ENGLISH / MAGYAR
Kövess
minket

Security Analysis of Embedded Software at the Binary Level

2020-2021/II.
Dr. Buttyán Levente

Az alábbi témákat a TASZK Kft írta ki és vezeti. A témák közül csak egy fog elindulni a TASZK Kft választása alapján:

Instrumenting Smartphone Firmware Components for Security Analysis

Explore techniques for instrumenting ARM firmware binaries for code analysis purposes. Study various approaches from bare-metal instrumentation by code patching to using existing emulation and/or on-target frameworks (e.g. qemu, unicorn, frida), to utilizing ARM hardware debug extensions. Learn about various dynamic code analysis goals (e.g tracing, hooking, fuzzing, data flow analysis, etc) and their instrumentation requirements.

Stretch Goals: Furthering the research we envision the student creating a fully fledged case study of an either fully on-target or a hybrid emulated/on-target fuzzing framework utilizing instrumentation. We have several real-world targets (various firmware elements of modern smartphone SoCs) in mind for this.

 

Security Analysis of Custom Android Kernel Self-Defenses 

Learn the basics of working with Android kernel image customizations: image formats, OTA updates, extraction, (re)building, writing modules. Study Linux kernel memory management concepts and how they pertain to exploit mitigations. Study the history of Linux kernel privilege escalation techniques and the evolution of known kernel self-defenses to counter them.

Stretch Goals: Building on a firm understanding of the prior art, conduct original research into the current state of Android kernel vendor customizations. We envision two tracks that this research can take. The first is a study of "patch gaping" of Linux kernel security bugs with respect to the mainline Linux kernel vs vendor-customized kernels of high-end smartphones. The second is a study of the (largely undocumented) custom mitigations that the leading Android device manufacturers introduce into their kernels.

 

Static Vulnerability Analysis Using Code Property Graph-based Query Languages

Study existing frameworks (such as bjoern and hexrays decompiler) that automate the extraction of semantic information from compiled binaries and expose a code property graph that can be used with a query language for identifying vulnerable code patterns. 

Research how such frameworks could be extended or have alternatives developed for them on top of existing binary analysis solutions (such as disassembler/decompiler engines). Discover the advantages and limitations of this approach and what kinds of memory safety vulnerabilities can be efficiently queried with it.

Identify a target binary, study its attack surface, and define bug patterns of interest. Use/extend a framework to develop the desired bug pattern queries and carry out the manual analysis of the findings of the automated queries.


1
1