frameD: Toward Automated Identification of Embedded Frameworks in Firmware Images

Jorik van Nielen; Andreas Peter; Andrea Continella

doi:10.1007/978-3-031-82349-7_32

frameD: Toward Automated Identification of Embedded Frameworks in Firmware Images

Jorik van Nielen^*
, Andreas Peter
, Andrea Continella

^*Corresponding author for this work

Semantics, Cybersecurity & Services

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › Academic › peer-review

1 Citation (Scopus)

4 Downloads (Pure)

Abstract

In the era of the Internet of Things, firmware security analyses have become tremendously important to protect networks and guarantee safety-critical operations. Indeed, the firmware running on smart devices (which are increasingly adopted also in critical infrastructures) often contains security vulnerabilities, and delivering timely updates proved to be challenging, both from a technical perspective and due to a lack of support from device vendors. In particular, firmware images present difficulties that hinder automated analyses and patching, mostly because their code and data are opaquely intermixed and squashed together on top of embedded development frameworks. In this paper, we propose a new lightweight approach to automatically analyze firmware images and identify the embedded frameworks they are built upon. Our approach facilitates reverse engineering, reducing the scope for security analyses and assisting the vulnerability detection and patching process of embedded devices. We implement our approach in frameD, and we evaluate it on a dataset of 536 firmware images from different devices and vendors. Our system identifies embedded frameworks with an accuracy of 83%, and we perform a case study to combine frameD with an existing patch injection framework, demonstrating to be a helpful and effective tool for security analysts and reverse engineers.

Original language	English
Title of host publication	Computer Security. ESORICS 2024 International Workshops - DPM, CBT, and CyberICPS, Bydgoszcz, 2024, Revised Selected Papers
Editors	Joaquin Garcia-Alfaro, Ken Barker, Guillermo Navarro-Arribas, Cristina Pérez-Solà, Sergi Delgado-Segura, Sokratis Katsikas, Frédéric Cuppens, Costas Lambrinoudakis, Nora Cuppens-Boulahia, Marek Pawlicki, Michał Choraś
Publisher	Springer
Pages	514-533
Number of pages	20
ISBN (Print)	9783031823480
DOIs	https://doi.org/10.1007/978-3-031-82349-7_32
Publication status	Published - 2 Apr 2025
Event	29th European Symposium on Research in Computer Security, ESORICS 2024 - Bydgoszcz, Poland Duration: 16 Sept 2024 → 20 Sept 2024 Conference number: 29

Publication series

Name	Lecture Notes in Computer Science
Volume	15263 LNCS
ISSN (Print)	0302-9743
ISSN (Electronic)	1611-3349

Conference

Conference	29th European Symposium on Research in Computer Security, ESORICS 2024
Abbreviated title	ESORICS 2024
Country/Territory	Poland
City	Bydgoszcz
Period	16/09/24 → 20/09/24

Keywords

2026 OA procedure
Firmware
IoT
Reversing
Embedded Frameworks

Access to Document

10.1007/978-3-031-82349-7_32

978-3-031-82349-7_32Final published version, 690 KBLicence: Taverne

Cite this

van Nielen, J., Peter, A., & Continella, A. (2025). frameD: Toward Automated Identification of Embedded Frameworks in Firmware Images. In J. Garcia-Alfaro, K. Barker, G. Navarro-Arribas, C. Pérez-Solà, S. Delgado-Segura, S. Katsikas, F. Cuppens, C. Lambrinoudakis, N. Cuppens-Boulahia, M. Pawlicki, & M. Choraś (Eds.), Computer Security. ESORICS 2024 International Workshops - DPM, CBT, and CyberICPS, Bydgoszcz, 2024, Revised Selected Papers (pp. 514-533). (Lecture Notes in Computer Science; Vol. 15263 LNCS). Springer. https://doi.org/10.1007/978-3-031-82349-7_32

van Nielen, Jorik ; Peter, Andreas ; Continella, Andrea. / frameD : Toward Automated Identification of Embedded Frameworks in Firmware Images. Computer Security. ESORICS 2024 International Workshops - DPM, CBT, and CyberICPS, Bydgoszcz, 2024, Revised Selected Papers. editor / Joaquin Garcia-Alfaro ; Ken Barker ; Guillermo Navarro-Arribas ; Cristina Pérez-Solà ; Sergi Delgado-Segura ; Sokratis Katsikas ; Frédéric Cuppens ; Costas Lambrinoudakis ; Nora Cuppens-Boulahia ; Marek Pawlicki ; Michał Choraś. Springer, 2025. pp. 514-533 (Lecture Notes in Computer Science).

