AIM: Automatic Interrupt Modeling for Dynamic Firmware Analysis
CoRR(2023)
摘要
The security of microcontrollers, which drive modern IoT and embedded
devices, continues to raise major concerns. Within a microcontroller (MCU), the
firmware is a monolithic piece of software that contains the whole software
stack, whereas a variety of peripherals represent the hardware. As MCU firmware
contains vulnerabilities, it is ideal to test firmware with off-the-shelf
software testing techniques, such as dynamic symbolic execution and fuzzing.
Nevertheless, no emulator can emulate the diverse MCU peripherals or
execute/test the firmware. Specifically, the interrupt interface, among all I/O
interfaces used by MCU peripherals, is extremely challenging to emulate.
In this paper, we present AIM -- a generic, scalable, and
hardware-independent dynamic firmware analysis framework that supports
unemulated MCU peripherals by a novel interrupt modeling mechanism. AIM
effectively and efficiently covers interrupt-dependent code in firmware by a
novel, firmware-guided, Just-in-Time Interrupt Firing technique. We implemented
our framework in angr and performed dynamic symbolic execution for eight
real-world MCU firmware. According to testing results, our framework covered up
to 11.2 times more interrupt-dependent code than state-of-the-art approaches
while accomplishing several challenging goals not feasible previously. Finally,
a comparison with a state-of-the-art firmware fuzzer demonstrates dynamic
symbolic execution and fuzzing together can achieve better firmware testing
coverage.
更多查看译文
关键词
Embedded Device,Firmware,Testing,Peripheral,Interrupt,Symbolic Execution
AI 理解论文
溯源树
样例
生成溯源树,研究论文发展脉络
Chat Paper
正在生成论文摘要