Inception: System-Wide Security Testing of Real- World Embedded Systems Software Nassim Corteggiani (Maxim Integrated / EURECOM) Giovanni Camurati

Size: px

Start display at page:

Download "Inception: System-Wide Security Testing of Real- World Embedded Systems Software Nassim Corteggiani (Maxim Integrated / EURECOM) Giovanni Camurati"

Maude Turner
5 years ago
Views:

1 Inception: System-Wide Security Testing of Real- World Embedded Systems Software Nassim Corteggiani (Maxim Integrated / EURECOM) Giovanni Camurati (EURECOM) Aurélien Francillon (EURECOM) 08/15/18

2 Embedded Systems Are Everywhere [1] og/posts/arm-cortex-m3-processor-the-coreof-the-iot 2 Maxim Integrated EURECOM

3 Embedded Systems Are Everywhere [1] og/posts/arm-cortex-m3-processor-the-coreof-the-iot Low Power Micro-controllers 3 Maxim Integrated EURECOM

4 Embedded Systems Are Everywhere Over 32 billions of ARM Cortex M3 shipped in 2018 [1] [1] og/posts/arm-cortex-m3-processor-the-coreof-the-iot 4 Maxim Integrated EURECOM Low Power Micro-controllers Cover a wide range of fields

5 Why the Security of Such Systems Matters? 5 Maxim Integrated EURECOM

6 Why the Security of Such Systems Matters? Highly connected -> large scale attacks 6 Maxim Integrated EURECOM

7 Why the Security of Such Systems Matters? Highly connected -> large scale attacks Difficulty to patch the code > Mask ROM mask applied on the chip during the fabrication > Off-line devices 7 Maxim Integrated EURECOM

8 Why the Security of Such Systems Matters? Highly connected -> large scale attacks Difficulty to patch the code > Mask ROM mask applied on the chip during the fabrication > Off-line devices Store sensitive data > Bitcoin wallet > Payment terminal 8 Maxim Integrated EURECOM

9 Why the Security of Such Systems Matters? Highly connected -> large scale attacks Difficulty to patch the code > Mask ROM mask applied on the chip during the fabrication > Off-line devices Store sensitive data > Bitcoin wallet > Payment terminal Drive sensitive hardware system > Physical damage > Production line outage > Signaling systems (red light) 9 Maxim Integrated EURECOM

10 Exemple of Recent Security Issues Recent attacks 10 Maxim Integrated EURECOM

11 Exemple of Recent Security Issues Recent attacks Nintendo Switch Tegra X1 bootrom exploit 2018 > buffer overflow in the USB stack embedded in the mask ROM > Cannot be patched > Give access to the entire software stack 11 Maxim Integrated EURECOM

12 How Can We Test Such Firmware Programs? Symbolic Execution > High path coverage > Return test case for bugs 12 Maxim Integrated EURECOM

13 Symbolic Execution Example i = symb_i Int buffer[2] i = <input> int buffer[2] = {0, 1}; 13 Maxim Integrated EURECOM

14 Symbolic Execution Example i = symb_i Int buffer[2] i = <input> TRUE buffer[i] FALSE int buffer[2] = {0, 1}; if( buffer[i] == 0 ) { 0 i < 2 (0 i < 2) Out of bounds access 14 Maxim Integrated EURECOM

15 Symbolic Execution Example i = symb_i Int buffer[2] i = <input> TRUE buffer[i] FALSE int buffer[2] = {0, 1}; if( buffer[i] == 0 ) { buffer[i] = 0xDEADBEEF; } TRUE 0 i < 2 buffer[i] == 0 FALSE (0 i < 2) i = 0 buffer[i] == 0xDEADBEAF (i = 0) Out of bounds access 15 Maxim Integrated EURECOM

16 Building A Symbolic Executor For Firmware Programs Klee as a basis Inception is based on Klee a symbolic virtual machine: 16 Maxim Integrated EURECOM

17 Building A Symbolic Executor For Firmware Programs Klee as a basis Inception is based on Klee a symbolic virtual machine: > Widely deployed, efficient and based on the LLVM framework. 17 Maxim Integrated EURECOM

