Effectively Sanitizing Embedded Operating Systems
Article No.: 117, Pages 1 - 6
Abstract
Embedded operating systems, considering their widespread use in security-critical applications, are not effectively tested with sanitizers to effectively root out bugs. Sanitizers provide a means to detect bugs that are not visible directly through exceptional or erroneous behaviors, thus uncovering more potent bugs during testing.
In this paper, we propose EmbSan, an embedded systems sanitizer for a diverse range of embedded operating system firmware through the use of dynamic instrumentation of sanitizer facilities and de-coupled on-host runtime libraries. This allows us to perform sanitation for multiple embedded OSs during fuzzing, such as many Embedded Linux-based firmware, various FreeRTOS firmware, and detect actual bugs within them. We evaluated EmbSan's effective-ness on firmware images based on Embedded Linux, FreeRTOS, LiteOS, and VxWorks. Our results show that EmbSan can detect the same criteria of actual bugs found in the Embedded Linux kernel as reference implementations of KASAN, and exhibits a slowdown of 2.2× to 3.2× and 5.2× to 5.7× for KASAN and KCSAN, respectively, which is on par with established kernel sanitizers. EmbSan and embedded OS fuzzers also found a total of 41 new bugs in Embedded Linux, FreeRTOS, LiteOS and VxWorks.
References
[1]
Peng Chen and Hao Chen. Angora: Efficient Fuzzing by Principled Search. In 2018 IEEE Symposium on Security and Privacy (SP), pages 711--725, 2018.
[2]
Yuanliang Chen, Yu Jiang, Fuchen Ma, Jie Liang, Mingzhe Wang, Chijin Zhou, Xun Jiao, and Zhuo Su. EnFuzz: Ensemble Fuzzing with Seed Synchronization among Diverse Fuzzers. In 28th USENIX Security Symposium (USENIX Security 19), pages 1967--1983, Santa Clara, CA, August 2019. USENIX Association.
[3]
The Linux Kernel Developers. The kernel memory sanitizer (kmsan), 2023. https://www.kernel.org/doc/html/next/dev-tools/kmsan.html.
[4]
Zakir Durumeric, Frank Li, James Kasten, Johanna Amann, Jethro Beekman, Mathias Payer, Nicolas Weaver, David Adrian, Vern Paxson, Michael Bailey, and J. Alex Halderman. The matter of heartbleed. In Proceedings of the 2014 Conference on Internet Measurement Conference, IMC '14, page 475--488, New York, NY, USA, 2014. Association for Computing Machinery.
[5]
Stéphane Duverger and Anaïs Gantet. Gustave: Fuzz it like it's app. DMU Cyber Week, 2021.
[6]
Imran Ghafoor, Imran Jattala, Shakeel Durrani, and Ch Muhammad Tahir. Analysis of openssl heartbleed vulnerability for embedded systems. In 17th IEEE International Multi Topic Conference 2014, pages 314--319, 2014.
[7]
Google. Kernel address sanitizer. https://www.kernel.org/doc/html/latest/dev-tools/kasan.html.
[8]
Google. Kernel concurrency sanitizer. https://www.kernel.org/doc/html/latest/dev-tools/kcsan.html.
[9]
lcamtuf. American fuzzy lop, 2013. https://lcamtuf.coredump.cx/afl/.
[10]
Konstantin Serebryany, Derek Bruening, Alexander Potapenko, and Dmitry Vyukov. AddressSanitizer: A Fast Address Sanity Checker. In Proceedings of the 2012 USENIX Conference on Annual Technical Conference, USENIX ATC'12, page 28, USA, 2012. USENIX Association.
[11]
Konstantin Serebryany and Timur Iskhodzhanov. Threadsanitizer: Data race detection in practice. In Proceedings of the Workshop on Binary Instrumentation and Applications, WBIA '09, page 62--71, New York, NY, USA, 2009. Association for Computing Machinery.
[12]
Yuheng Shen, Hao Sun, Yu Jiang, Heyuan Shi, Yixiao Yang, and Wanli Chang. Rtkaller: State-Aware Task Generation for RTOS Fuzzing. ACM Trans. Embed. Comput. Syst., 20(5s), sep 2021.
[13]
Yuheng Shen, Yiru Xu, Hao Sun, Jianzhong Liu, Zichen Xu, Aiguo Cui, Heyuan Shi, and Yu Jiang. Tardis: Coverage-guided embedded operating system fuzzing. IEEE Transactions on Computer-Aided Design of Integrated Circuits and Systems, pages 1--1, 2022.
[14]
SimonKagstrom. Kcov. https://github.com/SimonKagstrom/kcov.
[15]
Evgeniy Stepanov and Konstantin Serebryany. Memorysanitizer: fast detector of uninitialized memory use in c++. In 2015 IEEE/ACM International Symposium on Code Generation and Optimization (CGO), pages 46--55. IEEE, 2015.
[16]
Dmitry Vyukov and Andrey Konovalov. Syzkaller: an unsupervised coverage-guided kernel fuzzer, 2015. https://github.com/google/syzkaller.
[17]
David A. Wheeler. How to prevent the next heartbleed, Jul 2020. https://dwheeler.com/essays/heartbleed.html.
Index Terms
- Effectively Sanitizing Embedded Operating Systems
Index terms have been assigned to the content through auto-classification.
Recommendations
The Performance and Energy Consumption of Embedded Real-Time Operating Systems
This paper presents the modeling of embedded systems with SimBed, an execution-driven simulation testbed that measures the execution behavior and power consumption of embedded applications and RTOSs by executing them on an accurate architectural model ...
Comments
Information & Contributors
Information
Published In
Copyright © 2024 Copyright is held by the owner/author(s). Publication rights licensed to ACM.
Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than the author(s) must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected].
Sponsors
In-Cooperation
Publisher
Association for Computing Machinery
New York, NY, United States
Publication History
Published: 07 November 2024
Check for updates
Qualifiers
- Research-article
Funding Sources
- National Key Research and Development Project
- NSFC Program
Conference
DAC '24
Sponsor:
Acceptance Rates
Overall Acceptance Rate 1,770 of 5,499 submissions, 32%
Upcoming Conference
DAC '25
- Sponsor:
- sigda
Contributors
Other Metrics
Bibliometrics & Citations
Bibliometrics
Article Metrics
- 0Total Citations
- 79Total Downloads
- Downloads (Last 12 months)79
- Downloads (Last 6 weeks)25
Reflects downloads up to 11 Jan 2025
Other Metrics
Citations
View Options
Login options
Check if you have access through your login credentials or your institution to get full access on this article.
Sign in