Visible to the public Biblio

Filters: Keyword is emulation  [Clear All Filters]
2023-08-18
Gawehn, Philip, Ergenc, Doganalp, Fischer, Mathias.  2022.  Deep Learning-based Multi-PLC Anomaly Detection in Industrial Control Systems. GLOBECOM 2022 - 2022 IEEE Global Communications Conference. :4878—4884.
Industrial control systems (ICSs) have become more complex due to their increasing connectivity, heterogeneity and, autonomy. As a result, cyber-threats against such systems have been significantly increased as well. Since a compromised industrial system can easily lead to hazardous safety and security consequences, it is crucial to develop security countermeasures to protect coexisting IT systems and industrial physical processes being involved in modern ICSs. Accordingly, in this study, we propose a deep learning-based semantic anomaly detection framework to model the complex behavior of ICSs. In contrast to the related work assuming only simpler security threats targeting individual controllers in an ICS, we address multi-PLC attacks that are harder to detect as requiring to observe the overall system state alongside single-PLC attacks. Using industrial simulation and emulation frameworks, we create a realistic setup representing both the production and networking aspects of industrial systems and conduct some potential attacks. Our experimental results indicate that our model can detect single-PLC attacks with 95% accuracy and multi-PLC attacks with 80% accuracy and nearly 1% false positive rate.
2023-07-31
Konno, Toshihiro, Mikami, Kazumasa, Sugiyama, Junichi, Koganei, Yohei.  2022.  Performance Evaluation of Multilevel Coded FEC with Register-Transfer-Level Emulation. 2022 27th OptoElectronics and Communications Conference (OECC) and 2022 International Conference on Photonics in Switching and Computing (PSC). :1—3.
We demonstrated hardware emulations to evaluate the error-correction performance for a FEC scheme with multilevel coding. It has enabled the measurement of BER to reach the order of 10−14 for the decoded signal.
2023-05-19
Hussaini, Adamu, Qian, Cheng, Liao, Weixian, Yu, Wei.  2022.  A Taxonomy of Security and Defense Mechanisms in Digital Twins-based Cyber-Physical Systems. 2022 IEEE International Conferences on Internet of Things (iThings) and IEEE Green Computing & Communications (GreenCom) and IEEE Cyber, Physical & Social Computing (CPSCom) and IEEE Smart Data (SmartData) and IEEE Congress on Cybermatics (Cybermatics). :597—604.
The (IoT) paradigm’s fundamental goal is to massively connect the “smart things” through standardized interfaces, providing a variety of smart services. Cyber-Physical Systems (CPS) include both physical and cyber components and can apply to various application domains (smart grid, smart transportation, smart manufacturing, etc.). The Digital Twin (DT) is a cyber clone of physical objects (things), which will be an essential component in CPS. This paper designs a systematic taxonomy to explore different attacks on DT-based CPS and how they affect the system from a four-layer architecture perspective. We present an attack space for DT-based CPS on four layers (i.e., object layer, communication layer, DT layer, and application layer), three attack objects (i.e., confidentiality, integrity, and availability), and attack types combined with strength and knowledge. Furthermore, some selected case studies are conducted to examine attacks on representative DT-based CPS (smart grid, smart transportation, and smart manufacturing). Finally, we propose a defense mechanism called Secured DT Development Life Cycle (SDTDLC) and point out the importance of leveraging other enabling techniques (intrusion detection, blockchain, modeling, simulation, and emulation) to secure DT-based CPS.
2023-04-28
Shakhov, Vladimir.  2022.  Sequential Statistical Analysis-Based Method for Attacks Detection in Cognitive Radio Networks. 2022 27th Asia Pacific Conference on Communications (APCC). :663–666.
This Cognitive radio networks are vulnerable to specific intrusions due to the unique cognitive characteristics of these networks. This DoS attacks are known as the Primary User Emulation Attack and the Spectrum Sensing Data Falsification. If the intruder behavior is not statistically identical to the behavior of the primary users, intrusion detection techniques based on observing the energy of the received signals can be used. Both machine learning-based intrusion detection and sequential statistical analysis can be effectively applied. However, in some cases, statistical sequential analysis has some advantages in dealing with such challenges. This paper discusses aspects of using statistical sequential analysis methods to detect attacks in Cognitive radio networks.
2023-01-13
Hammar, Kim, Stadler, Rolf.  2022.  A System for Interactive Examination of Learned Security Policies. NOMS 2022-2022 IEEE/IFIP Network Operations and Management Symposium. :1–3.
We present a system for interactive examination of learned security policies. It allows a user to traverse episodes of Markov decision processes in a controlled manner and to track the actions triggered by security policies. Similar to a software debugger, a user can continue or or halt an episode at any time step and inspect parameters and probability distributions of interest. The system enables insight into the structure of a given policy and in the behavior of a policy in edge cases. We demonstrate the system with a network intrusion use case. We examine the evolution of an IT infrastructure’s state and the actions prescribed by security policies while an attack occurs. The policies for the demonstration have been obtained through a reinforcement learning approach that includes a simulation system where policies are incrementally learned and an emulation system that produces statistics that drive the simulation runs.
