Avatar: A Framework to Support Dynamic Security Analysis of Embedded Systems’ Firmwares

Abstract : To address the growing concerns about the security of embedded systems, it is important to perform accurate analysis of firmware binaries, even when the source code or the hardware documentation are not available. However, research in this field is hindered by the lack of dedicated tools. For example, dynamic analysis is one of the main foundations of security analysis, e.g., through dynamic taint tracing or symbolic execution. Unlike static analysis, dynamic analysis relies on the ability to execute software in a controlled environment, often an instrumented emulator. However, emulating firmwares of embedded devices requires accurate models of all hardware components used by the system under analysis. Unfortunately, the lack of documentation and the large variety of hardware on the market make this approach infeasible in practice. In this paper we present Avatar, a framework that enables complex dynamic analysis of embedded devices by orchestrating the execution of an emulator together with the real hardware. We first introduce the basic mechanism to forward I/O accesses from the emulator to the embedded device, and then describe several techniques to improve the system’s performance by dynamically optimizing the distribution of code and data between the two environments. Finally, we evaluate our tool by applying it to three different security scenarios, including reverse engineering, vulnerability discovery and hardcoded backdoor detection. To show the flexibility of Avatar, we perform this analysis on three completely different devices: a GSM feature phone, a hard disk bootloader, and a wireless sensor node.
Complete list of metadatas

https://hal.archives-ouvertes.fr/hal-01079676
Contributor : Jonas Zaddach <>
Submitted on : Monday, November 3, 2014 - 2:30:05 PM
Last modification on : Friday, November 14, 2014 - 10:27:17 AM

Links full text

Identifiers

Collections

Citation

Jonas Zaddach, Luca Bruno, Davide Balzarotti, Aurelien Francillon. Avatar: A Framework to Support Dynamic Security Analysis of Embedded Systems’ Firmwares. Network and Distributed System Security (NDSS) Symposium, Feb 2014, San Diego, United States. ⟨10.14722/ndss.2014.23229⟩. ⟨hal-01079676⟩

Share

Metrics

Record views

271