research-article

MetaEmu: An Architecture Agnostic Rehosting Framework for Automotive Firmware

Authors:

Flavio D. GarciaAuthors Info & Claims

CCS '22: Proceedings of the 2022 ACM SIGSAC Conference on Computer and Communications Security

Pages 515 - 529

https://doi.org/10.1145/3548606.3559338

Published: 07 November 2022 Publication History

Abstract

In this paper we present MetaEmu, an architecture-agnostic framework geared towards rehosting and security analysis of automotive firmware. MetaEmu improves over existing rehosting environments in two ways: Firstly, it solves the hitherto open-problem of a lack of generic Virtual Execution Environments (VXEs) by synthesizing processor simulators from Ghidra's language definitions. Secondly, MetaEmu can rehost and analyze multiple targets, each of different architecture, simultaneously, and share analysis facts between each target's analysis environment, a technique we call inter-device analysis.

We show that the flexibility afforded by our approach does not lead to a performance trade-off---MetaEmu lifts rehosted firmware to an optimized intermediate representation, and provides performance comparable to existing emulation tools, such as Unicorn. Our evaluation spans five different architectures, bare-metal and RTOS-based firmware, and three kinds of automotive Electronic Control Unit (ECU) from four distinct vendors---none of which can be rehosted or emulated by current tools, due to lack of processor support. Further, we show how MetaEmu enables a diverse set of analyses by implementing a fuzzer, a symbolic executor for solving peripheral access checks, a CAN ID reverse engineering tool, and an inter-device coverage tracker.

Supplementary Material

MP4 File (CCS22-fp0059.mp4)

MetaEmu: An Architecture Agnostic Rehosting Framework for Automotive Firmware Available at: https://metaemu.fugue.re/ See our paper for more detail?

Download
473.31 MB

References

[1]

Alfred V. Aho, Monica S. Lam, Ravi Sethi, and Jeffrey D. Ullman. 2006. Compilers: Principles, Techniques, and Tools (2nd Edition). Addison-Wesley Longman Publishing Co., Inc., USA.

Digital Library

[2]

Airbus CyberSecurity. 2018. Fuzzing exotic arch with AFL using ghidra emulator. https://airbus-cyber-security.com/fuzzing-exotic-arch-with-afl-using-ghidra-emulator/.

[3]

Fabirce Bellard. 2003. QEMU: A generic and open source machine emulator and virtualizer. https://www.qemu.org.

[4]

Jo Van Bulck, Jan Tobias Mühlberg, and Frank Piessens. 2017. VulCAN: Efficient Component Authentication and Software Isolation for Automotive Control Networks. In Proceedings of the 33rd Annual Computer Security Applications Conference, Orlando, FL, USA, December 4-8, 2017. ACM, New York, NY, USA, 225--237. https://doi.org/10.1145/3134600.3134623

Digital Library

[5]

Chen Cao, Le Guan, Jiang Ming, and Peng Liu. 2020. Device-agnostic Firmware Execution is Possible: A Concolic Execution Approach for Peripheral Emulation. In ACSAC '20: Annual Computer Security Applications Conference, Virtual Event / Austin, TX, USA, 7-11 December, 2020. ACM, New York, NY, USA, 746--759. https://doi.org/10.1145/3427228.3427280

Digital Library

[6]

Stephen Checkoway, Damon McCoy, Brian Kantor, Danny Anderson, Hovav Shacham, Stefan Savage, Karl Koscher, Alexei Czeskis, Franziska Roesner, and Tadayoshi Kohno. 2011. Comprehensive Experimental Analyses of Automotive Attack Surfaces. In 20th USENIX Security Symposium, San Francisco, CA, USA, August 8-12, 2011, Proceedings. USENIX Association, San Francisco, CA. http://static.usenix.org/events/sec11/tech/full_papers/Checkoway.pdf

Digital Library

[7]

Zitai Chen, Sam L. Thomas, and Flavio D. Garcia. 2022. MetaEmu source code. https://metaemu.fugue.re.

[8]

Zitai Chen, Sam L. Thomas, and Flavio D. Garcia. 2022. MetaEmu supplementary material. https://metaemu.fugue.re/supplementary.pdf.

