2,495 research outputs found
Open-TEE - An Open Virtual Trusted Execution Environment
Hardware-based Trusted Execution Environments (TEEs) are widely deployed in
mobile devices. Yet their use has been limited primarily to applications
developed by the device vendors. Recent standardization of TEE interfaces by
GlobalPlatform (GP) promises to partially address this problem by enabling
GP-compliant trusted applications to run on TEEs from different vendors.
Nevertheless ordinary developers wishing to develop trusted applications face
significant challenges. Access to hardware TEE interfaces are difficult to
obtain without support from vendors. Tools and software needed to develop and
debug trusted applications may be expensive or non-existent.
In this paper, we describe Open-TEE, a virtual, hardware-independent TEE
implemented in software. Open-TEE conforms to GP specifications. It allows
developers to develop and debug trusted applications with the same tools they
use for developing software in general. Once a trusted application is fully
debugged, it can be compiled for any actual hardware TEE. Through performance
measurements and a user study we demonstrate that Open-TEE is efficient and
easy to use. We have made Open- TEE freely available as open source.Comment: Author's version of article to appear in 14th IEEE International
Conference on Trust, Security and Privacy in Computing and Communications,
TrustCom 2015, Helsinki, Finland, August 20-22, 201
Performance Debugging and Tuning using an Instruction-Set Simulator
Instruction-set simulators allow programmers a detailed level of insight into,
and control over, the execution of a program, including parallel programs and
operating systems. In principle, instruction set simulation can model any
target computer and gather any statistic. Furthermore, such simulators are
usually portable, independent of compiler tools, and deterministic-allowing
bugs to be recreated or measurements repeated. Though often viewed as being
too slow for use as a general programming tool, in the last several years
their performance has improved considerably.
We describe SIMICS, an instruction set simulator of SPARC-based
multiprocessors developed at SICS, in its rĂ´le as a general programming tool.
We discuss some of the benefits of using a tool such as SIMICS to support
various tasks in software engineering, including debugging, testing, analysis,
and performance tuning. We present in some detail two test cases, where we've
used SimICS to support analysis and performance tuning of two applications,
Penny and EQNTOTT. This work resulted in improved parallelism in, and
understanding of, Penny, as well as a performance improvement for EQNTOTT of
over a magnitude. We also present some early work on analyzing SPARC/Linux,
demonstrating the ability of tools like SimICS to analyze operating systems
Automated Dynamic Firmware Analysis at Scale: A Case Study on Embedded Web Interfaces
Embedded devices are becoming more widespread, interconnected, and
web-enabled than ever. However, recent studies showed that these devices are
far from being secure. Moreover, many embedded systems rely on web interfaces
for user interaction or administration. Unfortunately, web security is known to
be difficult, and therefore the web interfaces of embedded systems represent a
considerable attack surface.
In this paper, we present the first fully automated framework that applies
dynamic firmware analysis techniques to achieve, in a scalable manner,
automated vulnerability discovery within embedded firmware images. We apply our
framework to study the security of embedded web interfaces running in
Commercial Off-The-Shelf (COTS) embedded devices, such as routers, DSL/cable
modems, VoIP phones, IP/CCTV cameras. We introduce a methodology and implement
a scalable framework for discovery of vulnerabilities in embedded web
interfaces regardless of the vendor, device, or architecture. To achieve this
goal, our framework performs full system emulation to achieve the execution of
firmware images in a software-only environment, i.e., without involving any
physical embedded devices. Then, we analyze the web interfaces within the
firmware using both static and dynamic tools. We also present some interesting
case-studies, and discuss the main challenges associated with the dynamic
analysis of firmware images and their web interfaces and network services. The
observations we make in this paper shed light on an important aspect of
embedded devices which was not previously studied at a large scale.