@inproceedings{c4615560ae1b4498aa7a7d3d963579fb,

title = "frameD: Toward Automated Identification of Embedded Frameworks in Firmware Images",

abstract = "In the era of the Internet of Things, firmware security analyses have become tremendously important to protect networks and guarantee safety-critical operations. Indeed, the firmware running on smart devices (which are increasingly adopted also in critical infrastructures) often contains security vulnerabilities, and delivering timely updates proved to be challenging, both from a technical perspective and due to a lack of support from device vendors. In particular, firmware images present difficulties that hinder automated analyses and patching, mostly because their code and data are opaquely intermixed and squashed together on top of embedded development frameworks. In this paper, we propose a new lightweight approach to automatically analyze firmware images and identify the embedded frameworks they are built upon. Our approach facilitates reverse engineering, reducing the scope for security analyses and assisting the vulnerability detection and patching process of embedded devices. We implement our approach in frameD, and we evaluate it on a dataset of 536 firmware images from different devices and vendors. Our system identifies embedded frameworks with an accuracy of 83\%, and we perform a case study to combine frameD with an existing patch injection framework, demonstrating to be a helpful and effective tool for security analysts and reverse engineers.",

keywords = "2026 OA procedure, Firmware, IoT, Reversing, Embedded Frameworks",

author = "\{van Nielen\}, Jorik and Andreas Peter and Andrea Continella",

note = "Publisher Copyright: {\textcopyright} The Author(s), under exclusive license to Springer Nature Switzerland AG 2025.; 29th European Symposium on Research in Computer Security, ESORICS 2024, ESORICS 2024 ; Conference date: 16-09-2024 Through 20-09-2024",

year = "2025",

month = apr,

day = "2",

doi = "10.1007/978-3-031-82349-7\_32",

language = "English",

isbn = "9783031823480",

series = "Lecture Notes in Computer Science",

publisher = "Springer",

pages = "514--533",

editor = "Joaquin Garcia-Alfaro and Ken Barker and Guillermo Navarro-Arribas and Cristina P{\'e}rez-Sol{\`a} and Sergi Delgado-Segura and Sokratis Katsikas and Fr{\'e}d{\'e}ric Cuppens and Costas Lambrinoudakis and Nora Cuppens-Boulahia and Marek Pawlicki and Micha{\l} Chora{\'s}",

booktitle = "Computer Security. ESORICS 2024 International Workshops - DPM, CBT, and CyberICPS, Bydgoszcz, 2024, Revised Selected Papers",

address = "Germany",

}

van Nielen, J, Peter, A & Continella, A 2025, frameD: Toward Automated Identification of Embedded Frameworks in Firmware Images. in J Garcia-Alfaro, K Barker, G Navarro-Arribas, C Pérez-Solà, S Delgado-Segura, S Katsikas, F Cuppens, C Lambrinoudakis, N Cuppens-Boulahia, M Pawlicki & M Choraś (eds), Computer Security. ESORICS 2024 International Workshops - DPM, CBT, and CyberICPS, Bydgoszcz, 2024, Revised Selected Papers. Lecture Notes in Computer Science, vol. 15263 LNCS, Springer, pp. 514-533, 29th European Symposium on Research in Computer Security, ESORICS 2024, Bydgoszcz, Poland, 16/09/24. https://doi.org/10.1007/978-3-031-82349-7_32

frameD: Toward Automated Identification of Embedded Frameworks in Firmware Images. / van Nielen, Jorik; Peter, Andreas ; Continella, Andrea.
Computer Security. ESORICS 2024 International Workshops - DPM, CBT, and CyberICPS, Bydgoszcz, 2024, Revised Selected Papers. ed. / Joaquin Garcia-Alfaro; Ken Barker; Guillermo Navarro-Arribas; Cristina Pérez-Solà; Sergi Delgado-Segura; Sokratis Katsikas; Frédéric Cuppens; Costas Lambrinoudakis; Nora Cuppens-Boulahia; Marek Pawlicki; Michał Choraś. Springer, 2025. p. 514-533 (Lecture Notes in Computer Science; Vol. 15263 LNCS).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › Academic › peer-review