[9]

Abraham A. Clements, Logan Carpenter, William A. Moeglein, and Christopher Wright. 2021. Is Your Firmware Real or Re-Hosted? A case study in re-hosting VxWorks control system firmware. In Proceedings of the 2021 NDSS Workshop on Binary Analysis Research (NDSS BAR 2021).

[10]

Abraham A. Clements, Eric Gustafson, Tobias Scharnowski, Paul Grosen, David Fritz, Christopher Kruegel, Giovanni Vigna, Saurabh Bagchi, and Mathias Payer. 2020. HALucinator: Firmware Re-hosting Through Abstraction Layer Emulation. In 29th USENIX Security Symposium, USENIX Security 2020, August 12-14, 2020, Srdjan Capkun and Franziska Roesner (Eds.). USENIX Association, 1201--1218. https://www.usenix.org/conference/usenixsecurity20/presentation/clements

[11]

Nassim Corteggiani, Giovanni Camurati, and Aurélien Francillon. 2018. Inception: System-Wide Security Testing of Real-World Embedded Systems Software. In 27th USENIX Security Symposium, USENIX Security 2018, Baltimore, MD, USA, August 15-17, 2018, William Enck and Adrienne Porter Felt (Eds.). USENIX Association, 309--326. https://www.usenix.org/conference/usenixsecurity18/presentation/corteggiani

[12]

Nassim Corteggiani and Aurélien Francillon. 2020. HardSnap: Leveraging Hardware Snapshotting for Embedded Systems Security Testing. In 50th Annual IEEE/I- FIP International Conference on Dependable Systems and Networks, DSN 2020, Valencia, Spain, June 29 - July 2, 2020. IEEE, 294--305. https://doi.org/10.1109/DSN48063.2020.00046

[13]

Drew Davidson, Benjamin Moench, Thomas Ristenpart, and Somesh Jha. 2013. FIE on Firmware: Finding Vulnerabilities in Embedded Systems Using Symbolic Execution. In Proceedings of the 22th USENIX Security Symposium, Washington, DC, USA, August 14-16, 2013, Samuel T. King (Ed.). USENIX Association, 463--478. https://www.usenix.org/conference/usenixsecurity13/technical-sessions/paper/davidson

[14]

Jan Van den Herrewegen and Flavio D. Garcia. 2018. Beneath the Bonnet: A Breakdown of Diagnostic Security. In Computer Security - 23rd European Symposium on Research in Computer Security, ESORICS 2018, Barcelona, Spain, September 3-7, 2018, Proceedings, Part I (Lecture Notes in Computer Science, Vol. 11098), Javier López, Jianying Zhou, and Miguel Soriano (Eds.). Springer, 305--324. https://doi.org/10.1007/978-3-319-99073-6_15

Digital Library

[15]

Brendan Dolan-Gavitt, Josh Hodosh, Patrick Hulin, Tim Leek, and Ryan Whelan. 2015. Repeatable Reverse Engineering with PANDA. In Proceedings of the 5th Program Protection and Reverse Engineering Workshop, PPREW@ACSAC, Los Angeles, CA, USA, December 8, 2015.

Digital Library

[16]

Alexey Esaulenko. 2021. C166 Ghidra language definition. https://github.com/esaulenka/Ghidra_C166.

[17]

Andrew Fasano, Tiemoko Ballo, Marius Muench, Tim Leek, Alexander Bulekov, Brendan Dolan-Gavitt, Manuel Egele, Aurélien Francillon, Long Lu, Nick Gregory, Davide Balzarotti, and William Robertson. 2021. SoK: Enabling Security Analyses of Embedded Systems via Rehosting. In ASIA CCS '21: ACM Asia Conference on Computer and Communications Security, Virtual Event, Hong Kong, June 7-11, 2021. ACM, 687--701. https://doi.org/10.1145/3433210.3453093

Digital Library

[18]

Bo Feng, Alejandro Mera, and Long Lu. 2020. P2IM documentation. https://github.com/RiS3-Lab/p2im/blob/master/docs/add_mcu.md.

