Paper „FrameD: Toward Automated Identication of Embedded Frameworks in Firmware Images” accepted at CyberICPS 2024!
Short summary:
In the era of the Internet of Things, firmware security analyses have become tremendously important to protect networks and guarantee safety-critical operations. Indeed, the firmware running on smart devices (which are increasingly adopted also in critical infrastructures) often contains security vulnerabilities, and delivering timely updates proved to be challenging, both from a technical perspective and due to a lack of support from device vendors. In particular, firmware images present difficulties that hinder automated analyses and patching, mostly because their code and data are opaquely intermixed and squashed together on top of embedded development frameworks. In this paper, we propose a new lightweight approach to automatically analyze firmware images and identify the embedded frameworks they are built upon. Our approach facilitates reverse engineering, reducing the scope for security analyses and assisting the vulnerability detection and patching process of embedded devices.
We implement our approach in FrameD, and we evaluate it on a dataset of 536 firmware images from different devices and vendors. Our system identifies embedded frameworks with an accuracy of 83%, and we perform a case study to combine FrameD with an existing patch injection framework, demonstrating to be a helpful and effective tool for security analysts and reverse engineers.