Projet de recherche doctoral numero :4501


Date depot: 1 janvier 1900
Titre: Vulnerability Discovery in Embedded Systems
Directeur de thèse: Davide BALZAROTTI (Eurecom)
Domaine scientifique: Sciences et technologies de l'information et de la communication
Thématique CNRS : Non defini

Resumé: Objective Embedded systems are omnipresent in our everyday life. For example, they are the core of various Common-Off-The-Shelf (COTS) devices such as printers, mobile phones, home appliances, and computer components and peripherals. They are also present in many devices that are less consumer oriented such as video surveillance systems, medical implants, automotive elements, military systems, SCADA and PLC devices, and basically anything we usually call “electronics”. Moreover, the emerging phenomenon of the Internet-of-Things (IoT) will make them even more widespread and interconnected. The security and reliability of this broad range of devices is paramount to ensure both the proper functioning of our society and our physical safety. Unfortunately, embedded devices did not reach yet the same level of security we obtained for software of typical personal computers. For example, because of the very heterogeneous set of platforms and architectures, embedded systems still lack a solid set of vulnerability discovery and analysis techniques. The goal of this thesis is to bridge this gap by improving the state of the art of vulnerability discovery in software binaries. In particular, the student will focus on the development of novel static and dynamic analysis techniques that can be applied to the study of real-world, complex firmware images. The proposed approach will need to cope with a number of challenges, ranging from scalability issues, heterogeneity of targets, need for low false positive rates, and the intrinsic difficulty of running dynamic analysis on real embedded devices. To ensure the deployability of the developed techniques, real examples and test cases for the Ph.D. research will be provided by a close industrial support and collaboration with Siemens. Background and PreviousWork The work performed in this thesis builds upon two lines of research which are ongoing in our group at Eurecom. The first is related to the use and application of advanced dynamic analysis techniques on the firmware of embedded devices. Zaddach et al. designed and implemented and open source system named Avatar [1], whose goal is to execute a firmware inside an instrumented emulator. Emulating firmwares of embedded devices requires accurate models of all hardware components used by the system under analysis. Unfortunately, the lack of documentation and the large variety of hardware on the market make this approach infeasible in practice. Avatar fills this gap and overcomes the limitation of pure firmware emulation by acting as an orchestration engine between the physical device and an external emulator [7]. By injecting a 1 special software proxy in the embedded device, Avatar can execute the firmware instructions inside the emulator while channeling the I/O operations to the physical hardware. Since it is infeasible to perfectly emulate an entire embedded system and it is currently impossible to perform advanced dynamic analysis by running code on the device itself, Avatar takes a hybrid approach. It leverages the real hardware to handle I/O operations, but extracts the firmware code from the embedded device and emulates it on an external machine. A similar architecture, but supported by a FPGA bridge to increase the throughput, was used by Koscher et al. [5] in their Surrogates system.

Doctorant.e: Munch Marius