Towards Automated Exploit Generation for Embedded Systems

Matthew Ruffell; Jin Bum Hong; Hyoungshick Kim; Dong Seong Kim

doi:10.1007/978-3-319-56549-1_14

Towards Automated Exploit Generation for Embedded Systems

Matthew Ruffell, Jin Bum Hong, Hyoungshick Kim, Dong Seong Kim

Research output: Chapter in Book/Conference paper › Conference paper

Abstract

Manual vulnerability discovery and exploit development on an executable are very challenging tasks for developers. Therefore, the automation of those tasks is becoming interesting in the field of software security. In this paper, we implement an approach of automated exploit generation for firmware of embedded systems by extending an existing dynamic analysis framework called Avatar. Embedded systems occupy a significant portion of the market but lack typical security features found on general purpose computers, making them prone to critical vulnerabilities. We discuss several techniques to automatically discover vulnerabilities and generate exploits for embedded systems, and evaluate our proposed approach by generating exploits for two vulnerable firmware written for a popular ARM Cortex-M3 microcontroller. © Springer International Publishing AG 2017.

Original language	English
Title of host publication	International Workshop on Information Security Applications
Publisher	Springer
Pages	161-173
Volume	10144
ISBN (Electronic)	9783319565491
ISBN (Print)	9783319565484
DOIs	https://doi.org/10.1007/978-3-319-56549-1_14
Publication status	Published - 2017
Externally published	Yes
Event	17th International Workshop on Information Security Applications - , Korea, Republic of Duration: 25 Aug 2016 → 25 Aug 2016

Conference

Conference	17th International Workshop on Information Security Applications
Abbreviated title	WISA 2016
Country	Korea, Republic of
Period	25/08/16 → 25/08/16

Fingerprint

Embedded systems

Firmware

General purpose computers

Microcontrollers

Dynamic analysis

Automation

Cite this

Ruffell, M., Hong, J. B., Kim, H., & Kim, D. S. (2017). Towards Automated Exploit Generation for Embedded Systems. In International Workshop on Information Security Applications (Vol. 10144, pp. 161-173). Springer. https://doi.org/10.1007/978-3-319-56549-1_14

Ruffell, Matthew ; Hong, Jin Bum ; Kim, Hyoungshick ; Kim, Dong Seong. / Towards Automated Exploit Generation for Embedded Systems. International Workshop on Information Security Applications. Vol. 10144 Springer, 2017. pp. 161-173

@inproceedings{9a32a3ebceaa460fbe3908f9e6057b8c,

title = "Towards Automated Exploit Generation for Embedded Systems",

abstract = "Manual vulnerability discovery and exploit development on an executable are very challenging tasks for developers. Therefore, the automation of those tasks is becoming interesting in the field of software security. In this paper, we implement an approach of automated exploit generation for firmware of embedded systems by extending an existing dynamic analysis framework called Avatar. Embedded systems occupy a significant portion of the market but lack typical security features found on general purpose computers, making them prone to critical vulnerabilities. We discuss several techniques to automatically discover vulnerabilities and generate exploits for embedded systems, and evaluate our proposed approach by generating exploits for two vulnerable firmware written for a popular ARM Cortex-M3 microcontroller. {\circledC} Springer International Publishing AG 2017.",

author = "Matthew Ruffell and Hong, {Jin Bum} and Hyoungshick Kim and Kim, {Dong Seong}",

year = "2017",

doi = "10.1007/978-3-319-56549-1_14",

language = "English",

isbn = "9783319565484",

volume = "10144",

pages = "161--173",

booktitle = "International Workshop on Information Security Applications",

publisher = "Springer",

address = "Netherlands",

}

Ruffell, M, Hong, JB, Kim, H & Kim, DS 2017, Towards Automated Exploit Generation for Embedded Systems. in International Workshop on Information Security Applications. vol. 10144, Springer, pp. 161-173, 17th International Workshop on Information Security Applications, Korea, Republic of, 25/08/16. https://doi.org/10.1007/978-3-319-56549-1_14

Towards Automated Exploit Generation for Embedded Systems. / Ruffell, Matthew; Hong, Jin Bum; Kim, Hyoungshick; Kim, Dong Seong.

International Workshop on Information Security Applications. Vol. 10144 Springer, 2017. p. 161-173.

Research output: Chapter in Book/Conference paper › Conference paper

TY - GEN

T1 - Towards Automated Exploit Generation for Embedded Systems

AU - Ruffell, Matthew

AU - Hong, Jin Bum

AU - Kim, Hyoungshick

AU - Kim, Dong Seong

PY - 2017

Y1 - 2017

N2 - Manual vulnerability discovery and exploit development on an executable are very challenging tasks for developers. Therefore, the automation of those tasks is becoming interesting in the field of software security. In this paper, we implement an approach of automated exploit generation for firmware of embedded systems by extending an existing dynamic analysis framework called Avatar. Embedded systems occupy a significant portion of the market but lack typical security features found on general purpose computers, making them prone to critical vulnerabilities. We discuss several techniques to automatically discover vulnerabilities and generate exploits for embedded systems, and evaluate our proposed approach by generating exploits for two vulnerable firmware written for a popular ARM Cortex-M3 microcontroller. © Springer International Publishing AG 2017.

AB - Manual vulnerability discovery and exploit development on an executable are very challenging tasks for developers. Therefore, the automation of those tasks is becoming interesting in the field of software security. In this paper, we implement an approach of automated exploit generation for firmware of embedded systems by extending an existing dynamic analysis framework called Avatar. Embedded systems occupy a significant portion of the market but lack typical security features found on general purpose computers, making them prone to critical vulnerabilities. We discuss several techniques to automatically discover vulnerabilities and generate exploits for embedded systems, and evaluate our proposed approach by generating exploits for two vulnerable firmware written for a popular ARM Cortex-M3 microcontroller. © Springer International Publishing AG 2017.

U2 - 10.1007/978-3-319-56549-1_14

DO - 10.1007/978-3-319-56549-1_14

M3 - Conference paper

SN - 9783319565484

VL - 10144

SP - 161

EP - 173

BT - International Workshop on Information Security Applications

PB - Springer

ER -

Ruffell M, Hong JB, Kim H, Kim DS. Towards Automated Exploit Generation for Embedded Systems. In International Workshop on Information Security Applications. Vol. 10144. Springer. 2017. p. 161-173 https://doi.org/10.1007/978-3-319-56549-1_14

Access to Document

10.1007/978-3-319-56549-1_14Licence: Unspecified