Related papers: FirmRCA: Towards Post-Fuzzing Analysis on ARM Embedded Firmware with Efficient Event-based Fault Localization

FirmRCA: Towards Post-Fuzzing Analysis on ARM Embedded Firmware with Efficient Event-based Fault Localization

URL: http://arxiv.org/abs/2410.18483v1
Date: Thu, 24 Oct 2024 07:12:08 GMT
Title: FirmRCA: Towards Post-Fuzzing Analysis on ARM Embedded Firmware with Efficient Event-based Fault Localization
Authors: Boyu Chang, Binbin Zhao, Qiao Zhang, Peiyu Liu, Yuan Tian, Raheem Beyah, Shouling Ji,
Abstract summary: FirmRCA is a practical fault localization framework tailored specifically for embedded firmware. We show that FirmRCA can effectively identify the root cause of crashing test cases within the top 10 instructions.
Score: 37.29599884531106
License: http://arxiv.org/licenses/nonexclusive-distrib/1.0/
Abstract: While fuzzing has demonstrated its effectiveness in exposing vulnerabilities within embedded firmware, the discovery of crashing test cases is only the first step in improving the security of these critical systems. The subsequent fault localization process, which aims to precisely identify the root causes of observed crashes, is a crucial yet time-consuming post-fuzzing work. Unfortunately, the automated root cause analysis on embedded firmware crashes remains an underexplored area, which is challenging from several perspectives: (1) the fuzzing campaign towards the embedded firmware lacks adequate debugging mechanisms, making it hard to automatically extract essential runtime information for analysis; (2) the inherent raw binary nature of embedded firmware often leads to over-tainted and noisy suspicious instructions, which provides limited guidance for analysts in manually investigating the root cause and remediating the underlying vulnerability. To address these challenges, we design and implement FirmRCA, a practical fault localization framework tailored specifically for embedded firmware. FirmRCA introduces an event-based footprint collection approach to aid and significantly expedite reverse execution. Next, to solve the complicated memory alias problem, FirmRCA proposes a history-driven method by tracking data propagation through the execution trace, enabling precise identification of deep crash origins. Finally, FirmRCA proposes a novel strategy to highlight key instructions related to the root cause, providing practical guidance in the final investigation. We evaluate FirmRCA with both synthetic and real-world targets, including 41 crashing test cases across 17 firmware images. The results show that FirmRCA can effectively (92.7% success rate) identify the root cause of crashing test cases within the top 10 instructions.

