avatar enhancing binary firmware security
play

Avatar - Enhancing Binary Firmware Security Analysis with Dynamic - PowerPoint PPT Presentation

Apr 29, 2023 •766 likes •1.04k views

CRYPTACUS Workshop Nijmegen, 16 - 18 November 2017 Avatar - Enhancing Binary Firmware Security Analysis with Dynamic Multi-Target Orchestration Marius Muench <marius.muench@eurecom.fr> PART I Avatar - Enhancing Binary Firmware

  1. CRYPTACUS Workshop Nijmegen, 16 - 18 November 2017 Avatar² - Enhancing Binary Firmware Security Analysis with Dynamic Multi-Target Orchestration Marius Muench <marius.muench@eurecom.fr>

  2. PART I

  3. Avatar² - Enhancing Binary Firmware Security Analysis with Dynamic Multi-Target Orchestration

  4. Avatar² - Enhancing Binary Firmware Security Analysis with Dynamic Multi-Target Orchestration

  5. Dynamic Binary Firmware Security Analysis?  Majority of nowadays vulnerabilities are “low -hanging fruits”  Often 3 rd party analysis  Lack of sophisticated tooling

  6. (Some) Challenges in Dynamic Binary Firmware Analysis  Intransparency  Performance & Scalability  Instrumentation capabilities

  7. Avatar² - Enhancing Binary Firmware Security Analysis with Dynamic Multi-Target Orchestration

  8. Avatar² - Enhancing Binary Firmware Security Analysis with Dynamic Multi-Target Orchestration

  9. Avatar 2  Developed by: - Marius Muench - Dario Nisi - Aurélien Francillon - Davide Balzarotti  Open source: - https://github.com/avatartwo/avatar2  Re-designed and re-implemented from scratch [1] [1] Zaddach, J., Bruno, L., Francillon, A., and Balzarotti, D .: “AVATAR : A Framework to Support Dynamic Security Analysis of Embedded Systems' Firmwares ”. NDSS 14

  10. The general picture

  11. Core Concepts  Target Orchestration  Separation of Execution and Memory  State Transfer and Synchronization

  12. Supported Targets * * Not yet available

  13. Avatar² - Example Script

  14. Phase #0: Preambel

  15. Phase #1: Target Definition

  16. Phase #2: Memory Layout Definition

  17. Phase #3: Orchestration!

  18. A note on peripherals  Main source of complication for emulation  Avatar 2 offers different strategies: - Full emulation - Partial emulation using peripheral forwarding - Partial emulation using python abstractions 21/12/2017 -

  19. PART II (WYCINWYC)

  20. WYCINWYC - Overview  Acronym for “What You Corrupt Is Not What You Crash” [2]  Joint Work with Siemens  Utilizes Avatar 2 to improve fuzz testing on embedded systems [2] Muench, M., Stijohann, J., Kargl, F., Francillon, A. and Balzarotti , D.: “What You Corrupt Is Not What You Crash: Challenges in Fuzzing Embedded Devices”. To appear at NDSS 2018

  21. WYCINWYC - Setup -

  22. WYCINWYC - Analysis Plugins [2] Muench, Marius et al. “What You Corrupt Is Not What You Crash: Challenges in Fuzzing Embedded Devices”. To appear at NDSS 2018 -

  23. WYCINWYC - Results S1: Native S3: Partial Emulation (Avatar Peripheral) S2: Partial Emulation (Peripheral Forwarding) S4: Full Emulation

  24. Related Tools  AVATAR ;)  Firmadyne Chen, D. D., Woo, M., Brumley, D., & Egele, M .: “Towards Automated Dynamic Analysis for Linux- based Embedded Firmware”. NDSS 2016  Luaqemu https://github.com/Comsecuris/luaqemu  PROSPECT Kammerstetter, M, Platzer, C., & Kastner, W.: “Prospect: peripheral proxying supported embedded code testing.” ASIA CCS 2014

  25. Conclusion  Appropriate tooling is important  … so are good emulators  Until then, avatar 2 might be helpful  We are just at the beginning…

  26. Questions? https://github.com/avatartwo/avatar2

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Contents 1. Binary firmware analysis 2. Tooling landscape 3. The avatar 2 framework 4. Examples

Contents 1. Binary firmware analysis 2. Tooling landscape 3. The avatar 2 framework 4. Examples

avatar 2 Marius Muench 34c3 - December 29, 2017 Contents 1. Binary firmware analysis 2. Tooling landscape 3. The avatar 2 framework 4. Examples 5. Conclusion 1 Binary Firmware Analysis Motivation Amount of embedded devices steadily

3.29k views • 51 slides
Component Firmware http://outflux.net/slides/2014/lss/firmware.pdf Linux Security Summit, Chicago

Component Firmware http://outflux.net/slides/2014/lss/firmware.pdf Linux Security Summit, Chicago

Component Firmware http://outflux.net/slides/2014/lss/firmware.pdf Linux Security Summit, Chicago 2014 Kees Cook &lt;keescook@chromium.org&gt; (pronounced Case) Overview Wait, which firmware? Threats Update methods

311 views • 20 slides
The Avatar project: Improving embedded security with SE, KLEE and Qemu

The Avatar project: Improving embedded security with SE, KLEE and Qemu

The Avatar project: Improving embedded security with SE, KLEE and Qemu http://www.s3.eurecom.fr/tools/avatar/ Luca Bruno &lt;lucab@debian.org&gt;, J. Zaddach, A. Francillon, D. Balzarotti About us Eurecom, a consortium of European

740 views • 29 slides
Embedded Devices Security Firmware Reverse Engineering Jonas Zaddach Andrei Costin August 11,

Embedded Devices Security Firmware Reverse Engineering Jonas Zaddach Andrei Costin August 11,

Embedded Devices Security Firmware Reverse Engineering Jonas Zaddach Andrei Costin August 11, 2013 Andrei Costin/Jonas Zaddach www.firmware.re 1/104 About Jonas Zaddach PhD. candidate on &quot;Development of novel binary analysis

1.25k views • 104 slides
BECOMING AN AVATAR OF THE GODDESS: DIVINE FEMININE EMPOWERMENT OF NON- BINARY GENDER IDENTITY

BECOMING AN AVATAR OF THE GODDESS: DIVINE FEMININE EMPOWERMENT OF NON- BINARY GENDER IDENTITY

BECOMING AN AVATAR OF THE GODDESS: DIVINE FEMININE EMPOWERMENT OF NON- BINARY GENDER IDENTITY UUC Service, June 18th 2017 By Athne Machdane ATHNE MACHDANE Fire Maiden Pangender Priestess of the Goddess When you adorn yourselves in My robes I

298 views • 17 slides
AVATAR: A Framework for Dynamic Security Analysis of Embedded Systems Firmwares Jonas Zaddach

AVATAR: A Framework for Dynamic Security Analysis of Embedded Systems Firmwares Jonas Zaddach

AVATAR: A Framework for Dynamic Security Analysis of Embedded Systems Firmwares Jonas Zaddach (zaddach@eurecom.fr) Luca Bruno, Aurlien Francillon, Davide Balzarotti Outline Introduction AVATAR overview Framework components

1.09k views • 44 slides
Secure Firmware Updates in the IoT COMPETENCE CENTRE FOR IT-SECURITY, MASTER STUDIES IT-SECURITY

Secure Firmware Updates in the IoT COMPETENCE CENTRE FOR IT-SECURITY, MASTER STUDIES IT-SECURITY

Secure Firmware Updates in the IoT COMPETENCE CENTRE FOR IT-SECURITY, MASTER STUDIES IT-SECURITY Silvie Schmidt Competence Centre for IT- Security at FH Campus Wien Project ELVIS Embedded Lab Vienna for IoT &amp; Security Agenda

811 views • 37 slides
Senior school home page SEM and EM photographs of various microbes and all pack artwork available

Senior school home page SEM and EM photographs of various microbes and all pack artwork available

Students could create their own avatar to guide them through the various sections of Create your own the website, this avatar could potentially remind them of areas they have yet to visit, avatar give them updates on how they can earn more

440 views • 3 slides
Enhancing Control Flow Graph Based Binary Function Identification Clemens Jonischkeit Chair for

Enhancing Control Flow Graph Based Binary Function Identification Clemens Jonischkeit Chair for

Enhancing Control Flow Graph Based Binary Function Identification Clemens Jonischkeit Chair for IT Security 23. November 2017 C. Jonischkeit 1 / 13 Motivation Technische Universitt Mnchen I just wasted 3 hours of my life. . . . .

539 views • 29 slides
IDOLS WITH FEET OF CLAY: ON THE SECURITY OF BOOTLOADERS AND FIRMWARE UPDATERS FOR THE IOT Lionel

IDOLS WITH FEET OF CLAY: ON THE SECURITY OF BOOTLOADERS AND FIRMWARE UPDATERS FOR THE IOT Lionel

IDOLS WITH FEET OF CLAY: ON THE SECURITY OF BOOTLOADERS AND FIRMWARE UPDATERS FOR THE IOT Lionel Morel | CEA / LIST / DACLE Damien Courouss | CEA / LIST / DACLE NEWCAS Mnchen, Germany 2019 -06-24 BFUs BOOTLOADERS AND FIRMWARE

299 views • 10 slides
Why open source firmware is important Jessie Frazelle - @jessfraz Points of View 1. Security

Why open source firmware is important Jessie Frazelle - @jessfraz Points of View 1. Security

Why open source firmware is important Jessie Frazelle - @jessfraz Points of View 1. Security 2. Usability 3. Visibility First Point of View: Security... Software Software Operating System Kernel Firmware Hardware Software Software

783 views • 62 slides
Effective Validation of Firmware Enabling firmware development and validation to keep pace with

Effective Validation of Firmware Enabling firmware development and validation to keep pace with

Effective Validation of Firmware Enabling firmware development and validation to keep pace with hardware innovations. Tom Melham University of Oxford Problem Firmware today facing greater complexity and shorter schedules coded at low

478 views • 14 slides
Playing with AVATAR How to play with AVATAR Giles Reger, Martin Suda and Andrei Voronkov School

Playing with AVATAR How to play with AVATAR Giles Reger, Martin Suda and Andrei Voronkov School

Playing with AVATAR How to play with AVATAR Giles Reger, Martin Suda and Andrei Voronkov School of Computer Science, University of Manchester The 1st Vampire Workshop Reger,G How to play with AVATAR 1 / 26 Overview Introduction 1

1.1k views • 43 slides
OsmocomBB Free Software GSM baseband firmware for security analysis Harald Welte gnumonks.org

OsmocomBB Free Software GSM baseband firmware for security analysis Harald Welte gnumonks.org

GSM/3G Network Security Introduction Security Problems and the Baseband OsmocomBB Project Summary OsmocomBB Free Software GSM baseband firmware for security analysis Harald Welte gnumonks.org gpl-violations.org OpenBSC airprobe.org

830 views • 37 slides
Breaking Through Another Side Bypassing Firmware Security Boundaries from Embedded Controller

Breaking Through Another Side Bypassing Firmware Security Boundaries from Embedded Controller

Breaking Through Another Side Bypassing Firmware Security Boundaries from Embedded Controller Alex Matrosov Alexandre Gazet Actually 5 months of passionate reverse-engineering nights Disclaimer All the details given about BIOS Guard

968 views • 77 slides
Project Avatar Dr Geraldine Paterson 1 Avatar Funded by Network Innovation Allowance October

Project Avatar Dr Geraldine Paterson 1 Avatar Funded by Network Innovation Allowance October

Project Avatar Dr Geraldine Paterson 1 Avatar Funded by Network Innovation Allowance October 2016 December 2019 Colleague Exploratory Analysis, Concept Publish final Literature Research engagement research refinements Go live

650 views • 9 slides
y I i Expensive to build a network that covers everything Why Wires costmoney Need land Civil

y I i Expensive to build a network that covers everything Why Wires costmoney Need land Civil

i Interdomain Routing y I i Expensive to build a network that covers everything Why Wires costmoney Need land Civil Engineering for layingdown wires have different requirements People How to connect 1960 Physical connectivity St IX

245 views • 6 slides
Linguistic Hacking How to know what a text in an unknown language is about?

Linguistic Hacking How to know what a text in an unknown language is about?

Linguistic Hacking How to know what a text in an unknown language is about? Martin.Haase@uni-bamberg.de maha@jabber.ccc.de 1 Contents how to identify the language of a written text in traditional ways, with the help of computer

511 views • 37 slides
GET UP AND RUNNING TODAYS GOAL: GET ORIENTED TO RSTUDIO, MAKE A PROJECT FOLDER

GET UP AND RUNNING TODAYS GOAL: GET ORIENTED TO RSTUDIO, MAKE A PROJECT FOLDER

GET UP AND RUNNING TODAYS GOAL: GET ORIENTED TO RSTUDIO, MAKE A PROJECT FOLDER https://www.r-project.org https://rstudio.com RStudio will be the control center for your R Projects &gt;_ Current Objects Document Files, Graphs,

591 views • 56 slides
BREXIT 2018 RECAP: THE HYPE, THE REALITY, WHAT CROSS- BORDER OPERATIONS NEED TO KNOW FOR 2019

BREXIT 2018 RECAP: THE HYPE, THE REALITY, WHAT CROSS- BORDER OPERATIONS NEED TO KNOW FOR 2019

BREXIT 2018 RECAP: THE HYPE, THE REALITY, WHAT CROSS- BORDER OPERATIONS NEED TO KNOW FOR 2019 AND BEYOND? DR KAY SWINBURNE MEP VICE-CHAIR, COMMITTEE ON ECONOMIC AND MONETARY AFFAIRS May 2019: European Parliament elections 2020: End of budget

117 views • 9 slides
THE RECONSTRUCTION OF THE EARLY UNIVERSE: GRAVITATION AND OPTIMAL TRANSPORTATION, A REVIEW Yann

THE RECONSTRUCTION OF THE EARLY UNIVERSE: GRAVITATION AND OPTIMAL TRANSPORTATION, A REVIEW Yann

THE RECONSTRUCTION OF THE EARLY UNIVERSE: GRAVITATION AND OPTIMAL TRANSPORTATION, A REVIEW Yann BRENIER CNRS-CMLS, Ecole Polytechnique, Palaiseau Optimal Transport in the Applied Sciences, RICAM-JKU, Linz, 8-12 Dec 2014 Yann Brenier (CNRS,

795 views • 55 slides
2 * 1 /0 '()

2 * 1 /0 '()

2 * 1 /0 '() '*&quot;+ ,- '() !&quot;# $ %&amp; '() .

573 views • 18 slides
Asymmetric Information Measures: Problem Description of the . . . How to Extract Knowledge

Asymmetric Information Measures: Problem Description of the . . . How to Extract Knowledge

How Knowledge Is . . . Experts Are Usually . . . Asymmetric Information Measures: Problem Description of the . . . How to Extract Knowledge Asymptotically . . . Average Case . . . From an Expert so That Average Case: . . . the Experts

605 views • 17 slides
EXPERIENCE FROM THE INJECTORS, RADIATION LEVELS &amp; DAMAGE J.P. Saraiva (CERN R2E Project)

EXPERIENCE FROM THE INJECTORS, RADIATION LEVELS &amp; DAMAGE J.P. Saraiva (CERN R2E Project)

EXPERIENCE FROM THE INJECTORS, RADIATION LEVELS &amp; DAMAGE J.P. Saraiva (CERN R2E Project) October 14, 2014 R2E &amp; Availability Workshop OUTLINE 1. Radiation Levels Overview &amp; Expected Evolution 2. Electronic Devices along the

671 views • 30 slides

More recommend