In this talk we will make an overview of security problems that have been found with a large scale automated static analysis (within the firmware.re project [1, 2]) and with a more focused and more manual dynamic analysis (using the Avatar project [4, 5]). We will then discuss what we think we can do about this and how. We argue that to be more trustworthy devices need to be made more transparent (so that users can inspect them), controllable (so that users can do something about it) and resistant to attacks (so that devices will resist to basic attacks).
Analyzing thousands of firmware images and a few physical devices. What?s next?
TRUSTED 2016, 6th International Workshop on Trustworthy Embedded Devices, Co-located with ACM SIGSAC 2016, October 28th, 2016, Vienna, Austria
© ACM, 2016. This is the author's version of the work. It is posted here by permission of ACM for your personal use. Not for redistribution. The definitive version was published in TRUSTED 2016, 6th International Workshop on Trustworthy Embedded Devices, Co-located with ACM SIGSAC 2016, October 28th, 2016, Vienna, Austria http://dx.doi.org/10.1145/2995289.2995296
PERMALINK : https://www.eurecom.fr/publication/5043