FlexEmu: Towards Flexible MCU Peripheral Emulation (Extended Version)

• URL: http://arxiv.org/abs/2509.07615v1
• Date: Tue, 09 Sep 2025 11:38:30 GMT
• Title: FlexEmu: Towards Flexible MCU Peripheral Emulation (Extended Version)
• Authors: Chongqing Lei, Zhen Ling, Xiangyu Xu, Shaofeng Li, Guangchi Liu, Kai Dong, Junzhou Luo,
• Abstract summary: We propose FlexEmu, a flexible MCU peripheral emulation framework.<n>We have successfully applied FlexEmu to model 12 kinds of MCU peripherals.<n>Our evaluation on 90 firmware samples across 15 different MCU platforms shows that the automatically generated emulators can faithfully replicate hardware behaviors.
• Score: 18.25411318855939
• License: http://creativecommons.org/licenses/by/4.0/
• Abstract: Microcontroller units (MCUs) are widely used in embedded devices due to their low power consumption and cost-effectiveness. MCU firmware controls these devices and is vital to the security of embedded systems. However, performing dynamic security analyses for MCU firmware has remained challenging due to the lack of usable execution environments -- existing dynamic analyses cannot run on physical devices (e.g., insufficient computational resources), while building emulators is costly due to the massive amount of heterogeneous hardware, especially peripherals. Our work is based on the insight that MCU peripherals can be modeled in a two-fold manner. At the structural level, peripherals have diverse implementations but we can use a limited set of primitives to abstract peripherals because their hardware implementations are based on common hardware concepts. At the semantic level, peripherals have diverse functionalities. However, we can use a single unified semantic model to describe the same kind of peripherals because they exhibit similar functionalities. Building on this, we propose FlexEmu, a flexible MCU peripheral emulation framework. Once semantic models are created, FlexEmu automatically extracts peripheral-specific details to instantiate models and generate emulators accordingly. We have successfully applied FlexEmu to model 12 kinds of MCU peripherals. Our evaluation on 90 firmware samples across 15 different MCU platforms shows that the automatically generated emulators can faithfully replicate hardware behaviors and achieve a 98.48% unit test passing rate, outperforming state-of-the-art approaches. To demonstrate the implications of FlexEmu on firmware security, we use the generated emulators to fuzz three popular RTOSes and uncover 10 previously unknown bugs.

