Ecole d'ingénieur et centre de recherche en Sciences du numérique

AVATAR: A framework to support dynamic security analysis of embedded systems' firmwares

Zaddach, Jonas; Bruno, Luca; Francillon, Aurelien; Balzarotti, Davide

NDSS 2014, Network and Distributed System Security Symposium, 23-26 February 2014, San Diego, USA

To address the growing concerns about the security of embedded systems, it is important to perform accurate analysis of firmware binaries, even when the source code or the hardware documentation are not available. However, research in this field is hindered by the lack of dedicated tools. For example, dynamic analysis is one of the main foundations of security analysis, e.g., through dynamic taint tracing or symbolic execution. Unlike static analysis, dynamic analysis relies on the ability to execute software in a controlled environment, often an instrumented emulator. However, emulating firmwares of embedded devices requires accurate models of all hardware components used by the system under analysis. Unfortunately, the lack of documentation and the large variety of hardware on the market make this approach infeasible in practice. In this paper we present Avatar, a framework that enables complex dynamic analysis of embedded devices by orchestrating the execution of an emulator together with the real hardware. We first introduce the basic mechanism to forward I/O accesses from the emulator to the embedded device, and then describe several techniques to improve the system's performance by dynamically optimizing the distribution of code and data between the two environments. Finally, we evaluate our tool by applying it to three different security scenarios, including reverse engineering, vulnerability discovery and hardcoded backdoor detection. To show the flexibility of Avatar, we perform this analysis on three completely different devices: a GSM feature phone, a hard disk bootloader, and a wireless sensor node. 

Document Doi Hal Bibtex

Titre:AVATAR: A framework to support dynamic security analysis of embedded systems' firmwares
Type:Conférence
Langue:English
Ville:San Diego
Pays:ÉTATS-UNIS
Date:
Département:Sécurité numérique
Eurecom ref:4158
Copyright: © ISOC. Personal use of this material is permitted. The definitive version of this paper was published in NDSS 2014, Network and Distributed System Security Symposium, 23-26 February 2014, San Diego, USA and is available at : http://dx/doi.org/10.14722/ndss.2014.23229
Bibtex: @inproceedings{EURECOM+4158, doi = {http://dx/doi.org/10.14722/ndss.2014.23229}, year = {2014}, title = {{AVATAR}: {A} framework to support dynamic security analysis of embedded systems' firmwares}, author = {{Z}addach, {J}onas and {B}runo, {L}uca and {F}rancillon, {A}urelien and {B}alzarotti, {D}avide }, booktitle = {{NDSS} 2014, {N}etwork and {D}istributed {S}ystem {S}ecurity {S}ymposium, 23-26 {F}ebruary 2014, {S}an {D}iego, {USA}}, address = {{S}an {D}iego, {\'{E}}{TATS}-{UNIS}}, month = {02}, url = {http://www.eurecom.fr/publication/4158} }
Voir aussi: