Publication | Closed Access
FirmAE: Towards Large-Scale Emulation of IoT Firmware for Dynamic Analysis
104
Citations
30
References
2020
Year
Firmware Execution EnvironmentEmulation TechniqueEngineeringComputer ArchitectureEmbedded SystemsIot SystemSoftware AnalysisHardware SecuritySmart SystemsFirmware DetectionSystems EngineeringInternet Of ThingsHardware Security SolutionFirmware ImagesEmulation EnvironmentComputer EngineeringComputer ScienceIot ArchitectureIot Data ManagementTowards Large-scale EmulationSecurity Testing MethodHardware EmulationSoftware TestingFirmware Security
Dynamic analysis, such as fuzz testing, is employed to evaluate IoT firmware security at scale, yet existing methods rely on emulation environments that attempt to mimic real hardware and peripherals. The authors aim to develop a scalable emulation platform that faithfully reproduces real hardware behavior for IoT firmware. In practice, current tools achieve only a 16.3 % success rate, as demonstrated by Firmadyne running 183 of 1,124 firmware images, due to discrepancies between real and emulated execution environments.
One approach to assess the security of embedded IoT devices is applying dynamic analysis such as fuzz testing to their firmware in scale. To this end, existing approaches aim to provide an emulation environment that mimics the behavior of real hardware/peripherals. Nonetheless, in practice, such approaches can emulate only a small fraction of firmware images. For example, Firmadyne, a state-of-the-art tool, can only run 183 (16.28%) of 1,124 wireless router/IP-camera images that we collected from the top eight manufacturers. Such a low emulation success rate is caused by discrepancy in the real and emulated firmware execution environment.
| Year | Citations | |
|---|---|---|
Page 1
Page 1