18 Building A Symbolic Executor For Firmware Programs Klee as a basis Inception is based on Klee a symbolic virtual machine: > Widely deployed, efficient and based on the LLVM framework. > Find memory safety violations 18 Maxim Integrated EURECOM

19 Building A Symbolic Executor For Firmware Programs Klee as a basis Inception is based on Klee a symbolic virtual machine: > Widely deployed, efficient and based on the LLVM framework. > Find memory safety violations > High code coverage 19 Maxim Integrated EURECOM

20 Building A Symbolic Executor For Firmware Programs Klee as a basis Inception is based on Klee a symbolic virtual machine: > Widely deployed, efficient and based on the LLVM framework. > Find memory safety violations > High code coverage C/C++ source code 20 Maxim Integrated EURECOM

21 Building A Symbolic Executor For Firmware Programs Klee as a basis Inception is based on Klee a symbolic virtual machine: > Widely deployed, efficient and based on the LLVM framework. > Find memory safety violations > High code coverage C/C++ source code Clang 21 Maxim Integrated EURECOM

22 Building A Symbolic Executor For Firmware Programs Klee as a basis Inception is based on Klee a symbolic virtual machine: > Widely deployed, efficient and based on the LLVM framework. > Find memory safety violations > High code coverage C/C++ source code Clang LLVM bit-code 22 Maxim Integrated EURECOM

23 Building A Symbolic Executor For Firmware Programs Klee as a basis Inception is based on Klee a symbolic virtual machine: > Widely deployed, efficient and based on the LLVM framework. > Find memory safety violations > High code coverage C/C++ source code Clang LLVM bit-code Klee 23 Maxim Integrated EURECOM

24 Why testing source code instead of binary code? Source VS Binary 24 Maxim Integrated EURECOM

25 Why testing source code instead of binary code? Source VS Binary char b1[2]; char b2[2]; char getelement(int index) { return b1[index]; } b1:.space 2 b2:.space 2 getelement(int): ldr r2,.l3 add r3, r2, r0 ldrb r0, [r3] bx lr.l3:.word b1 25 Maxim Integrated EURECOM

26 Why testing source code instead of binary code? Source VS Binary char b1[2]; char b2[2]; char getelement(int index) { return b1[index]; } b1:.space 2 b2:.space 2 getelement(int): ldr r2,.l3 add r3, r2, r0 ldrb r0, [r3] bx lr.l3:.word b1 26 Maxim Integrated EURECOM

27 Why testing source code instead of binary code? Source ( Klee/Clang ) VS Binary (SE2, angr, BAP) char b1[2]; char b2[2]; char getelement(int index) { return b1[index]; } define %index){ entry: %0 = load i32* %index.addr %1 = getelementptr inbounds [2 x i32 0, i32 %0 %2 = load i8* %1 ret i8 %2 } 27 Maxim Integrated EURECOM b1:.space 2 b2:.space 2 getelement(int): ldr r2,.l3 add r3, r2, r0 ldrb r0, [r3] bx lr.l3:.word b1 define index) { entry: store i32 %index, store i , %R2_1 = load %R0_1 = load %R2_2 = add i32 %R2_1, %R0_1 %R3_0 = inttoptr i32 %R2_2 to i32* %R3_1 = bitcast i32* %R3_0 to i8* %R3_2 = load i8* %R3_1

28 Why testing source code instead of binary code? Source ( Klee/Clang ) VS Binary (SE2, angr, BAP) char b1[2]; char b2[2]; char getelement(int index) { return b1[index]; } define %index){ entry: %0 = load i32* %index.addr %1 = getelementptr inbounds [2 x i32 0, i32 %0 %2 = load i8* %1 ret i8 %2 } 28 Maxim Integrated EURECOM b1:.space 2 b2:.space 2 getelement(int): ldr r2,.l3 add r3, r2, r0 ldrb r0, [r3] bx lr.l3:.word b1 define index) { entry: store i32 %index, store i , %R2_1 = load %R0_1 = load %R2_2 = add i32 %R2_1, %R0_1 %R3_0 = inttoptr i32 %R2_2 to i32* %R3_1 = bitcast i32* %R3_0 to i8* %R3_2 = load i8* %R3_1