Related papers

Detecting Object Tracking Failure via Sequential Hypothesis Testing [80.7891291021747]
Real-time online object tracking in videos constitutes a core task in computer vision.<n>We propose interpreting object tracking as a sequential hypothesis test, wherein evidence for or against tracking failures is gradually accumulated over time.<n>We propose both supervised and unsupervised variants by leveraging either ground-truth or solely internal tracking information.
arXiv Detail & Related papers (2026-02-13T14:57:15Z)
Outrunning LLM Cutoffs: A Live Kernel Crash Resolution Benchmark for All [57.23434868678603]
Live-kBench is an evaluation framework for self-evolving benchmarks that scrapes and evaluates agents on freshly discovered kernel bugs.<n> kEnv is an agent-agnostic crash-resolution environment for kernel compilation, execution, and feedback.<n>Using kEnv, we benchmark three state-of-the-art agents, showing that they resolve 74% of crashes on the first attempt.
arXiv Detail & Related papers (2026-02-02T19:06:15Z)
Automated SBOM-Driven Vulnerability Triage for IoT Firmware: A Lightweight Pipeline for Risk Prioritization [0.0]
This paper presents a lightweight, automated pipeline designed to extract file systems from Linux-based IoT firmware.<n>It generates a comprehensive Software Bill of Materials, map identified components to known vulnerabilities, and apply a multi-factor triage scoring model.<n>We describe the architecture, the normalization challenges of embedded Linux, and a scoring methodology intended to reduce alert fatigue.
arXiv Detail & Related papers (2026-01-04T00:09:01Z)
D-REX: A Benchmark for Detecting Deceptive Reasoning in Large Language Models [62.83226685925107]
Deceptive Reasoning Exposure Suite (D-REX) is a novel dataset designed to evaluate the discrepancy between a model's internal reasoning process and its final output.<n>Each sample in D-REX contains the adversarial system prompt, an end-user's test query, the model's seemingly innocuous response, and, crucially, the model's internal chain-of-thought.<n>We demonstrate that D-REX presents a significant challenge for existing models and safety mechanisms.
arXiv Detail & Related papers (2025-09-22T15:59:40Z)
A layered architecture for log analysis in complex IT systems [0.21756081703276]
This dissertation introduces a three-layered architecture to support DevOps in failure resolution.<n>The first layer, Log Investigation, performs autonomous log labeling and anomaly classification.<n>The second layer, Anomaly Detection, detects behaviors deviating from the norm.<n>The third layer, Root Cause Analysis, identifies minimal log sets describing failures, their origin, and event sequences.
arXiv Detail & Related papers (2025-08-29T11:28:21Z)
UncTrack: Reliable Visual Object Tracking with Uncertainty-Aware Prototype Memory Network [75.9933952886197]
UncTrack is a novel uncertainty-aware transformer tracker that predicts the target localization uncertainty. Our method outperforms other state-of-the-art methods in experiments.
arXiv Detail & Related papers (2025-03-17T07:33:16Z)
CRAFT: Characterizing and Root-Causing Fault Injection Threats at Pre-Silicon [4.83186491286234]
This work presents a comprehensive methodology for conducting controlled fault injection attacks at the pre-silicon level. As the driving application, we use the clock glitch attacks in AI/ML applications for critical misclassification.
arXiv Detail & Related papers (2025-03-05T20:17:46Z)
Honest to a Fault: Root-Causing Fault Attacks with Pre-Silicon RISC Pipeline Characterization [4.83186491286234]
This study aims to characterize and diagnose the impact of faults within the RISC-V instruction set and pipeline stages, while tracing fault propagation from the circuit level to the AI/ML application software. This analysis resulted in discovering a novel vulnerability through controlled clock glitch parameters, specifically targeting the RISC-V decode stage.
arXiv Detail & Related papers (2025-03-05T20:08:12Z)
Lost and Found in Speculation: Hybrid Speculative Vulnerability Detection [15.258238125090667]
We introduce Specure, a novel pre-silicon verification method composing hardware fuzzing with Information Flow Tracking (IFT) to address speculative execution leakages. Specure identifies previously overlooked speculative execution vulnerabilities on the RISC-V BOOM processor and explores the vulnerability search space 6.45x faster than existing fuzzing techniques.
arXiv Detail & Related papers (2024-10-29T21:42:06Z)
LogRCA: Log-based Root Cause Analysis for Distributed Services [4.049637286678329]
We propose LogRCA, a novel method for identifying a minimal set of log lines that together describe a root cause. LogRCA uses a semi-supervised learning approach to deal with rare and unknown errors and is designed to handle noisy data. We evaluated our approach on a large-scale production log data set of 44.3 million log lines, which contains 80 failures, whose root causes were labeled by experts.
arXiv Detail & Related papers (2024-05-22T12:50:56Z)
VulEval: Towards Repository-Level Evaluation of Software Vulnerability Detection [14.312197590230994]
repository-level evaluation system named textbfVulEval aims at evaluating the detection performance of inter- and intra-procedural vulnerabilities simultaneously. VulEval consists of a large-scale dataset, with a total of 4,196 CVE entries, 232,239 functions, and corresponding 4,699 repository-level source code in C/C++ programming languages.
arXiv Detail & Related papers (2024-04-24T02:16:11Z)
Multi-modal Causal Structure Learning and Root Cause Analysis [67.67578590390907]
We propose Mulan, a unified multi-modal causal structure learning method for root cause localization. We leverage a log-tailored language model to facilitate log representation learning, converting log sequences into time-series data. We also introduce a novel key performance indicator-aware attention mechanism for assessing modality reliability and co-learning a final causal graph.
arXiv Detail & Related papers (2024-02-04T05:50:38Z)
ACAV: A Framework for Automatic Causality Analysis in Autonomous Vehicle Accident Recordings [5.578446693797519]
Recent fatalities have emphasized the importance of safety validation through large-scale testing. We propose ACAV, an automated framework designed to conduct causality analysis for AV accident recordings. We evaluate ACAV on the Apollo ADS, finding that it can identify five distinct types of causal events in 93.64% of 110 accident recordings.
arXiv Detail & Related papers (2024-01-13T12:41:05Z)
MIRAGE: Multi-Binary Image Risk Assessment with Attack Graph Employment [10.363703258465407]
An attack graph (AG) can be used to assess and visually display firmware's risks. We propose MIRAGE, a framework for identifying potential attack vectors and vulnerable interactions between firmware binaries.
arXiv Detail & Related papers (2023-11-06T22:07:04Z)
Automatic Root Cause Analysis via Large Language Models for Cloud Incidents [51.94361026233668]
We introduce RCACopilot, an on-call system empowered by a large language model for automating root cause analysis of cloud incidents. RCACopilot matches incoming incidents to corresponding incident handlers based on their alert types, aggregates the critical runtime diagnostic information, predicts the incident's root cause category, and provides an explanatory narrative. We evaluate RCACopilot using a real-world dataset consisting of a year's worth of incidents from Microsoft.
arXiv Detail & Related papers (2023-05-25T06:44:50Z)
Disentangled Causal Graph Learning for Online Unsupervised Root Cause Analysis [49.910053255238566]
Root cause analysis (RCA) can identify the root causes of system faults/failures by analyzing system monitoring data. Previous research has mostly focused on developing offline RCA algorithms, which often require manually initiating the RCA process. We propose CORAL, a novel online RCA framework that can automatically trigger the RCA process and incrementally update the RCA model.
arXiv Detail & Related papers (2023-05-18T01:27:48Z)
Mining Root Cause Knowledge from Cloud Service Incident Investigations for AIOps [71.12026848664753]
Root Cause Analysis (RCA) of any service-disrupting incident is one of the most critical as well as complex tasks in IT processes. In this work, we present ICA and the downstream Incident Search and Retrieval based RCA pipeline, built at Salesforce.
arXiv Detail & Related papers (2022-04-21T02:33:34Z)
Exploring Robustness of Unsupervised Domain Adaptation in Semantic Segmentation [74.05906222376608]
We propose adversarial self-supervision UDA (or ASSUDA) that maximizes the agreement between clean images and their adversarial examples by a contrastive loss in the output space. This paper is rooted in two observations: (i) the robustness of UDA methods in semantic segmentation remains unexplored, which pose a security concern in this field; and (ii) although commonly used self-supervision (e.g., rotation and jigsaw) benefits image tasks such as classification and recognition, they fail to provide the critical supervision signals that could learn discriminative representation for segmentation tasks.
arXiv Detail & Related papers (2021-05-23T01:50:44Z)

This list is automatically generated from the titles and abstracts of the papers in this site.