Periodic Reporting for period 4 - BASTION (Leveraging Binary Analysis to Secure the Internet of Things)
Okres sprawozdawczy: 2019-09-01 do 2020-02-29
Despite many years of intensive research and development on secure computer systems, the number of successful attacks, and their degree of severity, continues to increase every year. Within the BASTION project, we tackle this challenge and develop methods that leverage binary analysis techniques to improve the security within the Internet of Things (IoT) and other kinds of (embedded) devices. More specifically, we address the challenge of securing legacy systems given that widely-deployed systems that are critical for our society were developed in an ad-hoc, security-ignorant fashion. This legacy code is heterogeneous and often highly complex and thus represents a constant flow of newly uncovered security issues that adversaries can exploit. We concentrate on the software level since this enables us to both analyze a given device for potential security vulnerabilities and add security features to harden the device against future attacks. We focus on issues that pose fundamental research problems and that are crucial for significantly improving computer security; they are, therefore, also of great social and economic value.
Our analysis methods concentrate on binary executables, i.e. the code that is actually executed by the processor, and especially firmware (i.e. purpose-built software that is tightly-coupled to its hardware). This design choice is based on the fact that we typically do not have access to source code given that we often deal with closed-source systems that we want to analyze (e.g. some kind of embedded system that is not fully documented by the vendor). Little to nothing is typically know about the security aspects of such systems and hence we want to analyze them for potential vulnerabilities and obtain insights into their operations. In the first part of the project, we designed an intermediate language to abstract away from the concrete assembly level and this enables an analysis of many different platforms within a unified analysis framework. For example, we used the techniques developed within BASTION to analyze the firmware image used in engine control units (ECUs) within cars to study how the Volkswagen defeat devices ("Dieselgate") works and also used the same underlying methods to study the microcode within Intel x86 CPUs. Our analysis techniques are based on the whole body of work on program analysis techniques developed in the past three decades: we transferred and extended control- and data-flow analysis techniques and also symbolic execution to our intermediate language and the resulting analysis techniques enable a fine grained and fast analysis of a given binary executable. During this project, we developed several advanced binary analysis techniques that help us to either uncover security vulnerabilities in a given system or helped us to implement generic defense techniques that can protect (embedded) systems against different kinds of attacks.
Our analysis methods concentrate on binary executables, i.e. the code that is actually executed by the processor, and especially firmware (i.e. purpose-built software that is tightly-coupled to its hardware). This design choice is based on the fact that we typically do not have access to source code given that we often deal with closed-source systems that we want to analyze (e.g. some kind of embedded system that is not fully documented by the vendor). Little to nothing is typically know about the security aspects of such systems and hence we want to analyze them for potential vulnerabilities and obtain insights into their operations. In the first part of the project, we designed an intermediate language to abstract away from the concrete assembly level and this enables an analysis of many different platforms within a unified analysis framework. For example, we used the techniques developed within BASTION to analyze the firmware image used in engine control units (ECUs) within cars to study how the Volkswagen defeat devices ("Dieselgate") works and also used the same underlying methods to study the microcode within Intel x86 CPUs. Our analysis techniques are based on the whole body of work on program analysis techniques developed in the past three decades: we transferred and extended control- and data-flow analysis techniques and also symbolic execution to our intermediate language and the resulting analysis techniques enable a fine grained and fast analysis of a given binary executable. During this project, we developed several advanced binary analysis techniques that help us to either uncover security vulnerabilities in a given system or helped us to implement generic defense techniques that can protect (embedded) systems against different kinds of attacks.
In the first phase of the project, we focussed on the design and implementation of an intermediate language (IL) that fits our needs. It turned out that the IL needs to be slightly customized for each analysis target within the lifting process such that the required precision and flexibility can be maintained. Precision is needed such that our subsequent analysis avoids both false positives or false negatives, while flexibility is needed to support different kinds of instruction set architectures (ISAs). We focussed on a wide variety of ISAs such as Intel x86, ARM, MIPS and Infineon Tricore to demonstrate the flexibility of the proposed approach. For each platform, we analyzed different types of binary executables and firmware images. For example, we analyzed complex applications such as web browsers on Intel x86 CPUs, firmware images of programmable logic controllers (PLC, an industrial computer used in factories to control the manufacturing processes), and ECU images of diesel engines powered by a Tricore processor. The main result of this research are lifting methods that enables a lifting of a given binary executable to a representation suitable for subsequent analysis.
We used the lifting framework to analyze the lifted binary code and focussed on different types of control- and data-flow analysis techniques, symbolic execution, type recovery, taint analysis and related methods to enrich the IL with meta-information that are necessary to perform a precise analysis. In the first part of BASTION, we started to develop and implement the necessary analysis techniques and refined the methods based on different use cases (as outlined above). More specifically, we developed different analysis methods that enable us to either detect potential vulnerabilities in a given binary executable or to retrofit security mechanisms to binary code. As a result of this project, we published more than 20 scientific papers to document the results - ten of these papers were published at the top academic venues in computer security. We focussed on uncovering of undocumented functionality (e.g. defeat device used by Volkswagen and other car manufacturers), detection and prevention of memory corruption vulnerabilities in many different binary contexts (ranging from desktop computer to PLCs) and control-flow integrity (CFI, a general approach to mitigate runtime attacks). Furthermore, we worked on other analysis techniques such as the detection of logical vulnerabilities or automated complexity reduction methods that enable us to tame the complexity of modern systems. The source code and data sets used for the evaluation of the research prototypes is published at https://github.com/RUB-SysSec
We used the lifting framework to analyze the lifted binary code and focussed on different types of control- and data-flow analysis techniques, symbolic execution, type recovery, taint analysis and related methods to enrich the IL with meta-information that are necessary to perform a precise analysis. In the first part of BASTION, we started to develop and implement the necessary analysis techniques and refined the methods based on different use cases (as outlined above). More specifically, we developed different analysis methods that enable us to either detect potential vulnerabilities in a given binary executable or to retrofit security mechanisms to binary code. As a result of this project, we published more than 20 scientific papers to document the results - ten of these papers were published at the top academic venues in computer security. We focussed on uncovering of undocumented functionality (e.g. defeat device used by Volkswagen and other car manufacturers), detection and prevention of memory corruption vulnerabilities in many different binary contexts (ranging from desktop computer to PLCs) and control-flow integrity (CFI, a general approach to mitigate runtime attacks). Furthermore, we worked on other analysis techniques such as the detection of logical vulnerabilities or automated complexity reduction methods that enable us to tame the complexity of modern systems. The source code and data sets used for the evaluation of the research prototypes is published at https://github.com/RUB-SysSec
BASTION has significantly improved our understanding of binary analysis techniques and we have published more than 20 scientific papers at the leading academic venues in computer security. We were the first to propose advanced runtime protection systems and uncovered several novel vulnerabilities to demonstrate potential attacks. With our focus on efficient software testing methods, we were able to uncover many types of novel vulnerabilities. Furthermore, we developed several methods to protect a given binary executable against even advanced attacks, without sacrificing performance. We expect to continue this line of work and plan to advance binary analysis technique to lay foundations for securing legacy systems even against advanced attacks. A comic that highlight the approach and explains it to a wider audience is available at https://www.erccomics.com/comics/the-exploit it was produced within the ERCcOMICS project.