Annual Computer Security Applications Conference (ACSAC) 2020

Full Program »

Device-agnostic Firmware Execution is Possible: A Concolic Execution Approach for Peripheral Emulation

With the rapid proliferation of IoT devices, our cyberspace is nowadays dominated by billions of low-cost computing nodes, which are very heterogeneous to each other. Dynamic analysis, one of the most effective approaches to finding software bugs, has be- come paralyzed due to the lack of a generic emulator capable of running diverse previously-unseen firmware. In recent years, we have witnessed devastating security breaches targeting low-end microcontroller-based IoT devices. These security concerns have significantly hamstrung further evolution of the IoT technology. In this work, we present Laelaps, a device emulator specifically designed to run diverse software of microcontroller devices. We do not encode into our emulator any specific information about a de- vice. Instead, Laelaps infers the expected behavior of firmware via symbolic-execution-assisted peripheral emulation and generates proper inputs to steer concrete execution on the fly. This unique design feature makes Laelaps capable of running diverse firmware with no a priori knowledge about the target device. To demonstrate the capabilities of Laelaps, we applied dynamic analysis techniques on top of our emulator. We successfully identified both self-injected and real-world vulnerabilities.

Chen Cao
The Pennsylvania State University

Le Guan
University of Georgia

Jiang Ming
University of Texas at Arlington

Peng Liu
The Pennsylvania State University

Paper (ACM DL)




Powered by OpenConf®
Copyright©2002-2021 Zakon Group LLC