Wenqiang Li (State Key Laboratory of Information Security, Institute of Information Engineering, Chinese Academy of Sciences; Department of Computer Science, the University of Georgia, USA; School of Cyber Security, University of Chinese Academy of Sciences; Department of Electrical Engineering and Computer Science, the University of Kansas, USA), Le Guan (Department of Computer Science, the University…

Finding bugs in microcontroller (MCU) firmware is challenging, even for device manufacturers who own the source code. The MCU runs different instruction sets than x86 and exposes a very different development environment. This invalidates many existing sophisticated software testing tools on x86. To maintain a unified developing and testing environment, a straightforward way is to re-compile the source code into the native executable for a commodity machine (called rehosting). However, ad-hoc re-hosting is a daunting and tedious task and subject to many issues (library-dependence, kernel-dependence and hardware-dependence). In this work, we systematically explore the portability problem of MCU software and propose para-rehosting to ease the porting process. Specifically, we abstract and implement a portable MCU (PMCU) using the POSIX interface. It models common functions of the MCU cores. For peripheral specific logic, we propose HAL-based peripheral function replacement, in which high-level hardware functions are replaced with an equivalent backend driver on the host. These backend drivers are invoked by well-designed para-APIs and can be reused across many MCU OSs. We categorize common HAL functions into four types and implement templates for quick backend development. Using the proposed approach, we have successfully rehosted nine MCU OSs including the widely deployed Amazon FreeRTOS, ARM Mbed OS, Zephyr and LiteOS. To demonstrate the superiority of our approach in terms of security testing, we used off-the-shelf dynamic analysis tools (AFL and ASAN) against the rehosted programs and discovered 28 previously-unknown bugs, among which 5 were confirmed by CVE and the other 19 were confirmed by vendors at the time of writing.

View More Papers

Oblivious DNS over HTTPS (ODoH): A Practical Privacy Enhancement...

Sudheesh Singanamalla*†, Suphanat Chunhapanya*, Jonathan Hoyland*, Marek Vavruša*, Tanya Verma*, Peter Wu*, Marwan Fayed*, Kurtis Heimerl†, Nick Sullivan*, Christopher Wood* (*Cloudflare Inc. †University of Washington)

Read More

Demo #8: Security of Camera-based Perception for Autonomous Driving...

Christopher DiPalma, Ningfei Wang, Takami Sato, and Qi Alfred Chen (UC Irvine)

Read More

Safer Illinois and RokWall: Privacy Preserving University Health Apps...

Vikram Sharma Mailthody, James Wei, Nicholas Chen, Mohammad Behnia, Ruihao Yao, Qihao Wang, Vedant Agarwal, Churan He, Lijian Wang, Leihao Chen, Amit Agarwal, Edward Richter, Wen-mei Hwu, and Christopher Fletcher (University of Illinois at Urbana-Champaign); Jinjun Xiong (IBM); Andrew Miller and Sanjay Patel (University of Illinois at Urbana-Champaign)

Read More

Processing Dangerous Paths – On Security and Privacy of...

Jens Müller (Ruhr University Bochum), Dominik Noss (Ruhr University Bochum), Christian Mainka (Ruhr University Bochum), Vladislav Mladenov (Ruhr University Bochum), Jörg Schwenk (Ruhr University Bochum)

Read More