YODA: Unified Middleware for IoT Firmware Static Analysis Tools
Abstract
Cyber-attacks targeting vulnerabilities in the internet of things (IoT) devices are increasing every year, and various methods and analysis tools for IoT vulnerability detection have been proposed. Concerning the analysis tools, reducing man-hours is crucial to ensure that users
concentrate only on the work necessary to perform the analysis. However, the analysis tools proposed by existing studies are time-consuming in their setup, preprocessing, and analysis. To address these issues, we propose Yielding Optimal Device Analyzer (YODA) middleware for static analysis of IoT firmware. To define the requirements of YODA, we referred to the existing analysis tools, common middleware definitions, and typical middleware requirements for IoT environments. In the construction phase, we developed four functions and an innovation related to the setup. To evaluate the utility of YODA, we compared the time for setup, preprocessing, analysis and scalability with a baseline tool and Karonte, the most popular analysis tool available presently. Accordingly, we observed that YODA was faster than Karonte at every stage: the average setup time was 53 minutes, average preprocessing time was 2 hours and 31 minutes, and average analysis time was ˜11 hours for the analysis of a firmware with size 304 MB. Thus, we successfully developed the middleware that fulfills the requirements of firmware analysis.
References
M. Alsheikh, L. Konieczny, M. Prater, G. Smith, and S. Uludag, “The state of iot security: Unequivocal appeal to cybercriminals, onerous to defenders,” IEEE Consumer Electronics Magazine, vol. 11, no. 3, pp. 59–68, 2022.
N. Redini, A. MacHiry, R. Wang, C. Spensky, A. Continella, Y. Shoshitaishvili, C. Kruegel, and G. Vigna, “Karonte: Detecting insecure multi-binary interactions in embedded firmware,” in Proc. 2020 IEEE Symposium on Security and Privacy, May. 2020.
J. Yun, F. Rustamov, J. Kim, and Y. Shin, “Fuzzing of embedded systems: A survey,” ACM Comput. Surv., vol. 55, no. 7, pp. 1–33, 2022.
X. Feng, X. Zhu, Q.-L. Han,W. Zhou, S.Wen, and Y. Xiang, “Detecting vulnerability on iot device firmware: A survey,” IEEE/CAA Journal of Automatica Sinica, vol. 10, no. 1, pp. 25–41, 2023.
Z. Gao, C. Zhang, H. Liu, W. Sun, Z. Tang, L. Jiang, J. Chen, and Y. Xie, “Faster and better: Detecting vulnerabilities in linux-based iot firmware with optimized reaching definition analysis,” Proceedings 2024 Network and Distributed System Security Symposium, Feb. 2024.
T. Bakhshi, B. Ghita, and I. Kuzminykh, “A review of iot firmware vulnerabilities and auditing techniques,” Sensors, vol. 24, no. 2, 2024.
D. D. Chen, M. Woo, D. Brumley, and M. Egele, “Towards automated dynamic analysis for linux-based embedded firmware,” in Proc. 23rd Annual Network and Distributed System Security Symposium, (San Diego, USA), Feb. 2016.
S. L. Thomas, T. Chothia, and F. D. Garcia, “Stringer: Measuring the importance of static data comparisons to detect backdoors and undocumented functionality,” in Proc. 22nd European Symposium on Research in Computer Security, (Copenhagen, Denmark), pp. 513–531, Sept. 2017.
S. L. Thomas, T. Chothia, and F. D. Garcia, “Humidify: A tool for hidden functionality detection in firmware,” in Proc. 24rd Annual Network and Distributed System Security Symposium, (San Diego, USA), pp. 279–300, Feb. 2017.
P. Srivastava, H. Peng, J. Li, H. Okhravi, H. Shrobe, and M. Payer, “Firmfuzz: Automated iot firmware introspection and analysis,” in Proc. the 2nd International ACM Workshop on Security and Privacy for the Internet-of-Things, (London, United Kingdom), p. 15–21, Nov. 2019.
P. Ferrara, A. K. Mandal, A. Cortesi, and F. Spoto, “Static analysis for discovering iot vulnerabilities,” Int. J. Softw. Tools Technol. Transf., vol. 23, no. 1, p. 71–88, 2021.
Y. Shoshitaishvili, R. Wang, C. Hauser, C. Kruegel, and G. Vigna, “Firmalice - automatic detection of authentication bypass vulnerabilities in binary firmware.,” in Proc. 22rd Annual Network and Distributed System Security Symposium, (San Diego, USA), Feb. 2015.
M. A. Razzaque, M. Milojevic-Jevric, A. Palade, and S. Clarke, “Middleware for internet of things: A survey,” IEEE Internet of Things Journal, vol. 3, no. 1, pp. 70–95, 2016.
M. Yoda, S. Nakamura, Y. Sei, Y. Tahara, and A. Ohsuga, “A middleware to improve analysis coverage in iot vulnerability detection,” in Proc. 26th IEEE/ACIS InternationalWinter Conference on Software Engineering, Artificial Intelligence, Networking and Parallel/Distributed Computing, (Taichung, Taiwan), Dec. 2023.
