Almost every new program code has bugs that, in the worst case, have the potential to compromise security. To detect them quickly and efficiently, researchers from the Horst Görtz Institute for IT Security at Ruhr University Bochum, Germany, have developed a new system called Fuzzware.
It specializes in the analysis of embedded systems i.e. mini computers that can be found in smart light bulbs, smart thermostats and industrial control systems, etc. Father in lawscientific journal of the Ruhr University, published an article about their work.
Dr. Bochum student Tobias Scharnowski, under the supervision of Professor Thorsten Holz, presented the results at the 31st Usenix Security Symposium in the United States in August 2022. He conducted the research. study in collaboration with colleagues from the University of California Santa Barbara and Vrije University Amsterdam.
Deliberately corrupting the software
The team uses so-called fuzzing to detect errors in the program code. Fuzzers are algorithms that feed the tested software with random inputs and check if they can crash the application with them. Such an incident indicates a programming error. Fuzzer keeps changing the input to gradually explore as many program elements as possible.
Fuzzing has been established for several application areas, for example to test operating systems such as Windows or Linux. However, it is still not widely used for testing embedded systems because they pose a number of challenges: software—called firmware—is embedded in part of the software. Hardware with which it interacts. Usually systems have relatively little memory and slow processors. This is a problem if the researchers want to perform fuzzing directly on the system. It will take too long to try all possible inputs and wait for the system response.
This is why the team did not analyze the firmware directly in the industrial controller or in the light bulb. Instead, they recreate the virtual hardware—a process called emulation. The emulator makes the firmware believe it is in the real device. For this, it must interact with the program in exactly the same way as real hardware.
To speed up the process, the researchers add one more step to the blurring process by narrowing down the possible inputs. First, they modeled the frame where the inputs had to be positioned to make sense for the firmware. For example, if the hardware is a refrigerator with temperature sensor, the refrigerator hardware can report the measured temperature to the refrigerator’s software, i.e. its firmware. In fact, it is not possible for any given temperature to occur, it has to be within a certain range. Therefore, the firmware programmed only for a certain temperature range. It can’t handle other values at all, so there’s no need to blur them.
Limited inputs facilitate efficient analysis
Together with colleagues from Santa Barbara and Amsterdam, the Bochum team tested 77 firmware using Fuzzware. Compared to conventional blur methods, they classified up to 95.5% of all possible inputs.
This allows Fuzzware to test three times more program code than conventional methods in the same amount of time. In the process, the team also identified additional vulnerabilities that were not detected by other blurring methods.
Fuzzware: Uses precise MMIO modeling for efficient firmware fuzzing. www.usenix.org/conference/usen…entation/scharnowski
quote: Quick and Effective Software Vulnerability Identification (2022, December 14) retrieved December 15, 2022 from https://techxplore.com/news/2022-12-software-vulnerabilities-quickly- efficiency.html
This document is the subject for the collection of authors. Other than any fair dealing for private learning or research purposes, no part may be reproduced without written permission. The content provided is for informational purposes only.