Challenges in Firmware Re-Hosting, Emulation, and Analysis-Reference-Cited by-同舟云学术

Challenges in Firmware Re-Hosting, Emulation, and Analysis

Published:2022-01-31 Issue:1 Volume:54 Page:1-36
ISSN:0360-0300
Container-title:ACM Computing Surveys
language:en
Short-container-title:ACM Comput. Surv.

Author:

Wright Christopher¹^ORCID,Moeglein William A.²,Bagchi Saurabh¹,Kulkarni Milind¹,Clements Abraham A.²

Affiliation:

1. Purdue University

2. Sandia National Laboratories

Abstract

System emulation and firmware re-hosting have become popular techniques to answer various security and performance related questions, such as determining whether a firmware contain security vulnerabilities or meet timing requirements when run on a specific hardware platform. While this motivation for emulation and binary analysis has previously been explored and reported, starting to either work or research in the field is difficult. To this end, we provide a comprehensive guide for the practitioner or system emulation researcher. We layout common challenges faced during firmware re-hosting, explaining successive steps and surveying common tools used to overcome these challenges. We provide classification techniques on five different axes, including emulator methods, system type, fidelity, emulator purpose, and control. These classifications and comparison criteria enable the practitioner to determine the appropriate tool for emulation. We use our classifications to categorize popular works in the field and present 28 common challenges faced when creating, emulating, and analyzing a system from obtaining firmwares to post emulation analysis.

Funder

U.S. Department of Energy

National Nuclear Security

Publisher

Association for Computing Machinery (ACM)

Subject

General Computer Science,Theoretical Computer Science

Link

https://dl.acm.org/doi/pdf/10.1145/3423167

Reference187 articles.

1. 2017. $20M in Bounties Paid and $100M In Sight. Retrieved from https://www.hackerone.com/blog/20M-in-bounties-paid-and-100M-in-sight. 2017. $20M in Bounties Paid and $100M In Sight. Retrieved from https://www.hackerone.com/blog/20M-in-bounties-paid-and-100M-in-sight.

2. AFL-Fuzz. [n.d.]. afl-fuzz. Retrieved from https://github.com/google/AFL. AFL-Fuzz. [n.d.]. afl-fuzz. Retrieved from https://github.com/google/AFL.

3. SCADA Systems: Challenges for Forensic Investigators

4. FOSSIL

5. angr. [n.d.]. boyscout. Retrieved from https://github.com/angr/angr/blob/master/angr/analyses/boyscout.py. angr. [n.d.]. boyscout. Retrieved from https://github.com/angr/angr/blob/master/angr/analyses/boyscout.py.

Cited by 34 articles. 订阅此论文施引文献订阅此论文施引文献，注册后可以免费订阅5篇论文的施引文献，订阅后可以查看论文全部施引文献

1. Detecting command injection vulnerabilities in Linux-based embedded firmware with LLM-based taint analysis of library functions;Computers & Security;2024-09

2. FIRMRES: Exposing Broken Device-Cloud Access Control in IoT Through Static Firmware Analysis;2024 54th Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN);2024-06-24

3. CToMP: a cycle-task-oriented memory protection scheme for unmanned systems;Science China Information Sciences;2024-05-21

4. Labrador: Response Guided Directed Fuzzing for Black-box IoT Devices;2024 IEEE Symposium on Security and Privacy (SP);2024-05-19

5. HD-FUZZ: Hardware dependency-aware firmware fuzzing via hybrid MMIO modeling;Journal of Network and Computer Applications;2024-04