[19]

Bo Feng, Alejandro Mera, and Long Lu. 2020. P2IM: Scalable and Hardware-independent Firmware Testing via Automatic Peripheral Interface Modeling. In 29th USENIX Security Symposium, USENIX Security 2020, August 12-14, 2020, Srdjan Capkun and Franziska Roesner (Eds.). USENIX Association, 1237--1254. https://www.usenix.org/conference/usenixsecurity20/presentation/feng

[20]

Andrea Fioraldi and Dominik Maier. 2021. LibAFL. https://github.com/AFLplusplus/LibAFL.

[21]

Flavio D. Garcia, David F. Oswald, Timo Kasper, and Pierre Pavlidès. 2016. Lock It and Still Lose It - on the (In)Security of Automotive Remote Keyless En- try Systems. In 25th USENIX Security Symposium, USENIX Security 16, Austin, TX, USA, August 10--12, 2016, Thorsten Holz and Stefan Savage (Eds.). USENIX Association. https://www.usenix.org/conference/usenixsecurity16/technical-sessions/presentation/garcia

[22]

Patrice Godefroid. 2014. Micro execution. In 36th International Conference on Software Engineering, ICSE '14, Hyderabad, India - May 31 - June 07, 2014, Pankaj Jalote, Lionel C. Briand, and André van der Hoek (Eds.). ACM, 539--549. https://doi.org/10.1145/2568225.2568273

Digital Library

[23]

Ivan Gotovchits, Rijnard Van Tonder, and David Brumley. 2018. Saluki: finding taint-style vulnerabilities with static property checking. In Proceedings of the 2018 NDSS Workshop on Binary Analysis Research (NDSS BAR 2018).

[24]

Eric Gustafson, Marius Muench, Chad Spensky, Nilo Redini, Aravind Machiry, Yanick Fratantonio, Davide Balzarotti, Aurélien Francillon, Yung Ryn Choe, Christopher Kruegel, and Giovanni Vigna. 2019. Toward the Analysis of Embedded Firmware through Automated Re-hosting. In 22nd International Symposium on Research in Attacks, Intrusions and Defenses, RAID 2019, Chaoyang District, Beijing, China, September 23-25, 2019. USENIX Association, 135--150. https://www.usenix.org/conference/raid2019/presentation/gustafson

[25]

Lee Harrison, Hayawardh Vijayakumar, Rohan Padhye, Koushik Sen, and Michael Grace. 2020. PARTEMU: Enabling Dynamic Analysis of Real-World TrustZone Software Using Emulation. In 29th USENIX Security Symposium, USENIX Security 2020, August 12-14, 2020, Srdjan Capkun and Franziska Roesner (Eds.). USENIX Association, 789--806. https://www.usenix.org/conference/usenixsecurity20/presentation/harrison

[26]

Grant Hernandez, Marius Muench, Dominik Maier, Alyssa Milburn, Shinjo Park, Tobias Scharnowski, Tyler Tucker, Patrick Traynor, and Kevin R. B. Butler. 2022. FirmWire: Transparent Dynamic Analysis for Cellular Baseband Firmware. In 29th Annual Network and Distributed System Security Symposium, NDSS 2022, San Diego, California, USA, February 27 - March 3, 2022. The Internet Society.

[27]

Grant Hernandez, Marius Muench, Tyler Tucker, Hunter Searle, Weidong Zhu, Patrick Traynor, and Kevin Butler. 2020. Emulating Samsung's Baseband for Security Testing. https://i.blackhat.com/USA-20/Wednesday/us-20-Hernandez-Emulating-Samsungs-Baseband-For-Security-Testing.pdf. Black Hat USA (2020).

[28]

Infineon Technologies AG. 2001. C166S V2 16-Bit Microcontroller User Manual V1.7. https://www.infineon.com/dgdl/c166sv2um.pdf?fileId= db3a304412b407950112b41d4ea32fe3.

[29]

Evan Johnson, Maxwell Bland, Yifei Zhu, Joshua Mason, Stephen Checkoway, Stefan Savage, and Kirill Levchenko. 2021. Jetset: Targeted Firmware Rehosting for Embedded Systems. In 30th USENIX Security Symposium, USENIX Security 2021, August 11-13, 2021, Michael Bailey and Rachel Greenstadt (Eds.). USENIX Association, 321--338. https://www.usenix.org/conference/usenixsecurity21/presentation/johnson

[30]

Minkyu Jung, Soomin Kim, HyungSeok Han, Jaeseung Choi, and Sang Kil Cha. 2019. B2R2: Building an Efficient Front-End for Binary Analysis. In Proceedings of the NDSS Workshop on Binary Analysis Research.

