Digital Library[ Search Result ]
u-INJECTOR: Unicorn-based Firmware Dynamic Analysis Tool
Youngbeen Yoo, Hanbit Kim, Junghyung Park, Jinsung Cho
http://doi.org/10.5626/JOK.2025.52.4.269
As proliferation of IoT devices fuels growth of the embedded market and expands application areas of embedded devices, the risk of vulnerability exploitation is increasing, particularly as many IoT device manufacturers does not allow security guidelines. This has led to an increased risk of exploitation through vulnerability attacks. Consequently, it's crucial to analyze and address vulnerabilities in embedded firmware beforehand to ensure system safety. While dynamic analysis techniques are crucial for assessing such vulnerabilities, unique development environments of embedded devices, as opposed to host PCs, along with the diversity in hardware architectures, pose challenges in setting up a firmware analysis environment using virtualization tools like QEMU alone. To overcome these challenges, this study introduced an embedded firmware vulnerability analysis tool, u-INJECTOR, utilizing the open-source CPU virtualization tool, Unicorn. u-INJECTOR can significantly reduce environment construction costs compared to QEMU by automatically analyzing symbols of executable files and establishing a virtualization environment for embedded firmware. The u-INJECTOR described in this research is expected to serve as a valuable tool for detecting vulnerabilities against side-channel and fault injection attacks.
Input Data Description using Stratified Context-Free Grammar
Taehwan Kim, Damho Lee, Hyunji Seo, Changwoo Pyo
http://doi.org/10.5626/JOK.2019.46.4.321
This paper defines Data Description Language (DDL) based on a context-free grammar that describes syntactic characteristics of input from multiple input files or devices. Each input file or device has its input description, which is connected to its upper-level input description to form a hierarchy. We also developed a method generating input data using DDL. To demonstrate DDL’s utility, we have compared our method with two others using the metrics of basic block coverage and input generation times. For 37 programs of Coreutils, our method generated valid input faster by O(103) times, and the coverage was higher by 25.44% than KLEE. Compared to the method of single context-free grammars, ours took 1.52 times, but basic block coverage was larger by 6.59%. Currently, we use DDL for generating regular input for dynamic control-flow analysis.
An Effective Technique for Detecting Vulnerabilities in Android Device Drivers
Android- and Linux-based embedded systems require device drivers, which are structured and built in kernel functions. However, device driver software (firmware) provided by various 3rd parties is not usually checked in terms of their security requirements but is simply included in the final products, that is, Android-based smart phones. In addition, static analysis, which is generally used to detect vulnerabilities, may result in extra cost to detect critical security issues such as privilege escalation due to its large proportion of false positive results. In this paper, we propose and evaluate an effective technique to detect vulnerabilities in Android device drivers using both static and dynamic analyses.
A Study on Quality Assurance of Embedded Software Source Codes for Weapon Systems by Improving the Reliability Test Process
Kyeong Yong Kwon, Joon Seok Joo, Tae Sik Kim, Jin Woo Oh, Ji Hyun Baek
In the defense field, weapon systems are increasing in importance, as well as the weight of the weapon system embedded software development as an advanced technology. As the development of a network-centric warfare has become important to secure the reliability and quality of embedded software in modern weapons systems in battlefield situations. Also, embedded software problems are transferred to the production stage in the development phase and the problem gives rise to an enormous loss at the national level. Furthermore, development companies have not systematically constructed a software reliability test. This study suggests that approaches about a quality-verification- system establishment of embedded software, based on a variety of source code reliability test verification case analysis.
Control Flow Reconstruction from Virtualization-Obfuscated Binaries
Control flow information is useful in the analysis and comparison of programs. Virtualization-obfuscation hides control structures of the original program by transforming machine instructions into bytecode. Direct examination of the resulting binary reveals only the structure of the interpreter. Recovery of the original instructions requires knowledge of the virtual machine architecture, which is randomly generated and hidden. In this paper, we propose a method to reconstruct original control flow using only traces generated from the obfuscated binary. We consider traces as strings and find an automaton that represents the strings. State transitions in the automaton correspond to the control transfers in the original program. We have shown the effectiveness of our method with commercial obfuscators.
A Dynamic Approach to Extract the Original Semantics and Structure of VM-based Obfuscated Binary Executables
In recent years, the obfuscation techniques are commonly exploited to protect malwares, so obfuscated malwares have become a big threat. Especially, it is extremely hard to analyze virtualization obfuscated malwares based on unusual virtual machines, because the original program is hidden by the virtual machine as well as its semantics is mixed with the semantics of the virtual machine. To confront this threat, we suggest a framework to analyze virtualization obfuscated programs based on the dynamic analysis. First, we extract the dynamic execution trace of the virtualization obfuscated executables. Second, we analyze the traces by translating machine instruction sequences into the intermediate representation and extract the virtual machine architecture by constructing dynamic context flow graphs. Finally, we extract abstract semantics of the original program using the extracted virtual machine architecture. In this paper, we propose a method to extract the information of the original program from a virtualization obfuscated program by some commercial obfuscation tools. We expect that our tool can be used to understand virtualization obfuscated programs and integrate other program analysis techniques so that it can be applied to analysis of the semantics of original programs using the abstract semantics.
Search
Journal of KIISE
- ISSN : 2383-630X(Print)
- ISSN : 2383-6296(Electronic)
- KCI Accredited Journal
Editorial Office
- Tel. +82-2-588-9240
- Fax. +82-2-521-1352
- E-mail. chwoo@kiise.or.kr