Daming D. Chen scite author profile

Abstract-Commercial-off-the-shelf (COTS) network-enabled embedded devices are usually controlled by vendor firmware to perform integral functions in our daily lives. For example, wireless home routers are often the first and only line of defense that separates a home user's personal computing and information devices from the Internet. Such a vital and privileged position in the user's network requires that these devices operate securely. Unfortunately, recent research and anecdotal evidence suggest that such security assumptions are not at all upheld by the devices deployed around the world.A first step to assess the security of such embedded device firmware is the accurate identification of vulnerabilities. However, the market offers a large variety of these embedded devices, which severely impacts the scalability of existing approaches in this area. In this paper, we present FIRMADYNE, the first automated dynamic analysis system that specifically targets Linuxbased firmware on network-connected COTS devices in a scalable manner. We identify a series of challenges inherent to the dynamic analysis of COTS firmware, and discuss how our design decisions address them. At its core, FIRMADYNE relies on software-based full system emulation with an instrumented kernel to achieve the scalability necessary to analyze thousands of firmware binaries automatically.We evaluate FIRMADYNE on a real-world dataset of 23,035 firmware images across 42 device vendors gathered by our system. Using a sample of 74 exploits on the 9,486 firmware images that our system can successfully extract, we discover that 887 firmware images spanning at least 89 distinct products are vulnerable to one or more of the sampled exploit(s). This includes 14 previouslyunknown vulnerabilities that were discovered with the aid of our framework, which affect 69 firmware images spanning at least 12 distinct products. Furthermore, our results show that 11 of our tested attacks affect firmware images from more than one vendor, suggesting that code-sharing and common upstream manufacturers (OEMs) are quite prevalent.

show abstract

MSLED: The Micro Subglacial Lake Exploration Device

Behar

Chen

et al. 2015

uw tech: int j soc uw tech

View full text Add to dashboard Cite

Satellite altimetry and ice-penetrating radar have shown the existence of active subglacial lakes in Antarctica which may have a significant impact on the Southern Ocean and the dynamics of the overlying ice sheet. Understanding how subglacial floods affect ice dynamics is imperative to predicting the effect of ice sheets on rising sea levels, but it is not clearly understood. Furthermore, these encapsulated lakes contain uncharacterised biological ecosystems and serve as analogue environments for future extraterrestrial exploration. To investigate these subglacial environments, the authors developed the Micro Subglacial Lake Exploration Device (MSLED), a unique highly-miniaturised remotely operated vehicle. Equipped with a high-resolution imaging system, as well as conductivity, temperature and depth sensors for in situ measurements, the MSLED is capable of determining geological, hydrological and biological characteristics of subglacial lakes. It was successfully deployed in Antarctica during the 2011-2012 and 2012-2013 Antarctic summer seasons in collaboration with the Whillans Ice Stream Subglacial Access Research Drilling (WISSARD) expedition to Subglacial Lake Whillans (SLW), contributing to the discovery of microbial ecosystems within these environments. The present paper outlines the scientific background behind the mission, the design and implementation of the MSLED, as well as the results of tests and initial deployments in Antarctica.

show abstract

TardisTM

Chen

Gibbons

Mowry

2020

View full text Add to dashboard Cite

HerQules: securing programs via hardware-enforced message queues

Chen

Lim

Bakhshalipour

et al. 2021

View full text Add to dashboard Cite

Demo

Fernando

Mulay

Cartwright

et al. 2011

View full text Add to dashboard Cite

scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.

Contact Info

customersupport@researchsolutions.com

10624 S. Eastern Ave., Ste. A-614

Henderson, NV 89052, USA

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Blog Terms and Conditions API Terms Privacy Policy Contact Cookie Preferences Do Not Sell or Share My Personal Information

Made with 💙 for researchers

Part of the Research Solutions Family.

Daming D. Chen

Towards Automated Dynamic Analysis for Linux-based Embedded Firmware

MSLED: The Micro Subglacial Lake Exploration Device

TardisTM

HerQules: securing programs via hardware-enforced message queues

Demo

Contact Info

Product

Resources

About