Alexander Balgavy (Independent), Marius Muench (University of Birmingham)

Embedded devices are a pervasive and at times invisible part of our lives. Due to this pervasiveness, security vulnerabilities may have severe consequences, particularly because many embedded devices are deployed in sensitive applications, such as the industrial, automotive, and medical sectors. Linux-based firmware has already been the subject of extensive research; however, a considerable part of embedded devices do not run Linux. Since current literature mostly focuses on Linux-based firmware, the ecosystem of non-Linux firmware is not well-known.

Therefore, in this paper, we aim to fill this gap in research with FIRMLINE, a pipeline suitable for a large-scale study of nonLinux-based firmware. Using this pipeline, we analyze 21,755 samples, obtained from previous studies and new sources. As part of a security assessment, we also investigate the presence of operating systems and memory protections for a subset of 756 non-Linux ARM samples and find that the majority do not make use of either. Our work will allow for further research of non-Linux firmware, such as refining generic analysis techniques or investigating the OS and deployed security facilities of such firmware in more detail.

View More Papers

Separation is Good: A Faster Order-Fairness Byzantine Consensus

Ke Mu (Southern University of Science and Technology, China), Bo Yin (Changsha University of Science and Technology, China), Alia Asheralieva (Loughborough University, UK), Xuetao Wei (Southern University of Science and Technology, China & Guangdong Provincial Key Laboratory of Brain-inspired Intelligent Computation, SUSTech, China)

Read More

It Doesn’t Have to Be So Hard: Efficient Symbolic...

Vaibhav Sharma (University of Minnesota), Navid Emamdoost (University of Minnesota), Seonmo Kim (University of Minnesota), Stephen McCamant (University of Minnesota)

Read More

Towards Integrating Human-Centered Cybersecurity Research Into Practice: A Practitioner...

Julie Haney, Clyburn Cunningham, Susanne Furman (National Institute of Standards and Technology)

Read More

Wait, What Does a SOC Do?

Joe Nehila, Drew Walsh (Deloitte And Touche)

Read More