Write a Blog >>
ASE 2021
Sun 14 - Sat 20 November 2021 Australia
Thu 18 Nov 2021 18:00 - 18:20 at Kangaroo - Firmware Chair(s): ingo Mueller

Linux kernel is widely used in embedded systems. To understand practical threats to the Linux kernel, we need to perform dynamic analysis with a full-system emulator, e.g., QEMU. However, due to the hardware fragmentation, e.g., various types of peripherals, most embedded systems are not currently supported by QEMU. Though some progress has been made on rehosting firmware, it mainly focuses on user space programs or simple real-time operating systems.

The goal of this work is to boost the capability of rehosting the embedded Linux kernels in QEMU. By doing so, dynamic analysis systems can be firstly applied on embedded Linux kernels by leveraging off-the-shelf tools upon QEMU. Accordingly, we proposed a new technique called model-guided kernel execution. It combines the peripheral abstractions in the Linux kernel and kernel-peripheral interactions to semi-automatically generate peripheral models that are then used to synthesize new QEMU virtual machines to start the dynamic analysis.

We have implemented a prototype called FirmGuide. It generates 9 peripheral models with full functionality and 64 with minimum functionality covering 26 SoCs. Our evaluation with 6, 188 firmware images shows that it can successfully rehost more than 95% of Linux kernels in 2 architectures and 22 versions. None of them can be rehosted in the vanilla QEMU. The result of the LTP benchmark shows the reliability and robustness of the rehosted Linux kernels. We further conduct two security applications, i.e., vulnerability analysis and fuzzing, on the rehosted Linux kernels to demonstrate the usage scenarios.

Thu 18 Nov

Displayed time zone: Hobart change

18:00 - 19:00
FirmwareResearch Papers / NIER track / Industry Showcase at Kangaroo
Chair(s): ingo Mueller Monash University
FirmGuide: Boosting the Capability of Rehosting Embedded Linux Kernels through Model-Guided Kernel Execution
Research Papers
Qiang Liu Zhejiang University, Cen Zhang Nanyang Technological University, Lin Ma Zhejiang University, Muhui Jiang The Hong Kong Polytechnic University; Zhejiang University, Yajin Zhou Zhejiang University, Lei Wu Zhejiang University, Wenbo Shen Zhejing University, Xiapu Luo Hong Kong Polytechnic University, Yang Liu Nanyang Technological University, Kui Ren Zhejiang University
iFIZZ: Deep-State and Efficient Fault-Scenario Generation to Test IoT Firmware
Research Papers
Peiyu Liu Zhejiang University, Shouling Ji Zhejiang University, Xuhong Zhang Zhejiang University, Qinming Dai Zhejiang University, Kangjie Lu University of Minnesota, Lirong Fu Zhejiang University, Wenzhi Chen Zhejiang University, Peng Cheng Zhejiang University, Wenhai Wang Zhejiang University, Raheem Beyah Georgia Institute of Technology
BIFF: Practical Binary Fuzzing Framework for Programs of IoT and Mobile Devices
Industry Showcase
Cen Zhang Nanyang Technological University, Yuekang Li Nanyang Technological University, Hongxu Chen Nanyang Technological University, Xiaoxing Luo Huawei Technologies Co., Ltd., Miaohua Li Huawei Technologies Co., Ltd., Anh Quynh Nguyen Nanyang Technological University, Yang Liu Nanyang Technological University
Adaptation 2.0: Adapting Specification Learners in Assured Adaptive Systems
NIER track
Dalal Alrajeh Imperial College London, Patrick Benjamin Imperial College London, Sebastian Uchitel Imperial College London & University of Buenos Aires