[31]

Karl Koscher, Alexei Czeskis, Franziska Roesner, Shwetak N. Patel, Tadayoshi Kohno, Stephen Checkoway, Damon McCoy, Brian Kantor, Danny Anderson, Hovav Shacham, and Stefan Savage. 2010. Experimental Security Analysis of a Modern Automobile. In 31st IEEE Symposium on Security and Privacy, S&P 2010, 16-19 May 2010, Berleley/Oakland, California, USA. IEEE Computer Society, 447--462. https://doi.org/10.1109/SP.2010.34

Digital Library

[32]

Karl Koscher, Tadayoshi Kohno, and David Molnar. 2015. SURROGATES: Enabling Near-Real-Time Dynamic Analyses of Embedded Systems. In 9th USENIX Work- shop on Offensive Technologies, WOOT '15, Washington, DC, USA, August 10-11, 2015, Aurélien Francillon and Thomas Ptacek (Eds.). USENIX Association. https://www.usenix.org/conference/woot15/workshop-program/presentation/koscher

[33]

Daniel Lange and Felix Domke. 2015. The exhaust emissions scandal ("Diesel-gate"): Take a deep breath into pollution trickery. https://media.ccc.de/v/32c3- 7331-the_exhaust_emissions_scandal_dieselgate.

[34]

Qiang Liu, Cen Zhang, Lin Ma, Muhui Jiang, Yajin Zhou, Lei Wu, Wenbo Shen, Xiapu Luo, Yang Liu, and Kui Ren. 2021. FirmGuide: Boosting the Capability of Rehosting Embedded Linux Kernels through Model-Guided Kernel Execution. In 2021 36th IEEE/ACM International Conference on Automated Software Engineering (ASE). 792--804. https://doi.org/10.1109/ASE51524.2021.9678653

Digital Library

[35]

Dominik Maier, Benedikt Radtke, and Bastian Harren. 2019. Unicorefuzz: On the Viability of Emulation for Kernelspace Fuzzing. In 13th USENIX Workshop on Offensive Technologies, WOOT 2019, Santa Clara, CA, USA, August 12-13, 2019, Alex Gantman and Clémentine Maurice (Eds.). USENIX Association. https://www.usenix.org/conference/woot19/presentation/maier

[36]

Dominik Maier, Lukas Seidel, and Shinjo Park. 2020. BaseSAFE: baseband sanitized fuzzing through emulation. In WiSec '20: 13th ACM Conference on Security and Privacy in Wireless and Mobile Networks, Linz, Austria, July 8-10, 2020, René Mayrhofer and Michael Roland (Eds.). ACM, 122--132. https://doi.org/10.1145/3395351.3399360

Digital Library

[37]

Alejandro Mera, Bo Feng, Long Lu, and Engin Kirda. 2021. DICE: Automatic Emulation of DMA Input Channels for Dynamic Firmware Analysis. In Proceedings of the 42nd IEEE Symposium on Security and Privacy (S&P/Oakland'21).

[38]

Alyssa Milburn, Niek Timmers, Nils Wiersma, and Ramiro Pareja. 2018. There Will Be Glitches: Extracting and Analyzing Automotive Firmware Efficiently. https://www.riscure.com/uploads/2018/11/Riscure_Whitepaper_Analyzing_Automotive_Firmware.pdf.

[39]

Charlie Miller and Chris Valasek. 2015. Remote Exploitation of an Unaltered Passenger Vehicle. http://illmatics.com/Remote%20Car%20Hacking.pdf.

[40]

Marius Muench, Dario Nisi, Aurélien Francillon, and Davide Balzarotti. 2018. Avatar2: A Multi-target Orchestration Platform. In Proceedings of the 2018 NDSS Workshop on Binary Analysis Research (NDSS BAR 2018).