29 Source vs Binary When source available testing binary is possible however: > Types are lost > Corruption will be detected later if at all > Worse on embedded systems See: Muench et. al. What you corrupt is not what you crash, NDSS 2018 Goal of Inception: improve testing for firmware during development > Limit requirements on code 29 Maxim Integrated EURECOM

30 Major Challenges For Symbolic Execution of Firmware Programs Is C/C++ Support Enough To Test Real World Firmware? STM32(demos) FreeRTOS(STM32) Mbed OS ChibiOS Functions2 Number of functions including assembly instructions in real world embedded software 30 Maxim Integrated EURECOM

31 Major Challenges For Symbolic Execution of Firmware Programs Is C/C++ Support Enough To Test Real World Firmware? Assembly code : > Multithreading > Optimizations > Side channel counter-measures > Hardware features e.g. ultra low power mode 1 STM32(demos) FreeRTOS(STM32) Mbed OS ChibiOS Functions2 Number of functions including assembly instructions in real world embedded software 31 Maxim Integrated EURECOM

32 Major Challenges For Symbolic Execution of Firmware Programs Is C/C++ Support Enough To Test Real World Firmware? Challenge 1 : STM32(demos) FreeRTOS(STM32) Mbed OS ChibiOS Assembly code : > Multithreading > Optimizations > Side channel counter-measures > Hardware features e.g. ultra low power mode Firmware source code contains a mix of C/C++, assembly and binary Functions with inline asm Functions2 Presence of assembly instructions in real world embedded software 32 Maxim Integrated EURECOM

33 Major Challenges For Symbolic Execution of Firmware Programs Hardware environment 33 Maxim Integrated EURECOM

34 Major Challenges For Symbolic Execution of Firmware Programs Hardware environment Hardware interactions > Memory Mapped I/O 34 Maxim Integrated EURECOM

35 Major Challenges For Symbolic Execution of Firmware Programs Hardware environment Hardware interactions > Memory Mapped I/O Memory Peripherals #define UART_STATUS 0x #define UART_DATA 0x char* RX_BUFFER = 0x ; while(!*uart_status) { char* data = (char*)uart_data; strncpy(rx_buffer++, data, 4); } 35 Maxim Integrated EURECOM Internal/external memory Internal/external peripherals

36 Major Challenges For Symbolic Execution of Firmware Programs Hardware environment Hardware interactions > Memory Mapped I/O Memory Peripherals > Interrupt driven programs Interrupt Controller #define UART_STATUS 0x #define UART_DATA 0x char* RX_BUFFER = 0x ; while(!*uart_status) { char* data = (char*)uart_data; strncpy(rx_buffer++, data, 4); } 36 Maxim Integrated EURECOM void interrupt_handler() { } Internal/external memory Internal/external peripherals

37 Major Challenges For Symbolic Execution of Firmware Programs Hardware environment Hardware interactions > Memory Mapped I/O Memory Peripherals > Interrupt driven programs #define UART_STATUS 0x #define UART_DATA 0x char* RX_BUFFER = 0x ; while(!*uart_status) { char* data = (char*)uart_data; strncpy(rx_buffer++, data, 4); } Challenge 2 : Interrupt Controller Firmware programs highly interact with their hardware environment 37 Maxim Integrated EURECOM void interrupt_handler() { } Internal/external memory Internal/external peripherals

38 Building A Symbolic Executor For Firmware Programs 38 Maxim Integrated EURECOM

39 Building A Symbolic Executor For Firmware Programs Firmware (C/C++, asm, binary) Clang LLVM bit-code 39 Maxim Integrated EURECOM

40 Building A Symbolic Executor For Firmware Programs Firmware (C/C++, asm, binary) Clang LLVM bit-code ARM Backend ELF 40 Maxim Integrated EURECOM

41 Building A Symbolic Executor For Firmware Programs Firmware (C/C++, asm, binary) Clang LLVM bit-code ARM Backend ELF Inception translator: > Lift assembly directives and binary code in LLVM bit-code > Merge lifted bit-code with other High-IR : obtained from C/C++ Glue-IR : glue code Low-IR : lifted assembly/binary Inception Translator LLVM bit-code Mixed IR 41 Maxim Integrated EURECOM

