-systems are realised through implementation by using specific and related technologies. Implementation system describe the platform, code units and the interlacing of various processes/tasks to the elementary level of details. WEB services place an excellent platform for implementing dynamically evolvable  systems due to the use of open standards. This paper presents an implementation system that is related to dynamically evolvable communication and other sub-systems using web services technologies