HEAPSTER: Analyzing the Security of Dynamic Allocators for Monolithic Firmware Images

Gritti, Fabio; Pagani, Fabio; Grishchenko, Ilya; Dresel, Lukas; Redini, Nilo; Kruegel, Christopher; Vigna, Giovanni

doi:10.1109/sp46214.2022.9833610

Cited by 8 publications

(3 citation statements)

References 25 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Since this framework is a modularization of existing tools, it cannot be applied to drone firmware for which there is no publicly available tool. In addition, a firmware analysis tool called HEAPSTER, published by Fabio Gritti and others in IEEE S&P in 2022, has the ability to automatically identify the heap area of the firmware and detect heap vulnerabilities using it [17].…”

Section: Iot Firmware Vulnerability Analysismentioning

confidence: 99%

Difficulties in Analyzing the Arguments of Educational University Students and how to overcome them

Kim¹

2021

Korea Association Yeolin Edu

View full text Add to dashboard Cite

With the advancement of Internet of Things (IoT) technology, its applications span various sectors such as public, industrial, private and military. In particular, the drone sector has gained significant attention for both commercial and military purposes. As a result, there has been a surge in research focused on vulnerability analysis of drones. However, most security research to mitigate threats to IoT devices has focused primarily on networks, firmware and mobile applications. Of these, the use of fuzzing to analyse the security of firmware requires emulation of the firmware. However, when it comes to drone firmware, the industry lacks emulation and automated fuzzing tools. This is largely due to challenges such as limited input interfaces, firmware encryption and signatures. While it may be tempting to assume that existing emulators and automated analysers for IoT devices can be applied to drones, practical applications have proven otherwise.In this paper, we discuss the challenges of dynamically analysing drone firmware and propose potential solutions. In addition, we demonstrate the effectiveness of our methodology by applying it to DJI drones, which have the largest market share. CCS CONCEPTS• Security and privacy → Embedded systems security;• Computer systems organization → Firmware.

show abstract

Section: Iot Firmware Vulnerability Analysismentioning

confidence: 99%

Difficulties in Analyzing the Arguments of Educational University Students and how to overcome them

Kim¹

2021

Korea Association Yeolin Edu

View full text Add to dashboard Cite

show abstract

“…However, these interactions come at the cost of increased complexity and a much wider attack surface. Zhou et al [63] estimate that between April 2018 and April 2022, DeFi protocols suffered from attacks that resulted in the loss of more than 3 billion dollars, making smart contract vulnerability hunting a hot topic in both industry and academia [8], [9], [15], [30], [35], [36], [38], [40], [43], [47], [50].…”

Section: Introductionmentioning

confidence: 99%

Not your Type! Detecting Storage Collision Vulnerabilities in Ethereum Smart Contracts

Ruaro,

Gritti,

McLaughlin

et al. 2024

Proceedings 2024 Network and Distributed System Security Symposium

View full text Add to dashboard Cite

In recent years, the Ethereum blockchain has seen significant growth and adoption. One of the key factors of its success is the possibility to run immutable programs known as smart contracts. Smart contracts allow for the automatic manipulation of digital assets and play a central role in the new decentralized finance (DeFi) ecosystem. With the growth of DeFi, the interactions between smart contracts have become increasingly complex, enabling advanced financial protocols and applications. However, bugs in smart contract interactions are also a common cause of critical vulnerabilities that result in considerable financial losses.In this paper, we study and detect a type of cross-contract vulnerability known as a storage collision. A smart contract uses storage to persistently store its data on the blockchain. Typically, each contract has its own separate storage. However, it is also possible that two smart contracts share their storage (using a delegate call). Unfortunately, when these two contracts have different understandings of the types/semantics of their shared storage, a storage collision vulnerability can occur. This may lead to unexpected behavior such as denial of service (frozen funds), privilege escalation, and theft of financial assets.To detect and investigate the impact of storage collision vulnerabilities at scale, we propose CRUSH, a novel analysis system that discovers these flaws and synthesizes proof-of-concept exploits. We leverage CRUSH to perform a large-scale analysis of 14,237,696 smart contracts deployed on the Ethereum blockchain since its genesis. CRUSH identifies 14,891 potentially vulnerable contracts and automatically synthesizes an end-to-end exploit for 956 of them. Our system uncovers more than $6 million of novel, previously unreported potential financial damage caused by storage collision vulnerabilities.

show abstract

“…The secure operation of these systems therefore heavily relies on the security of firmware running on the MCU-based devices. In recent years, we have witnessed a significant number of vulnerability exposures that target MCU-based systems [45], [53], [46], [22], [36], [37], [71], resulting in widespread real-world exploitation [30], [40], [48], [84]. This highlights the critical need to develop effective and efficient firmware testing tools.…”

Section: Introductionmentioning

confidence: 99%

Facilitating Non-Intrusive In-Vivo Firmware Testing with Stateless Instrumentation

Shi,

Li,

Wang

et al. 2024

Proceedings 2024 Network and Distributed System Security Symposium

View full text Add to dashboard Cite

Although numerous dynamic testing techniques have been developed, they can hardly be directly applied to firmware of deeply embedded (e.g., microcontroller-based) devices due to the tremendously different runtime environment and restricted resources on these devices. This work tackles these challenges by leveraging the unique position of microcontroller devices during firmware development. That is, firmware developers have to rely on a powerful engineering workstation that connects to the target device to program and debug code. Therefore, we develop a decoupled firmware testing framework named IPEA, which shifts the overhead of resource-intensive analysis tasks from the microcontroller to the workstation. Only lightweight "needle probes" are left in the firmware to collect internal execution information without processing it. We also instantiated this framework with a sanitizer based on pointer capability (IPEA-San) and a greybox fuzzer (IPEA-Fuzz). By comparing IPEA-San with a port of AddressSanitizer for microcontrollers, we show that IPEA-San reduces memory overhead by 62.75% in real-world firmware with better detection accuracy. Combining IPEA-Fuzz with IPEA-San, we found 7 zero-day bugs in popular IoT libraries (3) and peripheral driver code (4).

show abstract

HEAPSTER: Analyzing the Security of Dynamic Allocators for Monolithic Firmware Images

Cited by 8 publications

References 25 publications

Difficulties in Analyzing the Arguments of Educational University Students and how to overcome them

Difficulties in Analyzing the Arguments of Educational University Students and how to overcome them

Not your Type! Detecting Storage Collision Vulnerabilities in Ethereum Smart Contracts

Facilitating Non-Intrusive In-Vivo Firmware Testing with Stateless Instrumentation

Contact Info

Product

Resources

About