Graduate School and Research Center in Digital Sciences

HardSnap: Leveraging hardware snapshotting for embedded systems security testing

Corteggiani, Nassim; Francillon, Aurélien

DSN 2020, 50th IEEE/IFIP International Conference on Dependable Systems and Networks, 29 June-02 July, 2020, Valencia, Spain

Advanced dynamic analysis techniques   such as fuzzing and Dynamic Symbolic Execution   (DSE) are a cornerstone of software security testing and   are becoming popular with embedded systems testing.   Testing software in a virtual machine provides more   visibility and control. VM snapshots also save testing   time by facilitating crash reproduction, performing   root cause analysis and avoiding re-executing programs   from the start.   However, because embedded systems are very diverse   virtual machines that perfectly emulate them are   often unavailable. Previous work therefore either attempt   to model hardware or perform partial emulation   (forwarding interaction to the real hardware), which   leads to inaccurate or slow emulation. However, such   limitations are unnecessary when the whole design is   available, e.g., to the device manufacturer or on open   hardware.   In this paper, we therefore propose a novel approach,   called HardSnap, for co-testing hardware and software   with a high level of introspection. HardSnap aims at   improving security testing of hardware/software codesigned   systems, where embedded systems designers   have access to the whole HW/SW stack. HardSnap is   a virtual-machine-based solution that extends visibility   and controllability to the hardware peripherals with a   negligible overhead. HardSnap introduces the concept   of a hardware snapshot that collects the hardware state   (together with software state). In our prototype, Verilog   hardware blocks are either simulated in software   or synthesized to an FPGA. In both cases, HardSnap is   able to generate HW/SW snapshot on demand. Hard-   Snap is designed to support new peripherals automatically,   to have high performance, and full controllability   and visibility on software and hardware. We evaluated   HardSnap on open-source peripherals and synthetic   firmware to demonstrate improved ability to find and   diagnose security issues.

Document Bibtex

Title:HardSnap: Leveraging hardware snapshotting for embedded systems security testing
Keywords:Embedded systems, Hardware snapshotting, Security analysis, Symbolic execution
Type:Conference
Language:English
City:Valencia
Country:SPAIN
Date:
Department:Digital Security
Eurecom ref:6269
Copyright: © 2020 IEEE. Personal use of this material is permitted. However, permission to reprint/republish this material for advertising or promotional purposes or for creating new collective works for resale or redistribution to servers or lists, or to reuse any copyrighted component of this work in other works must be obtained from the IEEE.
Bibtex: @inproceedings{EURECOM+6269, year = {2020}, title = {{H}ard{S}nap: {L}everaging hardware snapshotting for embedded systems security testing}, author = {{C}orteggiani, {N}assim and {F}rancillon, {A}ur{\'e}lien}, booktitle = {{DSN} 2020, 50th {IEEE}/{IFIP} {I}nternational {C}onference on {D}ependable {S}ystems and {N}etworks, 29 {J}une-02 {J}uly, 2020, {V}alencia, {S}pain}, address = {{V}alencia, {SPAIN}}, month = {06}, url = {http://www.eurecom.fr/publication/6269} }
See also: