Security Testing of Software on Embedded Devices Using x86 Platform

  • Yesheng ZhiEmail author
  • Yuanyuan Zhang
  • Juanru Li
  • Dawu Gu
Conference paper
Part of the Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering book series (LNICST, volume 201)


Security testing of software on embedded devices is often impeded for lacking advanced program analysis tools. The main obstacle is that state-of-the-art tools do not support the instruction set of common architectures of embedded device (e.g., MIPS). It requires either developing new program analysis tool aiming to architecture or introducing many manual efforts to help security testing. However, re-implementing a program analysis tool needs considerable amount of time and is generally a repetitive task. To address this issue efficiently, our observation is that most programs on embedded devices are compiled from source code of high level languages, and it is feasible to compile the same source code to different platforms. Therefore, it is also expected to directly translate the compiled executable to support another platform. This paper presents a binary translation based security testing approach for software on embedded devices. Our approach first translates a MIPS executable to an x86 executable leveraging the LLVM-IR, then reuses existing x86 program analysis tools to help employ in-depth security testing. This approach is not only efficient for it reuses existing tools and utilizes the x86 platform with higher performance to conduct security analysis and testing, but also more flexible for it can test code fragment with different levels of granularity (e.g., a function or an entire program). Our evaluation on frequently used data transformation algorithms and utilities illustrates the accuracy and efficiency of the proposed approach.


Security testing Binary translation Embedded device Binary analysis 


  1. 1.
    The llvm compiler infrastructure.
  2. 2.
    MIPS32 Architecture For Programmers Volume II: The MIPS32 Instruction Set (2001)Google Scholar
  3. 3.
    Bansal, S., Aiken, A.: Binary translation using peephole superoptimizers. In: Proceedings of the 8th USENIX Conference on Operating Systems Design and Implementation, pp. 177–192. USENIX Association (2008)Google Scholar
  4. 4.
    Bellard, F.: Qemu, a fast and portable dynamic translator. In: USENIX Annual Technical Conference, FREENIX Track, pp. 41–46 (2005)Google Scholar
  5. 5.
    Chipounov, V., Kuznetsov, V., Candea, G.: The S2E platform: design, implementation, and applications. ACM Trans. Comput. Syst. (TOCS) 30(1), 2 (2012)CrossRefGoogle Scholar
  6. 6.
    Fu, Y., Lin, Z., Brumley, D.: Automatically deriving pointer reference expressions from binary code for memory dump analysis. In: Proceedings of the 2015 10th Joint Meeting on Foundations of Software Engineering, pp. 614–624. ACM (2015)Google Scholar
  7. 7.
    Hwang, Y.-S., Lin, T.-Y., Chang, R.-G.: Disirer: converting a retargetable compiler into a multiplatform binary translator. ACM Trans. Archit. Code Optim. (TACO) 7(4), 18 (2010)Google Scholar
  8. 8.
    Kammerstetter, M., Platzer, C., Kastner, W.: Prospect: peripheral proxying supported embedded code testing. In: Proceedings of the 9th ACM Symposium on Information, Computer and Communications Security, pp. 329–340. ACM (2014)Google Scholar
  9. 9.
    Parameswaran, S., Wolf, T.: Embedded systems security–an overview. Des. Autom. Embed. Syst. 12(3), 173–183 (2008)CrossRefGoogle Scholar
  10. 10.
    Serpanos, D.N., Voyiatzis, A.G.: Security challenges in embedded systems. ACM Trans. Embed. Comput. Syst. (TECS) 12(1s), 66 (2013)Google Scholar
  11. 11.
    Shen, B.-Y., Chen, J.-Y., Hsu, W.-C., Yang, W.: LLBT: an LLVM-based static binary translator. In: Proceedings of the 2012 International Conference on Compilers, Architectures and Synthesis for Embedded Systems, pp. 51–60. ACM (2012)Google Scholar
  12. 12.
    Wang, S., Wang, P., Wu, D.: Reassembleable disassembling. In: 24th USENIX Security Symposium (USENIX Security 15), pp. 627–642 (2015)Google Scholar
  13. 13.
    Zaddach, J., Bruno, L., Francillon, L., Balzarotti, L.: Avatar: a framework to support dynamic security analysis of embedded systems’ firmwares. In: NDSS (2014)Google Scholar

Copyright information

© ICST Institute for Computer Sciences, Social Informatics and Telecommunications Engineering 2017

Authors and Affiliations

  • Yesheng Zhi
    • 1
    Email author
  • Yuanyuan Zhang
    • 1
  • Juanru Li
    • 1
  • Dawu Gu
    • 1
  1. 1.Lab of Cryptology and Computer SecurityShanghai Jiao Tong UniversityShanghaiChina

Personalised recommendations