Large-Scale Embedded Firmware Analysis via Automated Firmware Re-Hosting

Global

Supervision: Ali Abbasi

Start date: as soon as possible

Duration: 6 Month

More details:

Description

From critical infrastructure to consumer electronics, embedded systems are all around us and underpin the technological fabric of everyday life. Just like any computer, these devices contain vulnerabilities that can be exploited by attackers.

In this thesis, you are going to utilise SYSSEC internally developed fuzzer for embedded systems at scale. For achieving scalability, as part of your thesis, you are going to gather and run hundreds of different embedded firmwares in different categories or families and run it within our framework.

Once, successfully run the firmware, you are going to triage the triggered crashes for further analysis.

Requirements

The student is expected to have a background on vulnerability analysis, triaging, or at least passed the Schwachstellenanalyse and Programmanalyze at the Chair of System Security. The student is expected to be comfortable in reading ARM assembly code as well as programming in a language suited for the task (e. g., C/C++, Python). Knowledge of AFL and IDA Pro is a plus.