Automating Security Vulnerability Detection and Analysis in Embedded Systems Through Efficient Rehosting


Event details

Date 27.06.2022 16:0018:00  
Speaker Florian Hofhammer
Category Conferences - Seminars
EDIC candidacy exam
Exam president: Prof. James Larus
Thesis advisor: Prof. Mathias Payer
Co-examiner: Prof. Sanidhya Kashyap

Rehosting describes the realm of executing embedded
system firmwares on a general-purpose computer with the
goal of improving introspection into the firmware. While the
latter is sometimes possible on the real device thanks to hardware
debug interfaces, consumer devices often lack such interfaces
and do not allow researchers to analyze the internals of an
embedded system firmware during its execution.
Gaining those introspection capabilities through rehosting comes at a cost, however.
Firmwares typically have other expectations towards
Operating Systems (OSs) (if one is present at all) and hardware
peripherals than classic software targeting the end user, which
need to be accommodated by rehosting systems.
In this work, we present a Systematization of Knowledge (SoK)
providing a classification of embedded systems, formalizing the
rehosting process, and highlighting the difficulties of rehosting.
Afterwards, we introduce two rehosting-based dynamic analysis
systems, targeting different classes of firmware and interfaces
to the inspected firmwares.
We note that previous systems have shortcomings in scope and applicability of their implementation,
and shed more light on those during

Background papers
1. D. D. Chen, M. Egele, M. Woo, and D. Brumley, “Towards Automated Dynamic Analysis for Linux-based Embedded Firmware,” presented at the Network and Distributed System Security Symposium, San Diego, CA, 2016. doi: 10.14722/ndss.2016.23415.

2. A. A. Clements et al., “HALucinator: Firmware Re-hosting Through Abstraction Layer Emulation,” in 29th USENIX Security Symposium, USENIX Security 2020, August 12-14, 2020, 2020, pp. 1201–1218. [Online]. Available:

3. A. Fasano et al., “SoK: Enabling Security Analyses of Embedded Systems via Rehosting,” in Proceedings of the 2021 ACM Asia Conference on Computer and Communications Security, Virtual Event Hong Kong, May 2021, pp. 687–701. doi: 10.1145/3433210.3453093.


Practical information

  • General public
  • Free


EDIC candidacy exam