[41]

Marius Muench, Jan Stijohann, Frank Kargl, Aurélien Francillon, and Davide Balzarotti. 2018. What You Corrupt Is Not What You Crash: Challenges in Fuzzing Embedded Devices. In NDSS.

[42]

National Security Agency (NSA). 2017. P-Code Reference Manual. https://ghidra.re/courses/languages/html/pcoderef .html.

[43]

National Security Agency (NSA). 2019. Ghidra. https://ghidra-sre.org.

[44]

Aina Niemetz, Mathias Preiner, and Armin Biere. 2014. Boolector 2.0. J. Satisf. Boolean Model. Comput. 9, 1 (2014), 53--58. https://doi.org/10.3233/sat190101

[45]

Fei Peng, Zhui Deng, Xiangyu Zhang, Dongyan Xu, Zhiqiang Lin, and Zhendong Su. 2014. X-Force: Force-Executing Binary Programs for Security Applications. In Proceedings of the 23rd USENIX Security Symposium, San Diego, CA, USA, August 20-22, 2014, Kevin Fu and Jaeyeon Jung (Eds.). USENIX Association, 829--844. https://www.usenix.org/conference/usenixsecurity14/technical-sessions/presentation/peng

Digital Library

[46]

Nguyen Anh Quynh and Hoang-Vu Dang. 2015. Unicorn: Next Generation CPU Emulator Framework. https://www.unicorn-engine.org.

[47]

Renesas Electronics. 2010. SH7266 Group, SH7267 Group User's Manual: Hardware. https://datasheet.octopart.com/R5S72661P144FP%23VZ-Renesas-datasheet-11803191.pdf.

[48]

Jan Ruge, Jiska Classen, Francesco Gringoli, and Matthias Hollick. 2020. Frankenstein: Advanced Wireless Fuzzing to Exploit New Bluetooth Escalation Targets. In 29th USENIX Security Symposium, USENIX Security 2020, August 12-14, 2020, Srdjan Capkun and Franziska Roesner (Eds.). USENIX Association, 19--36. https://www.usenix.org/conference/usenixsecurity20/presentation/ruge

[49]

Koushik Sen. 2007. Concolic testing. In 22nd IEEE/ACM International Conference on Automated Software Engineering (ASE 2007), November 5-9, 2007, Atlanta, Georgia, USA, R. E. Kurt Stirewalt, Alexander Egyed, and Bernd Fischer (Eds.). ACM, 571--572. https://doi.org/10.1145/1321631.1321746

Digital Library

[50]

Ross Tate, Michael Stepp, Zachary Tatlock, and Sorin Lerner. 2009. Equality saturation: a new approach to optimization. In Proceedings of the 36th ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages, POPL 2009, Savannah, GA, USA, January 21--23, 2009, Zhong Shao and Benjamin C. Pierce (Eds.). ACM, 264--276. https://doi.org/10.1145/1480881.1480915

Digital Library

[51]

Tencent Keen Security Lab. 2020. Tencent Keen Security Lab: Experimental Security Assessment on Lexus Cars. https://keenlab.tencent.com/en/2020/03/30/Tencent-Keen-Security-Lab-Experimental-Security-Assessment-on-Lexus-Cars/.

[52]

Tencent Keen Security Lab. 2021. Mercedes Benz MBUX Security Research Report. https://keenlab.tencent.com/en/whitepapers/Mercedes_Benz_Security_ Research_Report_Final.pdf.

[53]

Roel Verdult, Flavio D. Garcia, and Josep Balasch. 2012. Gone in 360 Seconds: Hijacking with Hitag2. In Proceedings of the 21th USENIX Security Symposium, Bellevue, WA, USA, August 8--10, 2012, Tadayoshi Kohno (Ed.). USENIX Association, 237--252. https://www.usenix.org/conference/usenixsecurity12/technical-sessions/presentation/verdult

[54]

Roel Verdult, Flavio D. Garcia, and Baris Ege. 2013. Dismantling Megamos Crypto: Wirelessly Lockpicking a Vehicle Immobilizer. In Proceedings of the 22th USENIX Security Symposium, Washington, DC, USA, August 14-16, 2013, Samuel T. King (Ed.). USENIX Association, 703--718. https://www.usenix.org/conference/usenixsecurity15/technical-sessions/presentation/verdult

[55]

Volkswagen Research. 2022. Linux-CAN / SocketCAN user space applications.