M. Yoda, S. Nakamura, Y. Sei, Y. Tahara, and A. Ohsuga, “A middleware to improve analysis coverage in iot vulnerability detection,” in IEEE International Conference on Internet of Things and Intelligence Systems, IoTaIS 2023, Bali, Indonesia, November 28-30, 2023, pp. 103–107, IEEE, 2023.
M. Yoda, S. Nakamura, Y. Sei, Y. Matsuno, Y. Tahara, and A. Ohsuga, “Yoda: Middleware of static analysis tools for iot firmware - proposal and evaluation of time reducing mechanisms for setup, preprocessing, and analysis,” in Proc. 18th International Conference on E-Service and Knowledge Management, (Kagawa, Japan), Jul. 2024.
L. Cojocar, J. Zaddach, R. Verdult, H. Bos, A. Francillon, and D. Balzarotti, “PIE: parser identification in embedded systems,” in Proc. the 31st Annual Computer Security Applications Conference, (Los Angeles, USA), pp. 251–260, Dec. 2015.
K. Cheng, Q. Li, L. Wang, Q. Chen, Y. Zheng, L. Sun, and Z. Liang, “Dtaint: Detecting the taint-style vulnerability in embedded device firmware,” (Luxembourg, Luxembourg), pp. 430–441, 2018.
Y. David, N. Partush, and E. Yahav, “Firmup: Precise static detection of common vulnerabilities in firmware,” in Proc. the Twenty-Third International Conference on Architectural Support for Programming Languages and Operating Systems, (New York, USA), p. 392–404, Mar. 2018.
T. S. John, T. Thomas, and S. Emmanuel, “Graph convolutional networks for android malware detection with system call graphs,” in Proc. Third ISEA Conference on Security and Privacy, (Guwahati, India), pp. 162–170, Feb. 2020.
M. Yoda, S. Sakuraba, Y. Sei, Y. Tahara, and A. Ohsuga, “Detection of the hardcoded login information from socket and string compare symbols,” 2021 Annals of Emerging Technologies in Computing, vol. 5, no. 1, pp. 28–39, 2021.
M. Yoda, S. Sakuraba, Y. Sei, Y. Tahara, and A. Ohsuga, “Detection of the hardcoded login information from socket symbols,” in Proc. 3rd IEEE International Conference on Computing, Electronics & Communications Engineering, (Essex, United Kingdom), pp. 33–38, Aug. 2020.
M. Yoda, S. Sakuraba, Y. Sei, Y. Tahara, and A. Ohsuga, “Detecting hardcoded login information from user input,” in Proc. IEEE 41st International Conference on Consumer Electronics, pp. 104–105, Oct. 2022.
M. Yoda, S. Sakuraba, Y. Sei, Y. Tahara, and A. Ohsuga, “Detection of plaintext login information in firmware,” in Proc. 2022 IEEE International Conference on Consumer Electronics – Taiwan, (Taipei, Taiwan), pp. 1–2, Jul. 2022.
N. Redini, A. MacHiry, R. Wang, C. Spensky, A. Continella, Y. Shoshitaishvili, C. Kruegel, and G. Vigna, “Karonte.” https://hub.docker.com/r/badnack/karonte. accessed on May. 05. 2023.
M. Yoda, S. Sakuraba, Y. Sei, Y. Tahara, and A. Ohsuga, “Proposal of a middleware to support development of iot firmware analysis tools,” in Proc. the 14th International Joint Conference on Knowledge-Based Software Engineering, (Larnaca, Cyprus), pp. 3–14, Aug. 2023.
J. Zhang, M. Ma, P. Wang, and X. dong Sun, “Middleware for the internet of things: A survey on requirements, enabling technologies, and solutions,” Journal of Systems Architecture, vol. 117, p. 102098, 2021.
Vikash, L. Mishra, and S. Varma, “Middleware technologies for smart wireless sensor networks towards internet of things: A comparative review,” Wireless Personal Communications, vol. 116, pp. 1539–1574, Feb. 2021.
J. Collake, “Firmware mod kit.” https://github.com/amitv87/firmware-mod-kit. accessed on May. 05. 2023.
Z. Zhang, Y. Ye, W. You, G. Tao, W.-c. Lee, Y. Kwon, Y. Aafer, and X. Zhang, “Osprey: Recovery of variable and data structure via probabilistic analysis for stripped binary,” in Proc. the 42nd IEEE Symposium on Security and Privacy, (San Francisco, USA), pp. 813–832, May. 2021.
C. Pang, R. Yu, D. Xu, E. Koskinen, G. Portokalidis, and J. Xu, “Towards optimal use of exception handling information for function detection,” in Proc. 51st Annual IEEE/IFIP International Conference on Dependable Systems and Networks, (Online), pp. 338–349, 2021.