Related papers

• RAPID: Reconfigurable, Adaptive Platform for Iterative Design [3.8103821995386356]
  RAPID is a tool-free, modular hardware architecture that unifies handheld data collection and robot deployment.<n>Physical Mask exposes modality presence as an explicit runtime signal.<n>System-centric experiments show that RAPID reduces the setup time for multi-modal configurations by two orders of magnitude.
  arXiv  Detail & Related papers  (2026-02-06T12:28:46Z)
• Leveraging SystemC-TLM-based Virtual Prototypes for Embedded Software Fuzzing [1.4764499873402919]
  SystemC-based virtual prototypes have emerged as widely adopted tools to test software ahead of hardware availability.<n>We present a framework that allows the integration of American-Fuzzy-Lop-based fuzzers and SystemC-based simulators.
  arXiv  Detail & Related papers  (2025-09-01T10:03:11Z)
• FMI Meets SystemC: A Framework for Cross-Tool Virtual Prototyping [0.1747623282473278]
  To develop software without requiring access to physical hardware, full-system simulators are commonly used.<n>SystemC lacks native FMI support, which limits the integration into broader co-simulation environments.<n>This paper presents a novel framework to control and interact with SystemC-based VPs using the FMI.
  arXiv  Detail & Related papers  (2025-07-24T12:11:47Z)
• EmbedFuzz: High Speed Fuzzing Through Transplantation [21.875588930207943]
  This paper introduces EmbedFuzz, an efficient fuzzing framework for embedded firmware on low-end Microcontroller Units (MCUs)<n>Our novel firmware transplantation technique converts binary MCU firmware to a functionally equivalent and fuzzing-enhanced version of the firmware which executes on a compatible high-end device at native performance.<n>In our evaluation against state-of-the-art MCU fuzzers, EmbedFuzz exhibits up to eight-fold fuzzing throughput while consuming at most a fourth of the energy thanks to its native execution.
  arXiv  Detail & Related papers  (2024-12-17T10:09:55Z)
• Designing and Implementing a Generator Framework for a SIMD Abstraction Library [53.84310825081338]
  We present TSLGen, a novel end-to-end framework for generating an SIMD abstraction library. We show that our framework is comparable to existing libraries, and we achieve the same performance results.
  arXiv  Detail & Related papers  (2024-07-26T13:25:38Z)
• Random resistive memory-based deep extreme point learning machine for unified visual processing [67.51600474104171]
  We propose a novel hardware-software co-design, random resistive memory-based deep extreme point learning machine (DEPLM) Our co-design system achieves huge energy efficiency improvements and training cost reduction when compared to conventional systems.
  arXiv  Detail & Related papers  (2023-12-14T09:46:16Z)
• AIM: Automatic Interrupt Modeling for Dynamic Firmware Analysis [14.623460803437057]
  We present AIM, a generic, scalable, and hardware-independent dynamic firmware analysis framework. AIM covers interrupt-dependent code in firmware by a novel, firmware-guided, Just-in-Time Interrupt Firing technique. Our framework covered up to 11.2 times more interrupt-dependent code than state-of-the-art approaches.
  arXiv  Detail & Related papers  (2023-12-02T18:06:22Z)
• U-TOE: Universal TinyML On-board Evaluation Toolkit for Low-Power IoT [3.981958767941474]
  U-TOE is a universal toolkit designed to facilitate the task of IoT designers and researchers. We provide an open source implementation of U-TOE and demonstrate its use to experimentally evaluate the performance of various models.
  arXiv  Detail & Related papers  (2023-06-26T10:35:31Z)
• Cooperative Hardware-Prompt Learning for Snapshot Compressive Imaging [51.65127848056702]
  We propose a Federated Hardware-Prompt learning (FedHP) framework to cooperatively optimize snapshot compressive imaging systems.<n>FedHP learns a hardware-conditioned prompter to align inconsistent data distribution across clients, serving as an indicator of the data inconsistency among different hardware.<n>Experiments demonstrate that the proposed FedHP coordinates the pre-trained model to multiple hardware configurations, outperforming prevalent FL frameworks for 0.35dB.
  arXiv  Detail & Related papers  (2023-06-01T22:21:28Z)
• SensiX++: Bringing MLOPs and Multi-tenant Model Serving to Sensory Edge Devices [69.1412199244903]
  We present a multi-tenant runtime for adaptive model execution with integrated MLOps on edge devices, e.g., a camera, a microphone, or IoT sensors. S SensiX++ operates on two fundamental principles - highly modular componentisation to externalise data operations with clear abstractions and document-centric manifestation for system-wide orchestration. We report on the overall throughput and quantified benefits of various automation components of SensiX++ and demonstrate its efficacy to significantly reduce operational complexity and lower the effort to deploy, upgrade, reconfigure and serve embedded models on edge devices.
  arXiv  Detail & Related papers  (2021-09-08T22:06:16Z)
• SensiX: A Platform for Collaborative Machine Learning on the Edge [69.1412199244903]
  We present SensiX, a personal edge platform that stays between sensor data and sensing models. We demonstrate its efficacy in developing motion and audio-based multi-device sensing systems. Our evaluation shows that SensiX offers a 7-13% increase in overall accuracy and up to 30% increase across different environment dynamics at the expense of 3mW power overhead.
  arXiv  Detail & Related papers  (2020-12-04T23:06:56Z)
• Integrated Benchmarking and Design for Reproducible and Accessible Evaluation of Robotic Agents [61.36681529571202]
  We describe a new concept for reproducible robotics research that integrates development and benchmarking. One of the central components of this setup is the Duckietown Autolab, a standardized setup that is itself relatively low-cost and reproducible. We validate the system by analyzing the repeatability of experiments conducted using the infrastructure and show that there is low variance across different robot hardware and across different remote labs.
  arXiv  Detail & Related papers  (2020-09-09T15:31:29Z)

This list is automatically generated from the titles and abstracts of the papers in this site.

This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.