A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2021; you can also visit the original URL.
The file type is application/pdf.
Filters
Automatic Firmware Emulation through Invalidity-guided Knowledge Inference (Extended Version)
[article]
2021
arXiv
pre-print
Preserved Fulltext
Other Versions
Unlike existing work that attempts to build a general model for each peripheral, our approach learns how to correctly emulate firmware execution at individual peripheral access points. ...
In this work, we propose a new approach called uEmu to emulate firmware with unknown peripherals. ...
We thank Bo Feng for providing us with the firmware samples used in P 2 IM [21] and kind guidance on configuring P 2 IM. We also thank Vitaly Chipounov for his help on adding ARM support to S2E. ...
arXiv:2107.07759v2
fatcat:vb4q7l3wxncyxpecn6jw5ll3xy
MetaEmu: An Architecture Agnostic Rehosting Framework for Automotive Firmware
[article]
2022
arXiv
pre-print
Preserved Fulltext
A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2022; you can also visit the original URL.
The file type is application/pdf.
In MetaEmu, we use a specification-based approach to cover peripherals, execution models, and analyses, which allows our framework to be easily extended. ...
Further, we show how MetaEmu enables a diverse set of analyses by implementing a fuzzer, a symbolic executor for solving peripheral access checks, a CAN ID reverse engineering tool, and an inter-device ...
ACKNOWLEDGMENTS This research is partially funded by the Engineering and Physical Sciences Research Council (EPSRC) under grant EP/R012598/1, EP/R008000/1 and EP/V000454/1. ...
arXiv:2208.03528v1
fatcat:gsprp6c5ljeabdinklpujymi4i
P^2IM: Scalable and Hardware-independent Firmware Testing via Automatic Peripheral Interface Modeling (extended version)
[article]
2019
arXiv
pre-print
Preserved Fulltext
A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2020; you can also visit the original URL.
The file type is application/pdf.
Other Versions
P^2IM is oblivious to peripheral designs and generic to firmware implementations, and therefore, applicable to a wide range of embedded devices. ...
We evaluated our framework using 70 sample firmware and 10 firmware from real devices, including a drone, a robot, and a PLC. ...
Avatar [54] proposed a novel framework for hybrid emulation and used it for conducting concolic execution [33] . ...
arXiv:1909.06472v3
fatcat:zm372wbd75cpzdflxhukplkoam
DICE: Automatic Emulation of DMA Input Channels for Dynamic Firmware Analysis
[article]
2021
arXiv
pre-print
Preserved Fulltext
A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2020; you can also visit the original URL.
The file type is application/pdf.
Note that this fulltext copy is not of the "primary" version of this work. The version it corresponds to is:
2020 pre-print arXiv:2007.01502v1 fatcat:lwyuuc5xabco7b6ymtntijznnuOther Versions
We present DICE, a drop-in solution for firmware analyzers to emulate DMA input channels and generate or manipulate DMA inputs. ...
Among the approaches to securing embedded devices, dynamic firmware analysis gained great attention lately, thanks to its offline nature and low false-positive rates. ...
ACKNOWLEDGMENT The authors would like to thank the anonymous reviewers for their insightful comments. ...
arXiv:2007.01502v3
fatcat:o3jh5jjp7bg3lo3pvpx2ilwac4
FIE on Firmware: Finding Vulnerabilities in Embedded Systems Using Symbolic Execution
2013
USENIX Security Symposium
Preserved Fulltext
A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2022; you can also visit the original URL.
The file type is application/pdf.
We therefore design and implement a new tool, called FIE, that builds off the KLEE symbolic execution engine in order to provide an extensible platform for detecting bugs in firmware programs for the popular ...
) running on such devices. ...
Acknowledgements We would like to thank Kevin Fu, Matt Renzelmann and the anonymous reviewers for their extensive feedback on earlier drafts of this paper. ...
dblp:conf/uss/DavidsonMRJ13
fatcat:np6x7fkc7zcvblenxupsmitgkq
Where's Crypto?: Automated Identification and Classification of Proprietary Cryptographic Primitives in Binary Code
[article]
2020
arXiv
pre-print
Preserved Fulltext
A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2020; you can also visit the original URL.
The file type is application/pdf.
Other Versions
Unfortunately, their DFG isomorphism approach is limited to known primitives only, and relies on heuristics for selecting code fragments for analysis. ...
Lastly, we provide a free and open-source implementation of our approach, called Where's Crypto?, in the form of a plug-in for the popular IDA disassembler. ...
and not depend on peripheral emulation. ...
arXiv:2009.04274v2
fatcat:q7e65knjyzanblv3nug5ziwur4
The Evolution of Android Malware and Android Analysis Techniques
2017
ACM Computing Surveys
Preserved Fulltext
A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2020; you can also visit the original URL.
The file type is application/pdf.
It is therefore essential to devise effective techniques to analyze and detect these threats. ...
With the integration of mobile devices into daily life, smartphones are privy to increasing amounts of sensitive information. ...
Furthermore, full system emulation completely emulates a real device, which includes all system functionality and required peripherals. ...
doi:10.1145/3017427
fatcat:f2vdpgntincgvd4xv52l2ovray
Avatar: A Framework to Support Dynamic Security Analysis of Embedded Systems' Firmwares
2014
Proceedings 2014 Network and Distributed System Security Symposium
unpublished
Preserved Fulltext
A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2017; you can also visit the original URL.
The file type is application/pdf.
For example, dynamic analysis is one of the main foundations of security analysis, e.g., through dynamic taint tracing or symbolic execution. ...
In this paper we present Avatar, a framework that enables complex dynamic analysis of embedded devices by orchestrating the execution of an emulator together with the real hardware. ...
ACKNOWLEDGMENTS Authors would like to thank Pascal Sachs and Luka Malisa that worked on an early prototype of the system, and Lucian Cojocar for his helpful comments on the current version of Avatar. ...
doi:10.14722/ndss.2014.23229
fatcat:54oel6lwdbeqxaqias5hbdnagm
Hardware-Accelerated Platforms and Infrastructures for Network Functions: A Survey of Enabling Technologies and Research Studies
2020
IEEE Access
Preserved Fulltext
A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2021; you can also visit the original URL.
The file type is application/pdf.
The proposed Concolic Testing Engine (CTE) enumerates the parameters for the software functions which can be executed over an instruction set simulator on a virtual prototype emulated as a compute processor ...
The PCIe is a universal standard for core-to-I/O device communications. ...
doi:10.1109/access.2020.3008250
fatcat:kv4znpypqbatfk2m3lpzvzb2nu