Embedded Security Testing with Peripheral Device Caching and Runtime Program State Approximation

Kammerstetter, Markus; Burian, Daniel; Kastner, Wolfgang

Home // SECURWARE 2016, The Tenth International Conference on Emerging Security Information, Systems and Technologies // View article

Embedded Security Testing with Peripheral Device Caching and Runtime Program State Approximation

Authors:
Markus Kammerstetter
Daniel Burian
Wolfgang Kastner

Keywords: Embedded Systems; Security Analysis; State Explosion; Program Slicing; Virtual Machine Introspection

Abstract:
Today, interconnected embedded devices are widely used in the Internet of Things, in sensor networks or in security critical areas such as the automotive industry or smart grids. Security on these devices is often considered to be bad which is in part due to the challenging security testing approaches that are necessary to conduct security audits. Security researchers often turn to firmware extraction with the intention to execute the device firmware inside a virtual analysis environment. The drawback of this approach is that required peripheral devices are typically no longer accessible from within the Virtual Machine and the firmware does no longer work as intended. To improve the situation, several ways to make the actual peripheral devices accessible to software running inside an emulator have been demonstrated. Yet, a persistent problem of peripheral device forwarding approaches is the typically significant slowdown inside the analysis environment, rendering resource intense software security analysis techniques infeasible. In addition, security tests are hard to parallelize as each instance would also require its own embedded system hardware. In this work, we demonstrate an approach that could address both of these issues by utilizing a cache for peripheral device communication in combination with runtime program state approximation. We evaluated our approach utilizing well known programs from the GNU core utilities package. Our feasibility study indicates that caching of peripheral device communication in combination with runtime program state approximation might be an approach for some of the major drawbacks in embedded firmware security analysis but, similar to symbolic execution, it suffers from state explosion.

Pages: 21 to 26

Copyright: Copyright (c) IARIA, 2016

Publication date: July 24, 2016

Published in: conference

ISSN: 2162-2116

ISBN: 978-1-61208-493-0

Location: Nice, France

Dates: from July 24, 2016 to July 28, 2016