Ecole d'ingénieur et centre de recherche en Sciences du numérique

PIE: Parser identification in embedded systems

Cojocar, Lucian; Zaddach, Jonas; Verdult, Roel; Bos, Herbert; Francillon, Aurélien; Balzarotti, Davide

ACSAC 2015, Annual Computer Security Applications Conference, December 7-11, 2015, Los Angeles, CA, USA

Embedded systems are responsible for the security and safety of modern societies, controlling the correct operation of cars and airplanes, satellites and medical equipment, military units and all critical infrastructures. Being integrated in large and complex environments, embedded systems need to support several communication protocols to interact with other devices or with their users. Interestingly, embedded software often implements protocols that deviate from their original specifications. Some are extended with additional features, while others are completely undocumented. Furthermore, embedded parsers often consist of complex C code which is optimized to improve performance and reduce size. However, this code is rarely designed with security in mind, and often lacks proper input validation, making those devices vulnerable to memory corruption attacks. Furthermore, most embedded designs are closed source and third party security evaluations are only possible by looking at the binary firmware. In this paper we propose a methodology to identify parsers and complex processing logic present in binary code without access to their source code or documentation. Specifically we establish and evaluate a heuristic for detecting this type of code by means of static analysis. Afterwards we demonstrate the utility of this heuristic to identify firmware components treating input, perform reverse engineering to extract protocols, and discover and analyze bugs on four widely used devices: a GPS receiver, a power meter, a hard disk drive (HDD) and a Programmable Logic Controller (PLC). 

Document Doi Bibtex

Titre:PIE: Parser identification in embedded systems
Ville:Los Angeles
Département:Sécurité numérique
Eurecom ref:4714
Copyright: © ACM, 2015. This is the author's version of the work. It is posted here by permission of ACM for your personal use. Not for redistribution. The definitive version was published in ACSAC 2015, Annual Computer Security Applications Conference, December 7-11, 2015, Los Angeles, CA, USA
Bibtex: @inproceedings{EURECOM+4714, doi = {}, year = {2015}, title = {{PIE}: {P}arser identification in embedded systems}, author = {{C}ojocar, {L}ucian and {Z}addach, {J}onas and {V}erdult, {R}oel and {B}os, {H}erbert and {F}rancillon, {A}ur{\'e}lien and {B}alzarotti, {D}avide}, booktitle = {{ACSAC} 2015, {A}nnual {C}omputer {S}ecurity {A}pplications {C}onference, {D}ecember 7-11, 2015, {L}os {A}ngeles, {CA}, {USA}}, address = {{L}os {A}ngeles, {\'{E}}{TATS}-{UNIS}}, month = {12}, url = {} }
Voir aussi: