| dc.contributor.advisor | Rinard, Martin C. | |
| dc.contributor.author | Ramseyer, Ryan William | |
| dc.date.accessioned | 2022-01-14T14:48:10Z | |
| dc.date.available | 2022-01-14T14:48:10Z | |
| dc.date.issued | 2021-06 | |
| dc.date.submitted | 2021-06-11T14:54:00.884Z | |
| dc.identifier.uri | https://hdl.handle.net/1721.1/139071 | |
| dc.description.abstract | Vulnerable embedded systems continue to proliferate as the Internet of Things (IoT) grows. Rehosting enables security analysis of these devices by separating embedded firmware from its host hardware, allowing the firmware to be run and inspected in virtual environments. I present a system to perform automated rehosting and instrumentation of embedded firmware: ARI. ARI improves upon previous methods by performing progressive fidelity assessments and automatically applying various failure-oblivious, network, and filesystem fixes necessary to enable web service operation. On successfully emulated systems, ARI further instruments and tests embedded web servers using the popular dynamic analysis tool, Valgrind. On a corpus of 1709 Linux-based firmware samples, representing 617 unique IoT products, ARI enables successful web service execution on 1017 samples, a 125% improvement over an existing system, Firmadyne. Results are used to inform analysis of rehosting as a technique to improve security assessments of Department of Defense (DoD) embedded systems. Barriers to adoption, including intellectual property and lack of standardization, are outlined and mitigations leveraging existing digital acquisition methods are suggested. | |
| dc.publisher | Massachusetts Institute of Technology | |
| dc.rights | In Copyright - Educational Use Permitted | |
| dc.rights | Copyright retained by author(s) | |
| dc.rights.uri | https://rightsstatements.org/page/InC-EDU/1.0/ | |
| dc.title | Automated Rehosting and Instrumentation of Embedded Firmware | |
| dc.type | Thesis | |
| dc.description.degree | S.M. | |
| dc.description.degree | S.M. | |
| dc.contributor.department | Massachusetts Institute of Technology. Department of Electrical Engineering and Computer Science | |
| dc.contributor.department | Massachusetts Institute of Technology. Institute for Data, Systems, and Society | |
| mit.thesis.degree | Master | |
| thesis.degree.name | Master of Science in Technology and Policy | |
| thesis.degree.name | Master of Science in Electrical Engineering and Computer Science | |
