Location via proxy:   [ UP ]  
[Report a bug]   [Manage cookies]                
Skip to main content
Springer Nature Link
Log in

Towards Automated Exploit Generation for Embedded Systems

  • Conference paper
  • First Online:
Information Security Applications (WISA 2016)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 10144))

Included in the following conference series:

  • 1415 Accesses

Abstract

Manual vulnerability discovery and exploit development on an executable are very challenging tasks for developers. Therefore, the automation of those tasks is becoming interesting in the field of software security. In this paper, we implement an approach of automated exploit generation for firmware of embedded systems by extending an existing dynamic analysis framework called Avatar. Embedded systems occupy a significant portion of the market but lack typical security features found on general purpose computers, making them prone to critical vulnerabilities. We discuss several techniques to automatically discover vulnerabilities and generate exploits for embedded systems, and evaluate our proposed approach by generating exploits for two vulnerable firmware written for a popular ARM Cortex-M3 microcontroller.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Subscribe and save

Springer+ Basic
$34.99 /Month
  • Get 10 units per month
  • Download Article/Chapter or eBook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Similar content being viewed by others

References

  1. Automatic exploit generation for embedded systems - extended avatar. https://github.com/msr50/avatar-python

  2. Automatic exploit generation for embedded systems - vulnerable firmwares. https://github.com/msr50/avatar-stellaris

  3. Avgerinos, T., Cha, S.K., Hao, B.L.T., Brumley, D.: AEG: automatic exploit generation. In: NDSS, vol. 11, pp. 59–66 (2011)

    Google Scholar 

  4. Avgerinos, T., Cha, S.K., Rebert, A., Schwartz, E.J., Woo, M., Brumley, D.: Automatic exploit generation. Commun. ACM 57(2), 74–84 (2014)

    Article  Google Scholar 

  5. Bazhaniuk, O., Loucaides, J., Rosenbaum, L., Tuttle, M.R., Zimmer, V.: Symbolic execution for bios security1 (2015)

    Google Scholar 

  6. Bellard, F.: QEMU, a fast and portable dynamic translator. In: USENIX Annual Technical Conference, FREENIX Track, pp. 41–46 (2005)

    Google Scholar 

  7. Brumley, D., Poosankam, P., Song, D., Zheng, J.: Automatic patch-based exploit generation is possible: techniques and implications. In: IEEE Symposium on Security and Privacy (SP 2008), pp. 143–157. IEEE (2008)

    Google Scholar 

  8. Cadar, C., Dunbar, D., Engler, D.R.: KLEE: unassisted and automatic generation of high-coverage tests for complex systems programs. In: OSDI, vol. 8, pp. 209–224 (2008)

    Google Scholar 

  9. Cha, S.K., Avgerinos, T., Rebert, A., Brumley, D.: Unleashing mayhem on binary code. In: 2012 IEEE Symposium on Security and Privacy (SP 2012), pp. 380–394. IEEE (2012)

    Google Scholar 

  10. Chipounov, V., Kuznetsov, V., Candea, G.: S2E: a platform for in-vivo multi-path analysis of software systems, vol. 39. ACM (2011)

    Google Scholar 

  11. Costin, A., Zaddach, J., Francillon, A., Balzarotti, D., Antipolis, S.: A large-scale analysis of the security of embedded firmwares. In: USENIX Security Symposium (2014)

    Google Scholar 

  12. Cui, A., Costello, M., Stolfo, S.J.: When firmware modifications attack: a case study of embedded exploitation. In: NDSS (2013)

    Google Scholar 

  13. Davidson, D., Moench, B., Ristenpart, T., Jha, S.: Fie on firmware: finding vulnerabilities in embedded systems using symbolic execution. In: USENIX Security, pp. 463–478 (2013)

    Google Scholar 

  14. Huang, S.K., Huang, M.H., Huang, P.Y., Lai, C.W., Lu, H.L., Leong, W.M.: Crax: software crash analysis for automatic exploit generation by modeling attacks as symbolic continuations. In: 2012 IEEE Sixth International Conference on Software Security and Reliability (SERE), pp. 78–87. IEEE (2012)

    Google Scholar 

  15. Mulliner, C., Golde, N., Seifert, J.P.: SMS of death: from analyzing to attacking mobile phones on a large scale. In: USENIX Security Symposium (2011)

    Google Scholar 

  16. Prandini, M., Ramilli, M.: Return-oriented programming. IEEE Secur. Priv. 10(6), 84–87 (2012)

    Article  Google Scholar 

  17. Schwartz, E.J., Avgerinos, T., Brumley, D.: Q: exploit hardening made easy. In: USENIX Security Symposium (2011)

    Google Scholar 

  18. Wang, T., Wei, T., Gu, G., Zou, W.: Taintscope: a checksum-aware directed fuzzing tool for automatic software vulnerability detection. In: 2010 IEEE Symposium on Security and Privacy (SP), pp. 497–512. IEEE (2010)

    Google Scholar 

  19. Zaddach, J., Bruno, L., Francillon, A., Balzarotti, D.: Avatar: a framework to support dynamic security analysis of embedded systems firmwares. In: Proceedings of the 21st Symposium on Network and Distributed System Security (2014)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Computer Science and Software Engineering, University of Canterbury, Christchurch, New Zealand

    Matthew Ruffell, Jin B. Hong & Dong Seong Kim

  2. Department of Software, Sungkyunkwan University, Seoul, South Korea

    Hyoungshick Kim

Authors
  1. Matthew Ruffell
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Jin B. Hong
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Hyoungshick Kim
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Dong Seong Kim
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Matthew Ruffell .

Editor information

Editors and Affiliations

  1. ETRI, Daejeon, Korea (Republic of)

    Dooho Choi

  2. Secure-IC, S.A.S., Paris, France

    Sylvain Guilley

Rights and permissions

Reprints and permissions

Copyright information

© 2017 Springer International Publishing AG

About this paper

Cite this paper

Ruffell, M., Hong, J.B., Kim, H., Kim, D.S. (2017). Towards Automated Exploit Generation for Embedded Systems. In: Choi, D., Guilley, S. (eds) Information Security Applications. WISA 2016. Lecture Notes in Computer Science(), vol 10144. Springer, Cham. https://doi.org/10.1007/978-3-319-56549-1_14

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-56549-1_14

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-56548-4

  • Online ISBN: 978-3-319-56549-1

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation