avatar enhancing binary firmware security
play

Avatar - Enhancing Binary Firmware Security Analysis with Dynamic - PowerPoint PPT Presentation

Apr 29, 2023 •766 likes •1.04k views

CRYPTACUS Workshop Nijmegen, 16 - 18 November 2017 Avatar - Enhancing Binary Firmware Security Analysis with Dynamic Multi-Target Orchestration Marius Muench <marius.muench@eurecom.fr> PART I Avatar - Enhancing Binary Firmware

  1. CRYPTACUS Workshop Nijmegen, 16 - 18 November 2017 Avatar² - Enhancing Binary Firmware Security Analysis with Dynamic Multi-Target Orchestration Marius Muench <marius.muench@eurecom.fr>

  2. PART I

  3. Avatar² - Enhancing Binary Firmware Security Analysis with Dynamic Multi-Target Orchestration

  4. Avatar² - Enhancing Binary Firmware Security Analysis with Dynamic Multi-Target Orchestration

  5. Dynamic Binary Firmware Security Analysis?  Majority of nowadays vulnerabilities are “low -hanging fruits”  Often 3 rd party analysis  Lack of sophisticated tooling

  6. (Some) Challenges in Dynamic Binary Firmware Analysis  Intransparency  Performance & Scalability  Instrumentation capabilities

  7. Avatar² - Enhancing Binary Firmware Security Analysis with Dynamic Multi-Target Orchestration

  8. Avatar² - Enhancing Binary Firmware Security Analysis with Dynamic Multi-Target Orchestration

  9. Avatar 2  Developed by: - Marius Muench - Dario Nisi - Aurélien Francillon - Davide Balzarotti  Open source: - https://github.com/avatartwo/avatar2  Re-designed and re-implemented from scratch [1] [1] Zaddach, J., Bruno, L., Francillon, A., and Balzarotti, D .: “AVATAR : A Framework to Support Dynamic Security Analysis of Embedded Systems' Firmwares ”. NDSS 14

  10. The general picture

  11. Core Concepts  Target Orchestration  Separation of Execution and Memory  State Transfer and Synchronization

  12. Supported Targets * * Not yet available

  13. Avatar² - Example Script

  14. Phase #0: Preambel

  15. Phase #1: Target Definition

  16. Phase #2: Memory Layout Definition

  17. Phase #3: Orchestration!

  18. A note on peripherals  Main source of complication for emulation  Avatar 2 offers different strategies: - Full emulation - Partial emulation using peripheral forwarding - Partial emulation using python abstractions 21/12/2017 -

  19. PART II (WYCINWYC)

  20. WYCINWYC - Overview  Acronym for “What You Corrupt Is Not What You Crash” [2]  Joint Work with Siemens  Utilizes Avatar 2 to improve fuzz testing on embedded systems [2] Muench, M., Stijohann, J., Kargl, F., Francillon, A. and Balzarotti , D.: “What You Corrupt Is Not What You Crash: Challenges in Fuzzing Embedded Devices”. To appear at NDSS 2018

  21. WYCINWYC - Setup -

  22. WYCINWYC - Analysis Plugins [2] Muench, Marius et al. “What You Corrupt Is Not What You Crash: Challenges in Fuzzing Embedded Devices”. To appear at NDSS 2018 -

  23. WYCINWYC - Results S1: Native S3: Partial Emulation (Avatar Peripheral) S2: Partial Emulation (Peripheral Forwarding) S4: Full Emulation

  24. Related Tools  AVATAR ;)  Firmadyne Chen, D. D., Woo, M., Brumley, D., & Egele, M .: “Towards Automated Dynamic Analysis for Linux- based Embedded Firmware”. NDSS 2016  Luaqemu https://github.com/Comsecuris/luaqemu  PROSPECT Kammerstetter, M, Platzer, C., & Kastner, W.: “Prospect: peripheral proxying supported embedded code testing.” ASIA CCS 2014

  25. Conclusion  Appropriate tooling is important  … so are good emulators  Until then, avatar 2 might be helpful  We are just at the beginning…

  26. Questions? https://github.com/avatartwo/avatar2

Recommend

Contents 1. Binary firmware analysis 2. Tooling landscape 3. The avatar 2 framework 4. Examples

Contents 1. Binary firmware analysis 2. Tooling landscape 3. The avatar 2 framework 4. Examples

avatar 2 Marius Muench 34c3 - December 29, 2017 Contents 1. Binary firmware analysis 2. Tooling landscape 3. The avatar 2 framework 4. Examples 5. Conclusion 1 Binary Firmware Analysis Motivation Amount of embedded devices steadily

3.29k views • 51 slides
Component Firmware http://outflux.net/slides/2014/lss/firmware.pdf Linux Security Summit, Chicago

Component Firmware http://outflux.net/slides/2014/lss/firmware.pdf Linux Security Summit, Chicago

Component Firmware http://outflux.net/slides/2014/lss/firmware.pdf Linux Security Summit, Chicago 2014 Kees Cook &lt;keescook@chromium.org&gt; (pronounced Case) Overview Wait, which firmware? Threats Update methods

311 views • 20 slides
The Avatar project: Improving embedded security with SE, KLEE and Qemu

The Avatar project: Improving embedded security with SE, KLEE and Qemu

The Avatar project: Improving embedded security with SE, KLEE and Qemu http://www.s3.eurecom.fr/tools/avatar/ Luca Bruno &lt;lucab@debian.org&gt;, J. Zaddach, A. Francillon, D. Balzarotti About us Eurecom, a consortium of European

740 views • 29 slides
Embedded Devices Security Firmware Reverse Engineering Jonas Zaddach Andrei Costin August 11,

Embedded Devices Security Firmware Reverse Engineering Jonas Zaddach Andrei Costin August 11,

Embedded Devices Security Firmware Reverse Engineering Jonas Zaddach Andrei Costin August 11, 2013 Andrei Costin/Jonas Zaddach www.firmware.re 1/104 About Jonas Zaddach PhD. candidate on &quot;Development of novel binary analysis

1.25k views • 104 slides
BECOMING AN AVATAR OF THE GODDESS: DIVINE FEMININE EMPOWERMENT OF NON- BINARY GENDER IDENTITY

BECOMING AN AVATAR OF THE GODDESS: DIVINE FEMININE EMPOWERMENT OF NON- BINARY GENDER IDENTITY

BECOMING AN AVATAR OF THE GODDESS: DIVINE FEMININE EMPOWERMENT OF NON- BINARY GENDER IDENTITY UUC Service, June 18th 2017 By Athne Machdane ATHNE MACHDANE Fire Maiden Pangender Priestess of the Goddess When you adorn yourselves in My robes I

298 views • 17 slides
AVATAR: A Framework for Dynamic Security Analysis of Embedded Systems Firmwares Jonas Zaddach

AVATAR: A Framework for Dynamic Security Analysis of Embedded Systems Firmwares Jonas Zaddach

AVATAR: A Framework for Dynamic Security Analysis of Embedded Systems Firmwares Jonas Zaddach (zaddach@eurecom.fr) Luca Bruno, Aurlien Francillon, Davide Balzarotti Outline Introduction AVATAR overview Framework components

1.09k views • 44 slides
Secure Firmware Updates in the IoT COMPETENCE CENTRE FOR IT-SECURITY, MASTER STUDIES IT-SECURITY

Secure Firmware Updates in the IoT COMPETENCE CENTRE FOR IT-SECURITY, MASTER STUDIES IT-SECURITY

Secure Firmware Updates in the IoT COMPETENCE CENTRE FOR IT-SECURITY, MASTER STUDIES IT-SECURITY Silvie Schmidt Competence Centre for IT- Security at FH Campus Wien Project ELVIS Embedded Lab Vienna for IoT &amp; Security Agenda

811 views • 37 slides
Senior school home page SEM and EM photographs of various microbes and all pack artwork available

Senior school home page SEM and EM photographs of various microbes and all pack artwork available

Students could create their own avatar to guide them through the various sections of Create your own the website, this avatar could potentially remind them of areas they have yet to visit, avatar give them updates on how they can earn more

440 views • 3 slides
Enhancing Control Flow Graph Based Binary Function Identification Clemens Jonischkeit Chair for

Enhancing Control Flow Graph Based Binary Function Identification Clemens Jonischkeit Chair for

Enhancing Control Flow Graph Based Binary Function Identification Clemens Jonischkeit Chair for IT Security 23. November 2017 C. Jonischkeit 1 / 13 Motivation Technische Universitt Mnchen I just wasted 3 hours of my life. . . . .

539 views • 29 slides
IDOLS WITH FEET OF CLAY: ON THE SECURITY OF BOOTLOADERS AND FIRMWARE UPDATERS FOR THE IOT Lionel

IDOLS WITH FEET OF CLAY: ON THE SECURITY OF BOOTLOADERS AND FIRMWARE UPDATERS FOR THE IOT Lionel

IDOLS WITH FEET OF CLAY: ON THE SECURITY OF BOOTLOADERS AND FIRMWARE UPDATERS FOR THE IOT Lionel Morel | CEA / LIST / DACLE Damien Courouss | CEA / LIST / DACLE NEWCAS Mnchen, Germany 2019 -06-24 BFUs BOOTLOADERS AND FIRMWARE

299 views • 10 slides
Why open source firmware is important Jessie Frazelle - @jessfraz Points of View 1. Security

Why open source firmware is important Jessie Frazelle - @jessfraz Points of View 1. Security

Why open source firmware is important Jessie Frazelle - @jessfraz Points of View 1. Security 2. Usability 3. Visibility First Point of View: Security... Software Software Operating System Kernel Firmware Hardware Software Software

783 views • 62 slides
Effective Validation of Firmware Enabling firmware development and validation to keep pace with

Effective Validation of Firmware Enabling firmware development and validation to keep pace with

Effective Validation of Firmware Enabling firmware development and validation to keep pace with hardware innovations. Tom Melham University of Oxford Problem Firmware today facing greater complexity and shorter schedules coded at low

478 views • 14 slides
Playing with AVATAR How to play with AVATAR Giles Reger, Martin Suda and Andrei Voronkov School

Playing with AVATAR How to play with AVATAR Giles Reger, Martin Suda and Andrei Voronkov School

Playing with AVATAR How to play with AVATAR Giles Reger, Martin Suda and Andrei Voronkov School of Computer Science, University of Manchester The 1st Vampire Workshop Reger,G How to play with AVATAR 1 / 26 Overview Introduction 1

1.1k views • 43 slides
OsmocomBB Free Software GSM baseband firmware for security analysis Harald Welte gnumonks.org

OsmocomBB Free Software GSM baseband firmware for security analysis Harald Welte gnumonks.org

GSM/3G Network Security Introduction Security Problems and the Baseband OsmocomBB Project Summary OsmocomBB Free Software GSM baseband firmware for security analysis Harald Welte gnumonks.org gpl-violations.org OpenBSC airprobe.org

830 views • 37 slides
Breaking Through Another Side Bypassing Firmware Security Boundaries from Embedded Controller

Breaking Through Another Side Bypassing Firmware Security Boundaries from Embedded Controller

Breaking Through Another Side Bypassing Firmware Security Boundaries from Embedded Controller Alex Matrosov Alexandre Gazet Actually 5 months of passionate reverse-engineering nights Disclaimer All the details given about BIOS Guard

968 views • 77 slides
Project Avatar Dr Geraldine Paterson 1 Avatar Funded by Network Innovation Allowance October

Project Avatar Dr Geraldine Paterson 1 Avatar Funded by Network Innovation Allowance October

Project Avatar Dr Geraldine Paterson 1 Avatar Funded by Network Innovation Allowance October 2016 December 2019 Colleague Exploratory Analysis, Concept Publish final Literature Research engagement research refinements Go live

650 views • 9 slides
Embedded Devices Security Firmware Reverse Engineering Jonas Zaddach Andrei Costin Andrei

Embedded Devices Security Firmware Reverse Engineering Jonas Zaddach Andrei Costin Andrei

Embedded Devices Security Firmware Reverse Engineering Jonas Zaddach Andrei Costin Andrei Costin/Jonas Zaddach www.firmware.re 1/78 Administratrivia Please fill-in the BH13US Feedback Form - Thanks! The views of the authors are their

1.19k views • 78 slides
Avatar 2 : A Multi-target Orchestration Platform Marius Muench, Dario Nisi, Aur elien

Avatar 2 : A Multi-target Orchestration Platform Marius Muench, Dario Nisi, Aur elien

Avatar 2 : A Multi-target Orchestration Platform Marius Muench, Dario Nisi, Aur elien Francillon &amp; Davide Balzarotti Workshop on Binary Analysis Research 2018 Introduction Dynamic B inaryA nalysis 1 Motivation Having a huge

2.94k views • 33 slides
CSCE 790 Computer Systems Security Firmware Security Professor Qiang Zeng Spring 2020

CSCE 790 Computer Systems Security Firmware Security Professor Qiang Zeng Spring 2020

CSCE 790 Computer Systems Security Firmware Security Professor Qiang Zeng Spring 2020 Previous Class Virus vs. Worm vs. Trojan Drive-by download Botnet Rootkit CSCE 790 Computer Systems Security 2 Trojan vs. Virus

302 views • 16 slides
Netscreen of the Dead Developing a Trojaned Firmware for Juniper Netscreen Appliances Cast

Netscreen of the Dead Developing a Trojaned Firmware for Juniper Netscreen Appliances Cast

Netscreen of the Dead Developing a Trojaned Firmware for Juniper Netscreen Appliances Cast Graeme Neilson Security Consultant Aura Software Security graeme@aurasoftwaresecurity.co.nz Trailer What if a core network security device was

774 views • 29 slides
IVA Interactive Video Avatar (Toolkit for an interactive video for creating Avatar, simulator

IVA Interactive Video Avatar (Toolkit for an interactive video for creating Avatar, simulator

IBM - CVUT Student Research Projects IVA Interactive Video Avatar (Toolkit for an interactive video for creating Avatar, simulator etc.) Frantiek Kafka (kafkaf1@fel.cvut.cz) Lud k Krejzar (krejzl1@fel.cvut.cz) The aim of project the

732 views • 6 slides
Front-end Firmware Transition and Documentation Status/Plans/Proposals Kurtis Nishimura

Front-end Firmware Transition and Documentation Status/Plans/Proposals Kurtis Nishimura

Front-end Firmware Transition and Documentation Status/Plans/Proposals Kurtis Nishimura University of Hawaii December 14, 2012 US Firmware Meeting 1 v2 Firmware Version 2 firmware is largely done: New interface to the DAQ

273 views • 5 slides
Building A Better Airline What Makes Avatar Different ? Building A Better Airline

Building A Better Airline What Makes Avatar Different ? Building A Better Airline

Building A Better Airline What Makes Avatar Different ? Building A Better Airline Contribute to Lower Fares Passenger Revenue Branding Food &amp; Beverage Avatar Vacations In-flight Entertainment TIcket

375 views • 35 slides
DUNE DAQ Firmware David Cussans Firmware Meeting 16/Jan/20 You Inst Logo You Inst Logo Goal

DUNE DAQ Firmware David Cussans Firmware Meeting 16/Jan/20 You Inst Logo You Inst Logo Goal

DUNE DAQ Firmware David Cussans Firmware Meeting 16/Jan/20 You Inst Logo You Inst Logo Goal Demonstrate upstream DAQ functions in firmware before design review - Have implementation ready before May 2020 10-second buffer Hit

466 views • 13 slides

More recommend