Xplicit: Static Information Flow Analysis for ARM32 Firmware
Author(s)
Karakatsanis, Konstantinos
Advisor(s)
Editor(s)
Collections
Supplementary to:
Permanent Link
Abstract
In this work, we designed and implemented Xplicit; a static approach that aims to
help identify potential vulnerabilities in firmware. The approach performs inter-procedural
information flow analysis to track if untrusted data coming from different sources can reach
sinks of interest after propagation. Our method takes into account two important elements,
namely (1) implicit data flows and (2) the access of hardware control registers.
We leveraged IDA Pro to disassemble firmware binaries. Then, we visualized the information
flows and the corresponding instructions using NetworkX graphs. Finally, we
scaled the analysis by parallelizing it with GNU Parallel and running IDA Pro in autonomous
mode. Our approach is the first implementation to identify implicit data flows
in ARM32 firmware binaries to the best of our knowledge. In addition, it minimizes the
dependency on IDA Pro (after disassembly), so even less technical people or people with
no IDA Pro knowledge will be enabled to look at the information flows and detect potential
vulnerabilities.
Our research can have a huge impact because it could identify potential vulnerabilities
affecting devices running ARM32 firmware. Such devices can be found everywhere, from
home Internet of Things (IoT) devices used by individuals to field devices used by an
Industrial Control System (ICS).
Sponsor
Date
2024-07-26
Extent
Resource Type
Text
Resource Subtype
Thesis