Despite many years of intensive research and development on secure computer systems, the number of successful attacks, and their degree of severity, continues to increase every year. Within the BASTION project, we tackle this challenge and develop methods that leverage binary analysis techniques to improve the security within the Internet of Things (IoT) and other kinds of (embedded) devices. More specifically, we address the challenge of securing legacy systems given that widely-deployed systems that are critical for our society were developed in an ad-hoc, security-ignorant fashion. This legacy code is heterogeneous and often highly complex and thus represents a constant flow of newly uncovered security issues that adversaries can exploit. We concentrate on the software level since this enables us to both analyze a given device for potential security vulnerabilities and add security features to harden the device against future attacks. We focus on issues that pose fundamental research problems and that are crucial for significantly improving computer security; they are, therefore, also of great social and economic value.
Our analysis methods concentrate on binary executables, i.e. the code that is actually executed by the processor, and especially firmware (i.e. purpose-built software that is tightly-coupled to its hardware). This design choice is based on the fact that we typically do not have access to source code given that we often deal with closed-source systems that we want to analyze (e.g. some kind of embedded system that is not fully documented by the vendor). Little to nothing is typically know about the security aspects of such systems and hence we want to analyze them for potential vulnerabilities and obtain insights into their operations. In the first part of the project, we designed an intermediate language to abstract away from the concrete assembly level and this enables an analysis of many different platforms within a unified analysis framework. For example, we used the techniques developed within BASTION to analyze the firmware image used in engine control units (ECUs) within cars to study how the Volkswagen defeat devices ("Dieselgate") works and also used the same underlying methods to study the microcode within Intel x86 CPUs. Our analysis techniques are based on the whole body of work on program analysis techniques developed in the past three decades: we transferred and extended control- and data-flow analysis techniques and also symbolic execution to our intermediate language and the resulting analysis techniques enable a fine grained and fast analysis of a given binary executable. During this project, we developed several advanced binary analysis techniques that help us to either uncover security vulnerabilities in a given system or helped us to implement generic defense techniques that can protect (embedded) systems against different kinds of attacks.