42 Building A Symbolic Executor For Firmware Programs Firmware (C/C++, asm, binary) Clang LLVM bit-code ARM Backend ELF Inception translator: > Lift assembly directives and binary code in LLVM bit-code > Merge lifted bit-code with other High-IR : obtained from C/C++ Glue-IR : glue code Low-IR : lifted assembly/binary > Support Cortex M3 ISA Inception Translator LLVM bit-code Mixed IR Modified Klee 42 Maxim Integrated EURECOM

43 Challenge 1 : Supporting C/C++/Asm/Binary code Inception-translator 52 Maxim Integrated EURECOM

44 Inception Translator : Merging High-IR and Low-IR int a = 4; boo(a); <boo>: C: 80 B4 push {r7} E: 83 B0 sub sp, #0xc 53 Maxim Integrated EURECOM

45 Inception Translator : Merging High-IR and Low-IR int a = 4; boo(a); <boo>: C: 80 B4 push {r7} E: 83 B0 sub sp, #0xc %a = alloca i32 store i32 4, i32* %a %0 = load i32* %a %call = call %0) ret void } High IR 54 Maxim Integrated EURECOM

46 Inception Translator : Merging High-IR and Low-IR int a = 4; boo(a); <boo>: C: 80 B4 push {r7} E: 83 B0 sub sp, #0xc %a = alloca i32 store i32 4, i32* %a %0 = load i32* %a %call = call %0) ret void } High IR "boo+0": ; preds = %entry %R7_1 = load %SP1 = load %SP2 = sub i32 %SP1, 4 %SP3 = inttoptr i32 %SP2 to i32* store i32 %R7_1, i32* %SP3 store i32 %SP2, %SP4 = load %SP5 = add i32 %SP4, -13 %SP6 = add i32 %SP5, 1 Low IR 55 Maxim Integrated EURECOM

47 Inception Translator : Merging High-IR and Low-IR int a = 4; boo(a); <boo>: C: 80 B4 push {r7} E: 83 B0 sub sp, #0xc %a = alloca i32 store i32 4, i32* %a %0 = load i32* %a %call = call %0) ret void } High IR define %a){ entry: store i32 %a, br label %"boo+0" Glue IR "boo+0": ; preds = %entry %R7_1 = load %SP1 = load %SP2 = sub i32 %SP1, 4 %SP3 = inttoptr i32 %SP2 to i32* store i32 %R7_1, i32* %SP3 store i32 %SP2, %SP4 = load %SP5 = add i32 %SP4, -13 %SP6 = add i32 %SP5, 1 Low IR 56 Maxim Integrated EURECOM

48 Unified Memory Layout 57 Maxim Integrated EURECOM

49 Unified Memory Layout High IR Glue IR : lower the level of semantic Low IR Glue IR : higher the level of semantic High IR 58 Maxim Integrated EURECOM Execution path

50 Unified Memory Layout Allocate Low IR memory : stack, virtual CPU registers, heap High IR Glue IR : lower the level of semantic Low IR Glue IR : higher the level of semantic High IR 59 Maxim Integrated EURECOM Execution path

51 Unified Memory Layout Allocate Low IR memory : stack, virtual CPU registers, heap Fill gaps in global data sections When no C/C++ symbols point to this area High IR Glue IR : lower the level of semantic Low IR Glue IR : higher the level of semantic High IR 60 Maxim Integrated EURECOM Execution path

52 Unified Memory Layout Allocate Low IR memory : stack, virtual CPU registers, heap Fill gaps in global data sections When no C/C++ symbols point to this area Allocate High-IR objects at location defined in the ELF symbols table High IR Glue IR : lower the level of semantic Low IR Glue IR : higher the level of semantic High IR 61 Maxim Integrated EURECOM Execution path

