{"title":"正在进行的工作:基于linux的嵌入式固件的反思","authors":"P. Dovgalyuk, N. Fursova, I. Vasiliev, V. Makarov","doi":"10.1109/EMSOFT.2018.8537186","DOIUrl":null,"url":null,"abstract":"This paper presents a novel approach for virtual machine introspection of the embedded systems based on the unknown revisions of the known kernels. Existing introspection methods require embedding the code into the guest to capture the data for analysis algorithms. When OS image is extracted from the ROM, usually no analysis code can be loaded into the virtual machine. We propose new non-intrusive method for extracting the kernel- and process-level information from such virtual machines. This method is based on the application binary interface, which is small enough and usually non-volatile. Therefore one analysis configuration may be used for different systems with the kernels from the same family without re-tuning them. We also present the analysis framework based on the simulator QEMU. It includes instrumentation and some tools for extracting the process- and kernel-level information from the guest. Our framework may be applied to ROM-based guest systems and enables using of record/replay of the system execution during the analysis. We applied our framework to some public firmwares to evaluate how our method works on the embedded systems with custom Linux kernel.","PeriodicalId":375994,"journal":{"name":"2018 International Conference on Embedded Software (EMSOFT)","volume":"74 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2018-09-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":"{\"title\":\"Work-in-Progress: Introspection of the Linux-Based Embedded Firmwares\",\"authors\":\"P. Dovgalyuk, N. Fursova, I. Vasiliev, V. Makarov\",\"doi\":\"10.1109/EMSOFT.2018.8537186\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"This paper presents a novel approach for virtual machine introspection of the embedded systems based on the unknown revisions of the known kernels. Existing introspection methods require embedding the code into the guest to capture the data for analysis algorithms. When OS image is extracted from the ROM, usually no analysis code can be loaded into the virtual machine. We propose new non-intrusive method for extracting the kernel- and process-level information from such virtual machines. This method is based on the application binary interface, which is small enough and usually non-volatile. Therefore one analysis configuration may be used for different systems with the kernels from the same family without re-tuning them. We also present the analysis framework based on the simulator QEMU. It includes instrumentation and some tools for extracting the process- and kernel-level information from the guest. Our framework may be applied to ROM-based guest systems and enables using of record/replay of the system execution during the analysis. We applied our framework to some public firmwares to evaluate how our method works on the embedded systems with custom Linux kernel.\",\"PeriodicalId\":375994,\"journal\":{\"name\":\"2018 International Conference on Embedded Software (EMSOFT)\",\"volume\":\"74 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2018-09-01\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2018 International Conference on Embedded Software (EMSOFT)\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/EMSOFT.2018.8537186\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2018 International Conference on Embedded Software (EMSOFT)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/EMSOFT.2018.8537186","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
Work-in-Progress: Introspection of the Linux-Based Embedded Firmwares
This paper presents a novel approach for virtual machine introspection of the embedded systems based on the unknown revisions of the known kernels. Existing introspection methods require embedding the code into the guest to capture the data for analysis algorithms. When OS image is extracted from the ROM, usually no analysis code can be loaded into the virtual machine. We propose new non-intrusive method for extracting the kernel- and process-level information from such virtual machines. This method is based on the application binary interface, which is small enough and usually non-volatile. Therefore one analysis configuration may be used for different systems with the kernels from the same family without re-tuning them. We also present the analysis framework based on the simulator QEMU. It includes instrumentation and some tools for extracting the process- and kernel-level information from the guest. Our framework may be applied to ROM-based guest systems and enables using of record/replay of the system execution during the analysis. We applied our framework to some public firmwares to evaluate how our method works on the embedded systems with custom Linux kernel.
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
