Service interruption on Monday 11 July from 12:30 to 13:00: all the sites of the CCSD (HAL, EpiSciences, SciencesConf, AureHAL) will be inaccessible (network hardware connection).
Abstract : Embedded devices are widely used today and are rapidly being incorporated in the Internet of Things that will permeate every aspect of society. However, embedded devices have vulnerabilities such as buffer overflows, command injections and backdoors that are often undocumented. Malicious entities who discover these vulnerabilities could exploit them to gain control of embedded devices and conduct a variety of criminal activities.Due to the large number of embedded devices, non-standard codebases and complex control flows, it is extremely difficult to discover vulnerabilities using manual techniques. Current automated vulnerability detection tools typically use static analysis, but the detection accuracy is not high. Some tools employ code execution; however, this approach is inefficient, detects limited types of vulnerabilities and is restricted to specific architectures. Other tools use symbolic execution, but the level of automation is not high and the types of vulnerabilities they uncover are limited. This chapter evaluates several advanced vulnerability detection techniques used by current tools, especially those involving automated program analysis. These techniques are leveraged in a new automated vulnerability detection methodology for embedded devices.
https://hal.inria.fr/hal-01988845 Contributor : Hal IfipConnect in order to contact the contributor Submitted on : Tuesday, January 22, 2019 - 9:44:46 AM Last modification on : Tuesday, May 26, 2020 - 11:40:04 PM Long-term archiving on: : Tuesday, April 23, 2019 - 1:27:53 PM
Danjun Liu, yong Tang, Baosheng Wang, Wei Xie, Bo yu. Automated Vulnerability Detection in Embedded Devices. 14th IFIP International Conference on Digital Forensics (DigitalForensics), Jan 2018, New Delhi, India. pp.313-329, ⟨10.1007/978-3-319-99277-8_17⟩. ⟨hal-01988845⟩