Graduate School and Research Center in Digital Sciences

HardSnap: Leveraging hardware snapshotting for embedded systems security testing

Corteggiani, Nassim; Francillon, Aurélien

DSN 2020, 50th IEEE/IFIP International Conference on Dependable Systems and Networks, 29 June-02 July, 2020, Valencia, Spain

Advanced dynamic analysis techniques such as fuzzing and Dynamic Symbolic Execution (DSE) are a cornerstone of software security testing and are becoming popular with embedded systems testing. Testing software in a virtual machine provides more visibility and control. VM snapshots also save testing time by facilitating crash reproduction, performing root cause analysis and avoiding re-executing programs from the start. However, because embedded systems are very diverse virtual machines that perfectly emulate them are often unavailable. Previous work therefore either attempt to model hardware or perform partial emulation (forwarding interaction to the real hardware), which leads to inaccurate or slow emulation. However, such limitations are unnecessary when the whole design is available, e.g., to the device manufacturer or on open hardware. In this paper, we therefore propose a novel approach, called HardSnap, for co-testing hardware and software with a high level of introspection. HardSnap aims at improving security testing of hardware/software co-designed systems, where embedded systems designers have access to the whole HW/SW stack. HardSnap is a virtual-machine-based solution that extends visibility and controllability to the hardware peripherals with a negligible overhead. HardSnap introduces the concept of a hardware snapshot that collects the hardware state (together with software state). In our prototype, Verilog hardware blocks are either simulated in software or synthesized to an FPGA. In both cases HardSnap is able to generate HW/SW snapshot on demand. HardSnap is designed to support new peripherals automatically, to have high performance, and full controllability and visibility on software and hardware. We evaluated HardSnap on open-source peripherals and synthetic firmware to demonstrate improved ability to find and diagnose security issues.  

Document Doi Bibtex

Title:HardSnap: Leveraging hardware snapshotting for embedded systems security testing
Keywords:Embedded systems, Hardware snapshotting, Security analysis, Symbolic execution
Type:Conference
Language:English
City:Valencia
Country:SPAIN
Date:
Department:Digital Security
Eurecom ref:6269
Copyright: © 2020 IEEE. Personal use of this material is permitted. However, permission to reprint/republish this material for advertising or promotional purposes or for creating new collective works for resale or redistribution to servers or lists, or to reuse any copyrighted component of this work in other works must be obtained from the IEEE.
Bibtex: @inproceedings{EURECOM+6269, doi = {http://dx.doi.org/10.1109/DSN48063.2020.00046}, year = {2020}, title = {{H}ard{S}nap: {L}everaging hardware snapshotting for embedded systems security testing}, author = {{C}orteggiani, {N}assim and {F}rancillon, {A}ur{\'e}lien}, booktitle = {{DSN} 2020, 50th {IEEE}/{IFIP} {I}nternational {C}onference on {D}ependable {S}ystems and {N}etworks, 29 {J}une-02 {J}uly, 2020, {V}alencia, {S}pain}, address = {{V}alencia, {SPAIN}}, month = {06}, url = {http://www.eurecom.fr/publication/6269} }
See also: