Side-Channel Assisted Real-Time Fuzzing for Embedded Systems (SCARFES): FY23 Cyber Security Line-Supported Program
Abstract
The U.S. government has a need to protect an increasing number of critical embedded systems (ES). Automated vulnerability assessments (VA) at scale are challenged by the vast diversity of ES. The choice solution to ES VA is a combination of static and dynamic analysis enabled by a combination of source code, binaries, and development environments and/or digital twins used to develop the system. In cases where the development environment is not available to the government, as is often the case due to intellectual property concerns, for example, dynamic analysis can be enabled by rehosting the device in an emulator. The rehosting process today is manually intensive; In order for the embedded system to run, peripheral devices must be manually "stubbed out", a process that is difficult to automate due to the vast variety of peripherals and their implementations [1] Once emulated, this methodology allows for rapid coverage-based fuzzing, leveraging pairs of random program input and the code traces resulting from those inputs. In the absence of rehosting, some vulnerability assessment efforts have used blackbox fuzzing to harden systems of interest. This method carries significant disadvantages because the lack of instrumentation does not allow assessors introspection on the computation state that cannot be externally observed, including whether the system has crashed or what code paths were exercised by the system under test in response to input. Although rehosting is quicker at discovering inputs for all traces through a CFG than random fuzzing and providing information useful for tracing execution to the bugs that cause crashes, it requires a large up-front labor investment which can be made larger in the case of uncommon ES architectures with few instrumentation tools available.
Document Details
- Document Type
- Technical Report
- Publication Date
- Feb 21, 2024
- Accession Number
- AD1222726
Entities
People
- Brandon V. John
- Brendon R. Chetwynd
- Emily K. Shields
- Erez Binyamin
- Kyle W. Ingols
- Kyle W. Mcclintick
Organizations
- Massachusetts Institute of Technology