AIM: Automatic Interrupt Modeling for Dynamic Firmware Analysis
- URL: http://arxiv.org/abs/2312.01195v1
- Date: Sat, 2 Dec 2023 18:06:22 GMT
- Title: AIM: Automatic Interrupt Modeling for Dynamic Firmware Analysis
- Authors: Bo Feng, Meng Luo, Changming Liu, Long Lu, and Engin Kirda
- Abstract summary: We present AIM, a generic, scalable, and hardware-independent dynamic firmware analysis framework.
AIM covers interrupt-dependent code in firmware by a novel, firmware-guided, Just-in-Time Interrupt Firing technique.
Our framework covered up to 11.2 times more interrupt-dependent code than state-of-the-art approaches.
- Score: 14.623460803437057
- License: http://arxiv.org/licenses/nonexclusive-distrib/1.0/
- Abstract: The security of microcontrollers, which drive modern IoT and embedded
devices, continues to raise major concerns. Within a microcontroller (MCU), the
firmware is a monolithic piece of software that contains the whole software
stack, whereas a variety of peripherals represent the hardware. As MCU firmware
contains vulnerabilities, it is ideal to test firmware with off-the-shelf
software testing techniques, such as dynamic symbolic execution and fuzzing.
Nevertheless, no emulator can emulate the diverse MCU peripherals or
execute/test the firmware. Specifically, the interrupt interface, among all I/O
interfaces used by MCU peripherals, is extremely challenging to emulate.
In this paper, we present AIM -- a generic, scalable, and
hardware-independent dynamic firmware analysis framework that supports
unemulated MCU peripherals by a novel interrupt modeling mechanism. AIM
effectively and efficiently covers interrupt-dependent code in firmware by a
novel, firmware-guided, Just-in-Time Interrupt Firing technique. We implemented
our framework in angr and performed dynamic symbolic execution for eight
real-world MCU firmware. According to testing results, our framework covered up
to 11.2 times more interrupt-dependent code than state-of-the-art approaches
while accomplishing several challenging goals not feasible previously. Finally,
a comparison with a state-of-the-art firmware fuzzer demonstrates dynamic
symbolic execution and fuzzing together can achieve better firmware testing
coverage.
Related papers
- Boosting Device Utilization in Control Flow Auditing [47.36491265793223]
Control Flow (CFAud) is a mechanism wherein a remote verifier (Vrf) is guaranteed to received evidence about the control flow path taken on a prover (Prv) MCU, even when Prv software is compromised.<n>Current CFAud requires a busy-wait'' phase where root-of-anchored root-of-RoT in Prv retains execution to ensure delivery of flow evidence to Vrf.<n>CARAMEL is a hardware RoT co-design that enables Prv to resume while control flow evidence is transmitted to Vrf.
arXiv Detail & Related papers (2026-03-02T18:26:17Z) - DyMA-Fuzz: Dynamic Direct Memory Access Abstraction for Re-hosted Monolithic Firmware Fuzzing [10.760871707398218]
We introduce DyMA-Fuzz to extend recent advances in stream-based fuzz input injection to DMA-driven interfaces in re-hosted environments.<n>It tackles key challenges--vendor-specific descriptors, heterogeneous DMA designs, and varying descriptor locations--using runtime analysis techniques.<n>DyMA-Fuzz reveals vulnerabilities and execution paths missed by state-of-the-art tools and achieves up to 122% higher code coverage.
arXiv Detail & Related papers (2026-02-09T14:52:57Z) - WeDLM: Reconciling Diffusion Language Models with Standard Causal Attention for Fast Inference [44.87788417755154]
We propose WeDLM, a diffusion decoding framework built entirely on standard causal attention.<n>We show that WeDLM preserves the quality of strong AR backbones while delivering substantial speedups.
arXiv Detail & Related papers (2025-12-28T01:25:48Z) - pokiSEC: A Multi-Architecture, Containerized Ephemeral Malware Detonation Sandbox [41.99844472131922]
pokiSEC is a lightweight, ephemeral malware detonation sandbox inside a Docker container.<n> pokiSEC integrates QEMU with hardware acceleration (KVM when available) and exposes a browser-based workflow.<n>We validate pokiSEC on Apple Silicon and Ubuntu (AMD64)
arXiv Detail & Related papers (2025-12-24T00:38:40Z) - Protocol-Aware Firmware Rehosting for Effective Fuzzing of Embedded Network Stacks [17.74065470004981]
We introduce a novel method to automatically detect and handle the use of network protocols in firmware called Pemu.<n>Our approach enables a deeper, more targeted, and layer-by-layer analysis of firmware components that were previously difficult or impossible to test.
