The Evolution of Firmware Fuzzing

Tuesday, November 12, 2019, 2:00 pm - 3:00 pm PDTiCal
Conference Room 1135 - ISI Marina Del Rey
This event is open to the public.
ISI Cybersecurity Seminar Talk
Mohsen Ahmadi, Arizona State University
Video Recording:


Talk Abstract:

Binary analysis is imperative for protecting COTS (common off-the-shelf) programs and analyzing and defending against the myriad of malicious code, where source code is unavailable, and the binary may even be obfuscated. Also, binary analysis provides the ground truth about program behavior since computers execute binaries (executables), not source code. However, binary analysis is challenging due to the lack of higher-level semantics. Many higher level techniques are often inadequate for analyzing even benign binaries, let alone potentially malicious binaries. Thus, we need to develop tools and techniques which work at the binary level, can be used for analyzing COTS software, as well as malicious binaries.

One of the most challenging problems in the binary analysis is firmware analysis because of the given inter-dependencies between modules and pipelines inside the device, in most cases, it's almost impossible to take the binary out of its environment and perform fuzzing on the binary individually. So, dynamic testing or fuzzing of embedded firmware is severely limited by the hardware-dependence and poor scalability, partly contributing to the widespread vulnerable IoT devices. Over the years, researchers found ways around this shortcoming by either emulating the I/O communication of peripherals to perform off-device fuzzing or using some tricks to perform on-the-device fuzzing.

In this talk, I'll cover the state-of-the-art for the firmware fuzzing by going through the history and the evolution of techniques that have been proposed so far and then I'll go through another idea to perform fuzzing of IoT devices in large scale.

Speaker Bio:

Mohsen Ahmadi is an MS CS student at Arizona State University (ASU). His current research is focused on developing a coverage-based guided fuzzer for the android system to find exploitable system service vulnerabilities in IPC binder transactions. His previous research was on the application of covering lattice arrays to find the optimum set of configurations for large-scale, low-cost malware analysis, which will be presented in the preceding IEEE Security and Privacy (S&P'20). 

He is one of the members of the Shellphish CTF team and played DEFCON 26 under this team. He has been playing CTF since 2013 and solely focused on web exploitation and binary reverse engineering. He is a big open-source software fanatic and has contributed to the organizations such as Cuckoo, angr, and projects like QIRA (QEMU Interactive Runtime Analysis), USBFuzz.

ISI Host:

Dr. Christophe Hauser, Cybersecurity & Networking Division - Binary Program Analysis, Vulnerability Discovery & Reverse Engineering

« Return to Upcoming Events