[56]

Jeffrey Wilhelm and Tzi-cker Chiueh. 2007. A Forced Sampled Execution Approach to Kernel Rootkit Identification. In Recent Advances in Intrusion Detection, 10th International Symposium, RAID 2007, Gold Goast, Australia, September 5-7, 2007, Proceedings (Lecture Notes in Computer Science, Vol. 4637), Christopher Krügel, Richard Lippmann, and Andrew J. Clark (Eds.). Springer, 219--235. https://doi.org/10.1007/978-3-540-74320-0_12

[57]

Max Willsey, Chandrakana Nandi, Yisu Remy Wang, Oliver Flatt, Zachary Tatlock, and Pavel Panchekha. 2021. egg: Fast and Extensible Equality Saturation. Proc. ACM Program. Lang. 5, POPL, Article 23 (Jan. 2021), 29 pages. https://doi.org/10.1145/3434304

Digital Library

[58]

Jonas Zaddach, Luca Bruno, Aurélien Francillon, and Davide Balzarotti. 2014. AVATAR: A Framework to Support Dynamic Security Analysis of Embedded Systems' Firmwares. In 21st Annual Network and Distributed System Security Symposium, NDSS 2014, San Diego, California, USA, February 23-26, 2014. The Internet Society. https://www.ndss-symposium.org/ndss2014/avatar-framework-support-dynamic-security-analysis-embedded-systems-firmwares

[59]

Michaŀ Zalewski. 2013. American Fuzzy Lop. https://lcamtuf .coredump.cx/afl.

[60]

Wei Zhou, Le Guan, Peng Liu, and Yuqing Zhang. 2021. Automatic Firmware Emulation through Invalidity-guided Knowledge Inference. In 30th USENIX Security Symposium, USENIX Security 2021, August 11-13, 2021, Michael Bailey and Rachel Greenstadt (Eds.). USENIX Association, 2007--2024. https://www.usenix.org/conference/usenixsecurity21/presentation/zhou

[61]

Wei Zhou, Le Guan, Peng Liu, and Yuqing Zhang. 2021. Automatic Firmware Emulation through Invalidity-guided Knowledge Inference. In 30th USENIX Security Symposium, USENIX Security 2021, August 11-13, 2021, Michael Bailey and Rachel Greenstadt (Eds.). USENIX Association, 2007--2024. https://www.usenix.org/conference/usenixsecurity21/presentation/zhou

[62]

Wei Zhou, Le Guan, Peng Liu, and Yuqing Zhang. 2021. μEmu documentation. https://github.com/MCUSec/uEmu/blob/main/docs/Configuration.md.

Cited By

Zhou WShen SLiu P(2025)IoT Firmware Emulation and Its Security Application in Fuzzing: A Critical RevisitFuture Internet10.3390/fi1701001917:1(19)Online publication date: 6-Jan-2025
https://doi.org/10.3390/fi17010019
Seidel LBeier J(2024)Bringing Rust to Safety-Critical Systems in Space2024 Security for Space Systems (3S)10.23919/3S60530.2024.10592287(1-8)Online publication date: 27-May-2024
https://doi.org/10.23919/3S60530.2024.10592287
Schloegel MBars NSchiller NBernhard LScharnowski TCrump AAle-Ebrahim ABissantz NMuench MHolz T(2024)SoK: Prudent Evaluation Practices for Fuzzing2024 IEEE Symposium on Security and Privacy (SP)10.1109/SP54263.2024.00137(1974-1993)Online publication date: 19-May-2024
https://doi.org/10.1109/SP54263.2024.00137
Show More Cited By

Index Terms

MetaEmu: An Architecture Agnostic Rehosting Framework for Automotive Firmware
1. Software and its engineering
  1. Software organization and properties
    1. Software functional properties
      1. Formal methods
        Dynamic analysis

Recommendations

FirmAE: Towards Large-Scale Emulation of IoT Firmware for Dynamic Analysis
ACSAC '20: Proceedings of the 36th Annual Computer Security Applications Conference