We validate our framework by testing it on 1925 firmware images from 54
different vendors. We discover important vulnerabilities in 185 firmware
images, affecting nearly a quarter of vendors in our dataset. These
experimental results demonstrate the effectiveness of our approach
Digital signal processor fundamentals and system design
Digital Signal Processors (DSPs) have been used in accelerator systems for more than fifteen years and have largely contributed to the evolution towards digital technology of many accelerator systems, such as machine protection, diagnostics and control of beams, power supply and motors. This paper aims at familiarising the reader with DSP fundamentals, namely DSP characteristics and processing development. Several DSP examples are given, in particular on Texas Instruments DSPs, as they are used in the DSP laboratory companion of the lectures this paper is based upon. The typical system design flow is described; common difficulties, problems and choices faced by DSP developers are outlined; and hints are given on the best solution
Application of special-purpose digital computers to rotorcraft real-time simulation
The use of an array processor as a computational element in rotorcraft real-time simulation is studied. A multilooping scheme was considered in which the rotor would loop over its calculations a number of time while the remainder of the model cycled once on a host computer. To prove that such a method would realistically simulate rotorcraft, a FORTRAN program was constructed to emulate a typical host-array processor computing configuration. The multilooping of an expanded rotor model, which included appropriate kinematic equations, resulted in an accurate and stable simulation
InternalBlue - Bluetooth Binary Patching and Experimentation Framework
Bluetooth is one of the most established technologies for short range digital
wireless data transmission. With the advent of wearables and the Internet of
Things (IoT), Bluetooth has again gained importance, which makes security
research and protocol optimizations imperative. Surprisingly, there is a lack
of openly available tools and experimental platforms to scrutinize Bluetooth.
In particular, system aspects and close to hardware protocol layers are mostly
uncovered.
We reverse engineer multiple Broadcom Bluetooth chipsets that are widespread
in off-the-shelf devices. Thus, we offer deep insights into the internal
architecture of a popular commercial family of Bluetooth controllers used in
smartphones, wearables, and IoT platforms. Reverse engineered functions can
then be altered with our InternalBlue Python framework---outperforming
evaluation kits, which are limited to documented and vendor-defined functions.
The modified Bluetooth stack remains fully functional and high-performance.
Hence, it provides a portable low-cost research platform.
InternalBlue is a versatile framework and we demonstrate its abilities by
implementing tests and demos for known Bluetooth vulnerabilities. Moreover, we
discover a novel critical security issue affecting a large selection of
Broadcom chipsets that allows executing code within the attacked Bluetooth
firmware. We further show how to use our framework to fix bugs in chipsets out
of vendor support and how to add new security features to Bluetooth firmware
HyperDbg: Reinventing Hardware-Assisted Debugging (Extended Version)
Software analysis, debugging, and reverse engineering have a crucial impact
in today's software industry. Efficient and stealthy debuggers are especially
relevant for malware analysis. However, existing debugging platforms fail to
address a transparent, effective, and high-performance low-level debugger due
to their detectable fingerprints, complexity, and implementation restrictions.
In this paper, we present HyperDbg, a new hypervisor-assisted debugger for
high-performance and stealthy debugging of user and kernel applications. To
accomplish this, HyperDbg relies on state-of-the-art hardware features
available in today's CPUs, such as VT-x and extended page tables. In contrast
to other widely used existing debuggers, we design HyperDbg using a custom
hypervisor, making it independent of OS functionality or API. We propose
hardware-based instruction-level emulation and OS-level API hooking via
extended page tables to increase the stealthiness. Our results of the dynamic
analysis of 10,853 malware samples show that HyperDbg's stealthiness allows
debugging on average 22% and 26% more samples than WinDbg and x64dbg,
respectively. Moreover, in contrast to existing debuggers, HyperDbg is not
detected by any of the 13 tested packers and protectors. We improve the
performance over other debuggers by deploying a VMX-compatible script engine,
eliminating unnecessary context switches. Our experiment on three concrete
debugging scenarios shows that compared to WinDbg as the only kernel debugger,
HyperDbg performs step-in, conditional breaks, and syscall recording, 2.98x,
1319x, and 2018x faster, respectively. We finally show real-world applications,
such as a 0-day analysis, structure reconstruction for reverse engineering,
software performance analysis, and code-coverage analysis
Using Partial Reconfiguration for SoC Design and Implementation
Most reconfigurable systems rely on FPGA technology. Among these ones, those which permit dynamic and partial reconfiguration, offer added benefits in flexibility, in-field device upgrade, improved design and manufacturing time, and even, in some cases, power consumption reductions. However, dynamic reconfiguration is a complex task, and the real benefits of its use in real applications have been often questioned. This paper presents an overview of the partial reconfiguration technique application, along with four original applications. The main goal of these applications is to test several architectures with different flexibility and, to search for the partial reconfiguration "killing application", that is, the application that better demonstrates the benefits of today reconfigurable systems based on commercial FPGAs. Therefore, the presented applications are rather a proof of concept, than fully operative and closed systems. First, a brief introduction to the partial reconfigurable systems application topic has been included. After that, the descriptions of the created reconfigurable systems are presented: first, an on-chip communications emulation framework, second, an on chip debugging system, third, a wireless sensor network reconfigurable node and finally, a remote reconfigurable client-server device. Each application is described in a separate section of the paper along with some test and results. General conclusions are included at the end of the pape
- …