Abstract for HONS 04/15 - Computer Science and Software Engineering - University of Canterbury - New Zealand

Abstract for HONS 04/15

Applying Bytecode Level Automatic Exploit Generation to Embedded Systems

Matthew Ruffell
Department of Computer Science and Software Engineering
University of Canterbury

Abstract

Finding vulnerabilities in software is a difficult task, typically undertaken by experts. Developers have little of the required knowledge to find complex vulnerabilities in their software products before release. Automation of vulnerability discovery and proof of concept exploit generation is key to enable developers to check and fix software vulnerabilities in the development process. Research in this field is currently directed at automatically generating exploits for software developed for general purpose computers. Embedded systems occupy a significant portion of the market and lack typical security features found on general purpose computers. In this report, we implement automatic exploit generation for embedded systems firmwares, by extending an existing dynamic analysis framework called Avatar. We discuss several techniques to discover vulnerabilities and generate exploits, and evaluate our solution by generating exploits for three vulnerable firmwares written for a popular ARM Cortex-M3 microcontroller.
  • Phone: +64 3 369 2777
    Fax: +64 3 364 2569
    CSSEadministration@canterbury.ac.nz
  • Computer Science and Software Engineering
    University of Canterbury
    Private Bag 4800, Christchurch
    New Zealand
  • Follow us
    FacebookYoutubetwitterLinked In