1. »
  2. Lehrstuhl für Systemsicherheit
  3. »
  4. Lehre
  5. »
  6. Abschlussarbeiten
  7. »
  8. Fuzzing, Emulating, and Analyzing Embedded Systems Firmware

Fuzzing, Emulating, and Analyzing Embedded Systems Firmware

Research Overview

In my research, I mostly deal with embedded systems firmware.

My main research revolves around the following question: How can we analyze the security of a firmware image, independent from the hardware environment which it normally runs in?

We open-sourced Fuzzware – our generic firmware fuzzing emulator – here: Fuzzware.

Thesis Topic Overview

First, it is worth mentioning that in case you have an idea about a thesis topic which falls into my research area, then feel free to reach out so we can brainstorm about your idea.

General Thesis Topic Categories
  • Fuzzing: Making firmware fuzzing more effective / efficient
  • Emulation: Allowing emulators to run more diverse firmware (architectures, functionality types), allowing firmware to be run faster, or with less manual configuration effort
  • Code Analysis Techniques: Using code analysis techniques to gather information about firmware images to improve firmware emulation efficiency / applicability
  • Specialized Security Analysis: Analyzing the security of a specific firmware-related target
 
Currently Available Thesis Topics
  • Master’s Thesis: Refining Peripheral Modeling Approaches For Embedded Device Firmware
  • Bachelor’s / Master’s Thesis: Large-Scale Firmware Fuzzing
 

Master's Thesis: Refining Peripheral Modeling Approaches For Embedded Device Firmware

Firmware images which power connected embedded devices such as smart light bulbs, programmable logic controllers (PLCs), engine control units (ECUs) power much of our modern computing infrastructure. While these are highly connected and an attractive target for attackers, it is difficult to analyze them: They run on systems which are hard to access physically, that may include custom peripherals, and generally lack computation power which is available on general-purpose systems.

To analyze these targets, an active research area is finding ways of running firmware targets in an emulator, even if not all details about the hardware components are known. Current approaches use program analysis techniques to figure out from firmware behavior what hardware behavior is expected to look like. This behavior is then applied in an emulator to fuzz test the firmware in an emulated environment.

While existing approaches already provide a basic level of hardware behavior, current approaches are not able to figure out any more subtle hardware behavior.

In this thesis, you will tackle the some of the remaining challenges of hardware behavior modeling, and look for new ways to analyze firmware behavior to successfully model some of the previously unsupported behavior types. You will then be able to test your new techniques within our research prototype, Fuzzware, and automatically fuzz test firmware targets which previously required manual configuration.

Requirements

  • Ability to program in Python and some C
  • Comfortability with binary code / reverse engineering
  • Previous experience with or in interest in learning about embedded systems firmware
  • Previous experience with or in interest in learning about emulation and program analysis techniques such as symbolic execution

Bachelor's / Master's Thesis: Large-Scale Firmware Fuzzing

Firmware images which power connected embedded devices such as smart light bulbs, programmable logic controllers (PLCs), engine control units (ECUs) power much of our modern computing infrastructure. While these are highly connected and an attractive target for attackers, it is difficult to analyze them: They run on systems which are hard to access physically, that may include custom peripherals, and generally lack computation power which is available on general-purpose systems.

 

To analyze these targets, an active research area is finding ways of running firmware targets in an emulator, even if not all details about the hardware components are known. Current approaches use program analysis techniques to figure out from firmware behavior what hardware behavior is expected to look like. This behavior is then applied in an emulator to fuzz test the firmware in an emulated environment.

 

The systems described previously have typically been evaluated on a somewhat limited set of firmware images that represents only a small fraction of the challenges which an embedded firmware image may pose for its emulation and fuzzing environment.

 

In this thesis, you will prepare a diverse set of firmware images to benchmark firmware fuzz testing systems. You will look for ways of automating this process, to build and/or obtain them. You will also look for ways of automatically configuring the new firmware targets for fuzzing in our fuzzing environment, and devise ways of automatically validating their configuration within the same environment. You will evaluate the target set by analyzing which obstacles different types of firmware functionality poses for current firmware fuzzing systems, and derive future work that is required to overcome these obstacles.

Requirements

  • Comfortability with native build systems
  • Previous experience with or in interest in learning about embedded systems firmware
  • Previous experience with or in interest in learning about fuzz testing