53 Low IR Hardware Mechanisms Emulation Challenge we solved: > Indirect calls (Indirect Call Promotion) > Seamless hardware mechanisms (Context switching) > Supervisor call > Update specific registers values (LR, MSP, PSP, BASEPRI, ITSTATE, ) Emulation High IR Glue IR : lower the level of semantic Low IR Glue IR : higher the level of semantic High IR 62 Maxim Integrated EURECOM Execution path

54 Challenge 2 : Hardware interactions Inception-analyzer 63 Maxim Integrated EURECOM

55 The Inception System Overview Mixed Bytecode Klee-based Symbolic Virtual Machine config.json ELF 64 Maxim Integrated EURECOM

56 The Inception System Overview Mixed Bytecode Klee-based Symbolic Virtual Machine Globals Memory Mapped stack Data are allocated according to the information present in the symbol table User configuration (config.json): - Local memory - Redirected memory - Symbolic memory config.json heap ELF 65 Maxim Integrated EURECOM

57 The Inception System Overview: Inception debugger Mixed Bytecode Klee-based Symbolic Virtual Machine Globals Memory Mapped stack USB 3.0 link Custom Inception Debugger config.json heap Jtag ELF Real Device 66 Maxim Integrated EURECOM

58 The Inception System Overview: Inception debugger Globals Inspired by Surrogates and Avatar Memory Mapped USB 3.0 link Custom Inception Debugger Zaddach et. al. AVATAR: A Framework to Support Dynamic Security Analysis of Embedded Systems' Firmwares, NDSS 2014 Koscher et. al. SURROGATES: Enabling Near-Real-Time Dynamic Analyses of Embedded Systems, WOOT 2015 stack heap Jtag Real Device 67 Maxim Integrated EURECOM

59 The Inception System Overview: Inception debugger Mixed Bytecode Klee-based Symbolic Virtual Machine Globals Memory Mapped stack USB 3.0 link Custom Inception Debugger config.json Interrupt Controller heap Jtag ELF Real Device 68 Maxim Integrated EURECOM

60 Evaluation 69 Maxim Integrated EURECOM

61 Performance Average IO per second Reads Writes Buffered Reads Inception Surrogates Average time to complete read or write requests for SURROGATES and Inception. Average runtime [ms] ,1 Wget Ping UART Inception Native Performance comparison between native execution and Inception. * Current bottleneck is bit-code execution 70 Maxim Integrated EURECOM

62 Bug Detection Average number of detected vuln % of detected bugs 100% 80% 60% 40% 1 20% % Division by Zero Null Pointer Dereference Use After Free Free Memory Not on Heap Heap-Based Buffer Overflow Integer Overflow Detected Undetected Evolution of corruption detection vs. number of assembly functions in the EXPACT XML parser (4 vulnerabilities [1], symbolic inputs, and a timeout of 90s). Detected Undetected Corruption detection of real-world security flaws based on FreeRTOS and the Juliet 1.3 test suites. [1] MUENCH et. al. What you corrupt is not what you crash: Challenges in fuzzing embedded devices. In NDSS Maxim Integrated EURECOM

63 Verification Intensive verification of the lifter and the modified Klee > 53K tests comparison between Inception and native > 1562 tests based on NIST Juliet 1.3 tests suite > 40 tests based on the Klockwork tests suite > Several demos for the STM32 L152RE and the LPC1850 DB1 boards > 1 Mbed TLS test suite > Several embedded operating systems (FreeRTOS, mini-arm-os) 72 Maxim Integrated EURECOM

64 Conlusion Extends analysis to mixed languages: assembly, C/C++, binary Fit well in chip life-cycle : > test without hardware > FPGA-based design > silicium Already used on proprietary real world Mask ROM code at Maxim > Bugs found before mask manufacturing Inception is open-sourced: > Getting started at > Github and docker 73 Maxim Integrated EURECOM

65 Questions? Free icons license : 74 Maxim Integrated EURECOM

Inception: System-Wide Security Testing of Real-World Embedded Systems Software

Inception: System-Wide Security Testing of Real-World Embedded Systems Software Nassim Corteggiani, EURECOM, Maxim Integrated; Giovanni Camurati and Aurélien Francillon, EURECOM https://www.usenix.org/conference/usenixsecurity18/presentation/corteggiani