TY - GEN

T1 - frameD

T2 - 29th European Symposium on Research in Computer Security, ESORICS 2024

AU - van Nielen, Jorik

AU - Peter, Andreas

AU - Continella, Andrea

N1 - Conference code: 29

PY - 2025/4/2

Y1 - 2025/4/2

N2 - In the era of the Internet of Things, firmware security analyses have become tremendously important to protect networks and guarantee safety-critical operations. Indeed, the firmware running on smart devices (which are increasingly adopted also in critical infrastructures) often contains security vulnerabilities, and delivering timely updates proved to be challenging, both from a technical perspective and due to a lack of support from device vendors. In particular, firmware images present difficulties that hinder automated analyses and patching, mostly because their code and data are opaquely intermixed and squashed together on top of embedded development frameworks. In this paper, we propose a new lightweight approach to automatically analyze firmware images and identify the embedded frameworks they are built upon. Our approach facilitates reverse engineering, reducing the scope for security analyses and assisting the vulnerability detection and patching process of embedded devices. We implement our approach in frameD, and we evaluate it on a dataset of 536 firmware images from different devices and vendors. Our system identifies embedded frameworks with an accuracy of 83%, and we perform a case study to combine frameD with an existing patch injection framework, demonstrating to be a helpful and effective tool for security analysts and reverse engineers.

AB - In the era of the Internet of Things, firmware security analyses have become tremendously important to protect networks and guarantee safety-critical operations. Indeed, the firmware running on smart devices (which are increasingly adopted also in critical infrastructures) often contains security vulnerabilities, and delivering timely updates proved to be challenging, both from a technical perspective and due to a lack of support from device vendors. In particular, firmware images present difficulties that hinder automated analyses and patching, mostly because their code and data are opaquely intermixed and squashed together on top of embedded development frameworks. In this paper, we propose a new lightweight approach to automatically analyze firmware images and identify the embedded frameworks they are built upon. Our approach facilitates reverse engineering, reducing the scope for security analyses and assisting the vulnerability detection and patching process of embedded devices. We implement our approach in frameD, and we evaluate it on a dataset of 536 firmware images from different devices and vendors. Our system identifies embedded frameworks with an accuracy of 83%, and we perform a case study to combine frameD with an existing patch injection framework, demonstrating to be a helpful and effective tool for security analysts and reverse engineers.

KW - 2026 OA procedure

KW - Firmware

KW - IoT

KW - Reversing

KW - Embedded Frameworks

UR - https://www.scopus.com/pages/publications/105002459491

U2 - 10.1007/978-3-031-82349-7_32

DO - 10.1007/978-3-031-82349-7_32

M3 - Conference contribution

AN - SCOPUS:105002459491

SN - 9783031823480

T3 - Lecture Notes in Computer Science

SP - 514

EP - 533

BT - Computer Security. ESORICS 2024 International Workshops - DPM, CBT, and CyberICPS, Bydgoszcz, 2024, Revised Selected Papers

A2 - Garcia-Alfaro, Joaquin

A2 - Barker, Ken

A2 - Navarro-Arribas, Guillermo

A2 - Pérez-Solà, Cristina

A2 - Delgado-Segura, Sergi

A2 - Katsikas, Sokratis

A2 - Cuppens, Frédéric

A2 - Lambrinoudakis, Costas

A2 - Cuppens-Boulahia, Nora

A2 - Pawlicki, Marek

A2 - Choraś, Michał

PB - Springer

Y2 - 16 September 2024 through 20 September 2024

ER -

van Nielen J, Peter A , Continella A. frameD: Toward Automated Identification of Embedded Frameworks in Firmware Images. In Garcia-Alfaro J, Barker K, Navarro-Arribas G, Pérez-Solà C, Delgado-Segura S, Katsikas S, Cuppens F, Lambrinoudakis C, Cuppens-Boulahia N, Pawlicki M, Choraś M, editors, Computer Security. ESORICS 2024 International Workshops - DPM, CBT, and CyberICPS, Bydgoszcz, 2024, Revised Selected Papers. Springer. 2025. p. 514-533. (Lecture Notes in Computer Science). doi: 10.1007/978-3-031-82349-7_32