Applying Bytecode Level Automatic Exploit Generation to Embedded Systems
Degree GrantorUniversity of Canterbury
Degree NameBachelor of Science with Honours
Finding vulnerabilities in software is a difficult task, typically undertaken by experts. Developers have little of the required knowledge to find complex vulnerabilities in their software products before release. Automation of vulnerability discovery and proof of concept exploit generation is key to enable developers to check and fix software vulnerabilities in the development process. Research in this field is currently directed at automatically generating exploits for software developed for general purpose computers. Embedded systems occupy a significant portion of the market and lack typical security features found on general purpose computers. In this report, we implement automatic exploit generation for embedded systems firmwares, by extending an existing dynamic analysis framework called Avatar. We discuss several techniques to discover vulnerabilities and generate exploits, and evaluate our solution by generating exploits for three vulnerable firmwares written for a popular ARM Cortex-M3 microcontroller.
- Engineering: Reports