Annual Computer Security Applications Conference 2015

Full Program »

PIE: Parser Identification in Embedded Systems

Embedded systems are responsible for the security and safety
of modern societies, controlling the correct operation of cars
and airplanes, satellites and medical equipments, military
units and all critical infrastructures. Being integrated in
large and complex environments, embedded systems need
to support several communication protocols to interact with
other devices or with their users. Interestingly, embedded
software often implements protocols that deviate from their
original specifications. Some are extended with additional
features, while others are completely undocumented. Fur-
thermore, embedded parsers often consist of complex C code
which is optimized to improve performance and reduce size.
However, this code is rarely designed with security in mind,
and often lacks proper input validation, making those de-
vices vulnerable to memory corruption attacks. Further-
more, most embedded designs are closed source and third
party security evaluations are only possible by looking at
the binary firmware.
In this paper we propose a methodology to identify parsers
and complex code present in binary code without access
to their source code or documentation. Specifically we es-
tablish and evaluate a heuristic for detecting this type of
code by means of static analysis. Afterwards we demon-
strate the utility of this heuristics to identify firmware com-
ponents treating input, perform reverse engineering to ex-
tract protocols, and discover and analyze bugs on four widely
used devices: a GPS receiver, a power meter, a hard disk
drive (HDD) and a Programmable Logic Controller (PLC)


Lucian Cojocar    
Vrije Universiteit Amsterdam

Jonas Zaddach    

Roel Verdult    
Radboud Universiteit Nijmegen

Herbert Bos    
Vrije Universiteit Amsterdam

Davide Balzarotti    

AurĂ©lien Francillon    


Powered by OpenConf®
Copyright©2002-2015 Zakon Group LLC