Automated Rehosting and Instrumentation of Embedded Firmware
DownloadThesis PDF (1.246Mb)
Advisor
Rinard, Martin C.
Terms of use
Metadata
Show full item recordAbstract
Vulnerable embedded systems continue to proliferate as the Internet of Things (IoT) grows. Rehosting enables security analysis of these devices by separating embedded firmware from its host hardware, allowing the firmware to be run and inspected in virtual environments. I present a system to perform automated rehosting and instrumentation of embedded firmware: ARI. ARI improves upon previous methods by performing progressive fidelity assessments and automatically applying various failure-oblivious, network, and filesystem fixes necessary to enable web service operation. On successfully emulated systems, ARI further instruments and tests embedded web servers using the popular dynamic analysis tool, Valgrind. On a corpus of 1709 Linux-based firmware samples, representing 617 unique IoT products, ARI enables successful web service execution on 1017 samples, a 125% improvement over an existing system, Firmadyne. Results are used to inform analysis of rehosting as a technique to improve security assessments of Department of Defense (DoD) embedded systems. Barriers to adoption, including intellectual property and lack of standardization, are outlined and mitigations leveraging existing digital acquisition methods are suggested.
Date issued
2021-06Department
Massachusetts Institute of Technology. Department of Electrical Engineering and Computer Science; Massachusetts Institute of Technology. Institute for Data, Systems, and SocietyPublisher
Massachusetts Institute of Technology