arXiv Detail & Related papers (2025-09-17T06:48:19Z) - FlexEmu: Towards Flexible MCU Peripheral Emulation (Extended Version) [18.25411318855939]
We propose FlexEmu, a flexible MCU peripheral emulation framework.<n>We have successfully applied FlexEmu to model 12 kinds of MCU peripherals.<n>Our evaluation on 90 firmware samples across 15 different MCU platforms shows that the automatically generated emulators can faithfully replicate hardware behaviors.
arXiv Detail & Related papers (2025-09-09T11:38:30Z) - The Devil behind the mask: An emergent safety vulnerability of Diffusion LLMs [39.85609149662187]
We present DIJA, the first systematic study and jailbreak attack framework that exploits unique safety weaknesses of dLLMs.<n>Our proposed DIJA constructs adversarial interleaved mask-text prompts that exploit the text generation mechanisms of dLLMs.<n>Our findings underscore the urgent need for rethinking safety alignment in this emerging class of language models.
arXiv Detail & Related papers (2025-07-15T08:44:46Z) - Detecting Hardware Trojans in Microprocessors via Hardware Error Correction Code-based Modules [49.1574468325115]
Hardware Trojans (HTs) enable attackers to execute unauthorized software or gain illicit access to privileged operations.<n>This manuscript introduces a hardware-based methodology for detecting runtime HT activations using Error Correction Codes (ECCs) on a RISC-V microprocessor.
arXiv Detail & Related papers (2025-06-18T12:37:14Z) - Testing SSD Firmware with State Data-Aware Fuzzing: Accelerating Coverage in Nondeterministic I/O Environments [3.9364231301962684]
Solid-State Drive (SSD) firmware manages complex internal states, including flash memory maintenance.<n>Traditional testing methods struggle to rapidly achieve coverage of firmware code areas that require extensive I/O accumulation.<n>We propose a state data-aware fuzzing approach that leverages SSD firmware's internal state to guide input generation under nondeterministic I/O conditions.
arXiv Detail & Related papers (2025-05-05T22:52:21Z) - EmbedFuzz: High Speed Fuzzing Through Transplantation [21.875588930207943]
This paper introduces EmbedFuzz, an efficient fuzzing framework for embedded firmware on low-end Microcontroller Units (MCUs)
Our novel firmware transplantation technique converts binary MCU firmware to a functionally equivalent and fuzzing-enhanced version of the firmware which executes on a compatible high-end device at native performance.
In our evaluation against state-of-the-art MCU fuzzers, EmbedFuzz exhibits up to eight-fold fuzzing throughput while consuming at most a fourth of the energy thanks to its native execution.
arXiv Detail & Related papers (2024-12-17T10:09:55Z) - Swarm-Net: Firmware Attestation in IoT Swarms using Graph Neural Networks and Volatile Memory [10.970843729732703]
The Internet of Things (IoT) is a network of billions of interconnected, primarily low-end embedded devices.
Despite large-scale deployment, studies have highlighted critical security concerns in IoT networks.
Malicious activity on one node in a swarm can propagate to larger network sections.
We present Swarm-Net, a novel swarm attestation technique that exploits the inherent, interconnected, graph-like structure of IoT networks.
arXiv Detail & Related papers (2024-08-11T03:19:29Z) - Designing and Implementing a Generator Framework for a SIMD Abstraction Library [53.84310825081338]
We present TSLGen, a novel end-to-end framework for generating an SIMD abstraction library.
We show that our framework is comparable to existing libraries, and we achieve the same performance results.
arXiv Detail & Related papers (2024-07-26T13:25:38Z) - Efficient and accurate neural field reconstruction using resistive memory [52.68088466453264]
Traditional signal reconstruction methods on digital computers face both software and hardware challenges.
We propose a systematic approach with software-hardware co-optimizations for signal reconstruction from sparse inputs.
