Improved probabilistic verification by hash compaction
CHARME '95 Proceedings of the IFIP WG 10.5 Advanced Research Working Conference on Correct Hardware Design and Verification Methods
CUTE: a concolic unit testing engine for C
Proceedings of the 10th European software engineering conference held jointly with 13th ACM SIGSOFT international symposium on Foundations of software engineering
Towards Automatic Generation of Vulnerability-Based Signatures
SP '06 Proceedings of the 2006 IEEE Symposium on Security and Privacy
EXE: automatically generating inputs of death
Proceedings of the 13th ACM conference on Computer and communications security
Bouncer: securing software by blocking bad input
Proceedings of twenty-first ACM SIGOPS symposium on Operating systems principles
The software model checker Blast: Applications to software engineering
International Journal on Software Tools for Technology Transfer (STTT)
Security and Privacy for Implantable Medical Devices
IEEE Pervasive Computing
Pacemakers and Implantable Cardiac Defibrillators: Software Radio Attacks and Zero-Power Defenses
SP '08 Proceedings of the 2008 IEEE Symposium on Security and Privacy
Loop-extended symbolic execution on binary programs
Proceedings of the eighteenth international symposium on Software testing and analysis
A few billion lines of code later: using static analysis to find bugs in the real world
Communications of the ACM
State Joining and Splitting for the Symbolic Execution of Binaries
Runtime Verification
Cloud9: a software testing service
ACM SIGOPS Operating Systems Review
Reverse engineering of binary device drivers with RevNIC
Proceedings of the 5th European conference on Computer systems
Execution synthesis: a technique for automated software debugging
Proceedings of the 5th European conference on Computer systems
KleeNet: discovering insidious interaction bugs in wireless sensor networks before deployment
Proceedings of the 9th ACM/IEEE International Conference on Information Processing in Sensor Networks
RWset: attacking path explosion in constraint-based test generation
TACAS'08/ETAPS'08 Proceedings of the Theory and practice of software, 14th international conference on Tools and algorithms for the construction and analysis of systems
Experimental Security Analysis of a Modern Automobile
SP '10 Proceedings of the 2010 IEEE Symposium on Security and Privacy
KLEE: unassisted and automatic generation of high-coverage tests for complex systems programs
OSDI'08 Proceedings of the 8th USENIX conference on Operating systems design and implementation
A quantitative analysis of the insecurity of embedded network devices: results of a wide-area scan
Proceedings of the 26th Annual Computer Security Applications Conference
USENIX Security'10 Proceedings of the 19th USENIX conference on Security
S2E: a platform for in-vivo multi-path analysis of software systems
Proceedings of the sixteenth international conference on Architectural support for programming languages and operating systems
A decade of software model checking with SLAM
Communications of the ACM
Parallel symbolic execution for automated real-world software testing
Proceedings of the sixth conference on Computer systems
Comprehensive experimental analyses of automotive attack surfaces
SEC'11 Proceedings of the 20th USENIX conference on Security
Efficient state merging in symbolic execution
Proceedings of the 33rd ACM SIGPLAN conference on Programming Language Design and Implementation
Security analysis of smartphone point-of-sale systems
WOOT'12 Proceedings of the 6th USENIX conference on Offensive Technologies
SymDrive: testing drivers without devices
OSDI'12 Proceedings of the 10th USENIX conference on Operating Systems Design and Implementation
Hi-index | 0.00 |
Embedded systems increasingly use software-driven low-power microprocessors for security-critical settings, surfacing a need for tools that can audit the security of the software (often called firmware) running on such devices. Despite the fact that firmware programs are often written in C, existing source-code analysis tools do not work well for this setting because of the specific architectural features of low-power platforms. We therefore design and implement a new tool, called FIE, that builds off the KLEE symbolic execution engine in order to provide an extensible platform for detecting bugs in firmware programs for the popular MSP430 family of microcontrollers. FIE incorporates new techniques for symbolic execution that enable it to verify security properties of the simple firmwares often found in practice. We demonstrate FIE's utility by applying it to a corpus of 99 open-source firmware programs that altogether use 13 different models of the MSP430. We are able to verify memory safety for the majority of programs in this corpus and elsewhere discover 21 bugs.