One approach to assess the security of embedded IoT devices is applying dynamic analysis such as fuzz testing to their firmware in scale. To this end, existing approaches aim to provide an emulation environment that mimics the behavior of real hardware/...
A Two-Level Microprogrammed Multiprocessor Computer with Nonnumeric Functions

A two-level microprogrammed multiprocessor system, MUNAP, along with its support software has been developed as a research vehicle for solving nonnumeric and associated problems. The MUNAP system provides highly parallel and distributed functions for ...
The Kaya OS project and the μMPS hardware emulator

Ideally, the most meaningful learning experience for students in an undergraduate OS course would be to develop fully-functional OS's on their own. This can be accomplished using μmps, a hardware emulator for a pedagogically undergraduate-appropriate ...

Comments

Information & Contributors

Information

Published In

cover image ACM Conferences

CCS '22: Proceedings of the 2022 ACM SIGSAC Conference on Computer and Communications Security

November 2022

3598 pages

ISBN:9781450394505

DOI:10.1145/3548606

General Chairs:
Heng Yin
University of California, Riverside
,
Angelos Stavrou
Virginia Tech
,
Program Chairs:
Cas Cremers
CISPA Helmholtz Center for Information Security
,
Elaine Shi
Carnegie Mellon University

Copyright © 2022 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than the author(s) must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected].

Sponsors

SIGSAC: ACM Special Interest Group on Security, Audit, and Control

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 07 November 2022

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article

Funding Sources

Engineering and Physical Sciences Research Council

Conference

CCS '22

Sponsor:

SIGSAC

CCS '22: 2022 ACM SIGSAC Conference on Computer and Communications Security

November 7 - 11, 2022

CA, Los Angeles, USA

Acceptance Rates

Overall Acceptance Rate 1,261 of 6,999 submissions, 18%

Upcoming Conference

CCS '25

Sponsor:
sigsac

ACM SIGSAC Conference on Computer and Communications Security

October 13 - 17, 2025

Taipei , Taiwan

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

6
Total Citations
View Citations
624
Total Downloads

Downloads (Last 12 months)172
Downloads (Last 6 weeks)12

Reflects downloads up to 19 Feb 2025

Other Metrics

View Author Metrics

Citations

Cited By

Zhou WShen SLiu P(2025)IoT Firmware Emulation and Its Security Application in Fuzzing: A Critical RevisitFuture Internet10.3390/fi1701001917:1(19)Online publication date: 6-Jan-2025
https://doi.org/10.3390/fi17010019
Seidel LBeier J(2024)Bringing Rust to Safety-Critical Systems in Space2024 Security for Space Systems (3S)10.23919/3S60530.2024.10592287(1-8)Online publication date: 27-May-2024
https://doi.org/10.23919/3S60530.2024.10592287
Schloegel MBars NSchiller NBernhard LScharnowski TCrump AAle-Ebrahim ABissantz NMuench MHolz T(2024)SoK: Prudent Evaluation Practices for Fuzzing2024 IEEE Symposium on Security and Privacy (SP)10.1109/SP54263.2024.00137(1974-1993)Online publication date: 19-May-2024
https://doi.org/10.1109/SP54263.2024.00137
Wei YWang YZhou LZhou XJiang Z(2024)IEmu: Interrupt modeling from the logic hidden in the firmwareJournal of Systems Architecture10.1016/j.sysarc.2024.103237154(103237)Online publication date: Sep-2024
https://doi.org/10.1016/j.sysarc.2024.103237
Chesser MNepal SRanasinghe DJust RFraser G(2023)Icicle: A Re-designed Emulator for Grey-Box Firmware FuzzingProceedings of the 32nd ACM SIGSOFT International Symposium on Software Testing and Analysis10.1145/3597926.3598039(76-88)Online publication date: 12-Jul-2023
https://dl.acm.org/doi/10.1145/3597926.3598039
Islam TSheakh MJui ASharif OHasan M(2023)A review of cyber attacks on sensors and perception systems in autonomous vehicleJournal of Economy and Technology10.1016/j.ject.2024.01.0021(242-258)Online publication date: Nov-2023
https://doi.org/10.1016/j.ject.2024.01.002

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Figures

Tables

Media

View Table of Conten