This work advances the AI-driven signal restoration technology and paves the way for future efficient and robust medical AI and 3D vision applications.
arXiv Detail & Related papers (2024-04-15T09:33:09Z) - SISSA: Real-time Monitoring of Hardware Functional Safety and
Cybersecurity with In-vehicle SOME/IP Ethernet Traffic [49.549771439609046]
We propose SISSA, a SOME/IP communication traffic-based approach for modeling and analyzing in-vehicle functional safety and cyber security.
Specifically, SISSA models hardware failures with the Weibull distribution and addresses five potential attacks on SOME/IP communication.
Extensive experimental results show the effectiveness and efficiency of SISSA.
arXiv Detail & Related papers (2024-02-21T03:31:40Z) - Automating SBOM Generation with Zero-Shot Semantic Similarity [2.169562514302842]
A Software-Bill-of-Materials (SBOM) is a comprehensive inventory detailing a software application's components and dependencies.
We propose an automated method for generating SBOMs to prevent disastrous supply-chain attacks.
Our test results are compelling, demonstrating the model's strong performance in the zero-shot classification task.
arXiv Detail & Related papers (2024-02-03T18:14:13Z) - Challenges in Drone Firmware Analyses of Drone Firmware and Its Solutions [2.1961544533969257]
Drone sector has gained significant attention for both commercial and military purposes.
Most security research to mitigate threats to IoT devices has focused primarily on networks, firmware and mobile applications.
In this paper, we discuss the challenges of dynamically analyzing drone firmware and propose potential solutions.
arXiv Detail & Related papers (2023-12-28T04:25:49Z) - Random resistive memory-based deep extreme point learning machine for
unified visual processing [67.51600474104171]
We propose a novel hardware-software co-design, random resistive memory-based deep extreme point learning machine (DEPLM)
Our co-design system achieves huge energy efficiency improvements and training cost reduction when compared to conventional systems.
arXiv Detail & Related papers (2023-12-14T09:46:16Z) - Abusing Processor Exception for General Binary Instrumentation on Bare-metal Embedded Devices [11.520387655426521]
PIFER (Practical Instrumenting Framework for Embedded fiRmware) enables general and fine-grained static binary instrumentation for embedded bare-metal firmware.
We propose an instruction translation-based scheme to guarantee the correct execution of the original firmware after patching.
arXiv Detail & Related papers (2023-11-28T05:32:20Z) - A survey on hardware-based malware detection approaches [45.24207460381396]
Hardware-based malware detection approaches leverage hardware performance counters and machine learning prowess.
We meticulously analyze the approach, unraveling the most common methods, algorithms, tools, and datasets that shape its contours.
The discussion extends to crafting mixed hardware and software approaches for collaborative efficacy, essential enhancements in hardware monitoring units, and a better understanding of the correlation between hardware events and malware applications.
arXiv Detail & Related papers (2023-03-22T13:00:41Z) - MAPLE-X: Latency Prediction with Explicit Microprocessor Prior Knowledge [87.41163540910854]
Deep neural network (DNN) latency characterization is a time-consuming process.
We propose MAPLE-X which extends MAPLE by incorporating explicit prior knowledge of hardware devices and DNN architecture latency.
arXiv Detail & Related papers (2022-05-25T11:08:20Z) - A Survey of Machine Learning Algorithms for Detecting Malware in IoT
Firmware [0.0]
This paper employs a number of machine learning algorithms to classify IoT firmware and the best performing models are reported.
Deep learning approaches including Convolutional and Fully Connected Neural Networks are also explored.
arXiv Detail & Related papers (2021-11-03T17:55:51Z) - Adversarial EXEmples: A Survey and Experimental Evaluation of Practical
Attacks on Machine Learning for Windows Malware Detection [67.53296659361598]
adversarial EXEmples can bypass machine learning-based detection by perturbing relatively few input bytes.
We develop a unifying framework that does not only encompass and generalize previous attacks against machine-learning models, but also includes three novel attacks.
These attacks, named Full DOS, Extend and Shift, inject the adversarial payload by respectively manipulating the DOS header, extending it, and shifting the content of the first section.
arXiv Detail & Related papers (2020-08-17T07:16:57Z)
This list is automatically generated from the titles and abstracts of the papers in this site.
This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.