KARONTE: Detecting Insecure Multi-binary Interactions in Embedded Firmware

Nilo Redini, Aravind Machiry, Ruoyu Wang, Chad Spensky, Andrea Continella, Yan Shoshitaishvili, Christopher Kruegel, Giovanni Vigna

Research output: Chapter in Book/Report/Conference proceedingConference contributionAcademicpeer-review

Abstract

Low-power, single-purpose embedded devices (e.g., routers and IoT devices) have become ubiquitous. While they automate and simplify many aspects of users' lives, recent large-scale attacks have shown that their sheer number poses a severe threat to the Internet infrastructure. Unfortunately, the software on these systems is hardware-dependent, and typically executes in unique, minimal environments with non-standard configurations, making security analysis particularly challenging. Many of the existing devices implement their functionality through the use of multiple binaries. This multi-binary service implementation renders current static and dynamic analysis techniques either ineffective or inefficient, as they are unable to identify and adequately model the communication between the various executables. In this paper, we present Karonte, a static analysis approach capable of analyzing embedded-device firmware by modeling and tracking multi-binary interactions. Our approach propagates taint information between binaries to detect insecure interactions and identify vulnerabilities. We first evaluated Karonte on 53 firmware samples from various vendors, showing that our prototype tool can successfully track and constrain multi-binary interactions. This led to the discovery of 46 zero-day bugs. Then, we performed a large-scale experiment on 899 different samples, showing that Karonte scales well with firmware samples of different size and complexity.
Original languageEnglish
Title of host publicationProceedings 2020 IEEE Symposium on Security and Privacy, SP 2020
PublisherIEEE
Pages1544-1561
Number of pages18
ISBN (Electronic)978-1-7281-3497-0
DOIs
Publication statusPublished - 1 May 2020
Externally publishedYes

Keywords

  • Cybersecurity

Fingerprint Dive into the research topics of 'KARONTE: Detecting Insecure Multi-binary Interactions in Embedded Firmware'. Together they form a unique fingerprint.

Cite this