Towards Automated Exploit Generation for Embedded Systems

Matthew Ruffell, Jin Bum Hong, Hyoungshick Kim, Dong Seong Kim

Research output: Chapter in Book/Conference paperConference paper

1 Citation (Scopus)

Abstract

Manual vulnerability discovery and exploit development on an executable are very challenging tasks for developers. Therefore, the automation of those tasks is becoming interesting in the field of software security. In this paper, we implement an approach of automated exploit generation for firmware of embedded systems by extending an existing dynamic analysis framework called Avatar. Embedded systems occupy a significant portion of the market but lack typical security features found on general purpose computers, making them prone to critical vulnerabilities. We discuss several techniques to automatically discover vulnerabilities and generate exploits for embedded systems, and evaluate our proposed approach by generating exploits for two vulnerable firmware written for a popular ARM Cortex-M3 microcontroller. © Springer International Publishing AG 2017.
Original languageEnglish
Title of host publicationInternational Workshop on Information Security Applications
PublisherSpringer
Pages161-173
Volume10144
ISBN (Electronic)9783319565491
ISBN (Print)9783319565484
DOIs
Publication statusPublished - 2017
Externally publishedYes
Event17th International Workshop on Information Security Applications - , Korea, Republic of
Duration: 25 Aug 201625 Aug 2016

Conference

Conference17th International Workshop on Information Security Applications
Abbreviated titleWISA 2016
CountryKorea, Republic of
Period25/08/1625/08/16

Fingerprint Dive into the research topics of 'Towards Automated Exploit Generation for Embedded Systems'. Together they form a unique fingerprint.

Cite this