ProXray: Protocol Model Learning and Guided Firmware AnalysisJ1
The number of Internet of Things (IoT) devices has reached 7 billion globally in early 2018 and are nearly ubiquitous in daily life. IoT devices usually implement communication protocols such as USB and Bluetooth within firmware to allow a wide range of functionality. Thus analyzing firmware using domain knowledge from these protocols is vital to understand device behavior, detect implementation bugs, and identify malicious components. Unfortunately, due to the complexity of these protocols, there is usually no formal specification available that can help automate the firmware analysis; as a result, significant manual effort is currently required to study these protocols and to reverse engineer the device firmware. In this paper, we propose a new firmware analysis methodology using symbolic execution called ProXray, which can learn a protocol model from known firmware, and apply the model to recognize the protocol relevant fields and detect functionality within unknown firmware automatically. After the training phase, ProXray can fully automate the firmware analysis process while supporting user’s queries in the form of protocol relevant constraints. We have applied ProXray to the USB and the Bluetooth protocols by learning protocol constraint models from firmware that implement these protocols. We are then able to map protocol fields and identify USB functionality automatically while achieving more than an order of magnitude speedup in reaching the Bluetooth protocol relevant targets in our testing set of unknown firmware. Our model achieved high coverage of the USB and Bluetooth specifications for several important protocol fields.
ProXray provides a new method to apply domain knowledge to firmware analysis automatically.
Fri 10 JulDisplayed time zone: (UTC) Coordinated Universal Time change
16:05 - 17:05 | A24-Testing and Debugging 4Technical Papers / New Ideas and Emerging Results / Journal First / Demonstrations at Silla Chair(s): Yijun Yu The Open University, UK | ||
16:05 6mTalk | Manifold for Machine Learning AssuranceNIER New Ideas and Emerging Results | ||
16:11 12mTalk | On Learning Meaningful Assert Statements for Unit Test CasesTechnical Technical Papers Cody Watson Washington and Lee University, Michele Tufano Microsoft, Kevin Moran William & Mary/George Mason University, Gabriele Bavota Università della Svizzera italiana, Denys Poshyvanyk William and Mary Pre-print Media Attached | ||
16:23 12mTalk | TRADER: Trace Divergence Analysis and Embedding Regulation for Debugging Recurrent Neural Networks Technical Papers Guanhong Tao Purdue University, Shiqing Ma Rutgers University, Yingqi Liu Purdue University, USA, Qiuling Xu Purdue University, Xiangyu Zhang Purdue University Pre-print | ||
16:35 3mTalk | DeepMutation: A Neural Mutation ToolDemo Demonstrations Michele Tufano Microsoft, Jason Kimko William & Mary, Shiya Wang William & Mary, Cody Watson Washington and Lee University, Gabriele Bavota Università della Svizzera italiana, Massimiliano Di Penta University of Sannio, Denys Poshyvanyk William and Mary Pre-print | ||
16:38 8mTalk | Specification Patterns for Robotic MissionsJ1 Journal First Claudio Menghi University of Luxembourg, Christos Tsigkanos TU Vienna, Patrizio Pelliccione University of L'Aquila and Chalmers | University of Gothenburg, Carlo Ghezzi Politecnico di Milano, Thorsten Berger Chalmers | University of Gothenburg | ||
16:46 8mTalk | ProXray: Protocol Model Learning and Guided Firmware AnalysisJ1 Journal First Farhaan Fowze University of Florida, Dave (Jing) Tian Purdue University, Grant Hernandez University of Florida, Kevin Butler Univ. Florida, Tuba Yavuz University of Florida | ||
16:54 6mTalk | Visual Sketching: From Image Sketches to CodeNIER New Ideas and Emerging Results Marcelo d'Amorim Federal University of Pernambuco, Rui Abreu Instituto Superior Técnico, U. Lisboa & INESC-ID, Carlos Mello Federal University of Pernambuco Pre-print Media Attached | ||