Skip to main content
OSTI.GOVU.S. Department of Energy Office of Scientific and Technical Information
U.S. Department of Energy
Office of Scientific and Technical Information
 

IoT Firmware Emulation and Its Security Application in Fuzzing: A Critical Revisit

Journal Article · · Future Internet
DOI:https://doi.org/10.3390/fi17010019· OSTI ID:2496727
; ;

As IoT devices with microcontroller (MCU)-based firmware become more common in our lives, memory corruption vulnerabilities in their firmware are increasingly targeted by adversaries. Fuzzing is a powerful method for detecting these vulnerabilities, but it poses unique challenges when applied to IoT devices. Direct fuzzing on these devices is inefficient, and recent efforts have shifted towards creating emulation environments for dynamic firmware testing. However, unlike traditional software, firmware interactions with peripherals that are significantly more diverse presents new challenges for achieving scalable full-system emulation and effective fuzzing. This paper reviews 27 state-of-the-art works in MCU-based firmware emulation and its applications in fuzzing. Instead of classifying existing techniques based on their capabilities and features, we first identify the fundamental challenges faced by firmware emulation and fuzzing. We then revisit recent studies, organizing them according to the specific challenges they address, and discussing how each specific challenge is addressed. We compare the emulation fidelity and bug detection capabilities of various techniques to clearly demonstrate their strengths and weaknesses, aiding users in selecting or combining tools to meet their needs. Finally, we highlight the remaining technical gaps and point out important future research directions in firmware emulation and fuzzing.

Sponsoring Organization:
USDOE
OSTI ID:
2496727
Journal Information:
Future Internet, Journal Name: Future Internet Journal Issue: 1 Vol. 17; ISSN FIUNAE; ISSN 1999-5903
Publisher:
MDPI AGCopyright Statement
Country of Publication:
Country unknown/Code not available
Language:
English

References (28)

Reinforcement learning algorithms: A brief survey journal November 2023
Simics: A full system simulation platform journal January 2002
MemorySanitizer: Fast detector of uninitialized memory use in C++ conference February 2015
Challenges in Designing Exploit Mitigations for Deeply Embedded Systems conference June 2019
Detecting Vulnerability on IoT Device Firmware: A Survey journal January 2023
DICE: Automatic Emulation of DMA Input Channels for Dynamic Firmware Analysis conference May 2021
HEAPSTER: Analyzing the Security of Dynamic Allocators for Monolithic Firmware Images conference May 2022
AIM: Automatic Interrupt Modeling for Dynamic Firmware Analysis journal July 2024
Speeding Up Bug Finding using Focused Fuzzing conference August 2018
Fuzzing journal January 2020
FirmXRay: Detecting Bluetooth Link Layer Vulnerabilities From Bare-Metal Firmware conference October 2020
Challenges in Firmware Re-Hosting, Emulation, and Analysis journal January 2021
Device-agnostic Firmware Execution is Possible: A Concolic Execution Approach for Peripheral Emulation conference December 2020
FirmAE: Towards Large-Scale Emulation of IoT Firmware for Dynamic Analysis conference December 2020
Conware: Automated Modeling of Hardware Peripherals conference May 2021
SoK: Enabling Security Analyses of Embedded Systems via Rehosting conference May 2021
ECMO: Peripheral Transplantation to Rehost Embedded Linux Kernels conference November 2021
What You See is Not What You Get: Revealing Hidden Memory Mapping for Peripheral Modeling conference October 2022
MetaEmu conference November 2022
SFuzz conference November 2022
What Your Firmware Tells You Is Not How You Should Emulate It conference November 2022
Ember-IO: Effective Firmware Fuzzing with Model-Free Memory Mapped IO conference July 2023
Avatar2: A Multi-Target Orchestration Platform conference January 2018
Understanding MPU Usage in Microcontroller-based Systems in the Wild conference January 2023
Avatar: A Framework to Support Dynamic Security Analysis of Embedded Systems’ Firmwares conference January 2014
Towards Automated Dynamic Analysis for Linux-based Embedded Firmware conference January 2016
What You Corrupt Is Not What You Crash: Challenges in Fuzzing Embedded Devices conference January 2018
FirmWire: Transparent Dynamic Analysis for Cellular Baseband Firmware conference January 2022

Similar Records

Hardware Fuzzing with An Emulator
Technical Report · Sun Sep 01 00:00:00 EDT 2024 · OSTI ID:2480163
Challenges in Firmware Re-Hosting, Emulation, and Analysis
Journal Article · Fri Jan 01 19:00:00 EST 2021 · ACM Computing Surveys · OSTI ID:1760456
Secure LoRa Firmware Update with Adaptive Data Rate Techniques
Journal Article · Mon Mar 29 20:00:00 EDT 2021 · Sensors · OSTI ID:1778075

Related Subjects