2022-09-30
Shabalin, A. M., Kaliberda, E. A..  2021.  Development of a Set of Procedures for Providing Remote Access to a Corporate Computer Network by means of the SSH Protocol (Using the Example of the CISCO IOS Operating System). 2021 Dynamics of Systems, Mechanisms and Machines (Dynamics). :1–5.
The paper proposes ways to solve the problem of secure remote access to telecommunications’ equipment. The purpose of the study is to develop a set of procedures to ensure secure interaction while working remotely with Cisco equipment using the SSH protocol. This set of measures is a complete list of measures which ensures security of remote connection to a corporate computer network using modern methods of cryptography and network administration technologies. It has been tested on the GNS3 software emulator and Cisco telecommunications equipment and provides a high level of confidentiality and integrity of remote connection to a corporate computer network. In addition, the study detects vulnerabilities in the IOS operating system while running SSH service and suggests methods for their elimination.
2022-07-29
Wise, Michael, Al-Badri, Maher, Loeffler, Benjamin, Kasper, Jeremy.  2021.  A Novel Vertically Oscillating Hydrokinetic Energy Harvester. 2021 IEEE Conference on Technologies for Sustainability (SusTech). :1–8.
This paper presents the results of a multifaceted study of the behavior of a novel hydrokinetic energy harvester that utilizes vertical oscillations. Unlike traditional rotating turbines used in hydrokinetic energy, this particular device utilizes the fluid structure interactions of vortex-induced-vibration and gallop. Due to the unique characteristics of this vertical motion, a thorough examination of the proposed system was conducted via a three-pronged approach of simulation, emulation, and field testing. Using a permanent magnet synchronous generator as the electrical power generation source, an electrical power conversion system was simulated, emulated, and tested to achieve appropriate power smoothing for use in microgrid systems present in many Alaskan rural locations.
2022-07-12
Oikonomou, Nikos, Mengidis, Notis, Spanopoulos-Karalexidis, Minas, Voulgaridis, Antonis, Merialdo, Matteo, Raisr, Ivo, Hanson, Kaarel, de La Vallee, Paloma, Tsikrika, Theodora, Vrochidis, Stefanos et al..  2021.  ECHO Federated Cyber Range: Towards Next-Generation Scalable Cyber Ranges. 2021 IEEE International Conference on Cyber Security and Resilience (CSR). :403—408.
Cyber ranges are valuable assets but have limitations in simulating complex realities and multi-sector dependencies; to address this, federated cyber ranges are emerging. This work presents the ECHO Federated Cyber Range, a marketplace for cyber range services, that establishes a mechanism by which independent cyber range capabilities can be interconnected and accessed via a convenient portal. This allows for more complex and complete emulations, spanning potentially multiple sectors and complex exercises. Moreover, it supports a semi-automated approach for processing and deploying service requests to assist customers and providers interfacing with the marketplace. Its features and architecture are described in detail, along with the design, validation and deployment of a training scenario.
2022-05-06
Hörmann, Leander B., Pötsch, Albert, Kastl, Christian, Priller, Peter, Springer, Andreas.  2021.  Towards a Distributed Testbed for Wireless Embedded Devices for Industrial Applications. 2021 17th IEEE International Conference on Factory Communication Systems (WFCS). :135–138.
Wireless embedded devices are key elements of Internet-of-Things (IoT) and industrial IoT (IIoT) applications. The complexity of these devices as well as the number of connected devices to networks increase steadily. The high intricacy of the overall system makes it error-prone and vulnerable to attacks and leads to the need to test individual parts or even the whole system. Therefore, this paper presents the concept of a flexible and distributed testbed to evaluate correct behavior in various operation or attack scenarios. It is based on the Robot Operating System (ROS) as communication framework to ensure modularity and expandability. The testbed integrates RF-jamming and measurement devices to evaluate remote attack scenarios and interference issues. An energy harvesting emulation cell is used to evaluate different real-world energy harvesting scenarios. A climatic test chamber allows to investigate the influence of temperature and humidity conditions on the system-under-test. As a testbed application scenario, the automated evaluation of an energy harvesting wireless sensor network designed to instrument automotive engine test benches is presented.
2021-09-30
Mezzah, Ibrahim, Kermia, Omar, Chemali, Hamimi.  2020.  Extensive Fault Emulation on RFID Tags. 2020 15th Design Technology of Integrated Systems in Nanoscale Era (DTIS). :1–2.
Radio frequency identification (RFID) is widespread and still necessary in many important applications. However, and in various significant cases, the use of this technology faces multiple security issues that must be addressed. This is mainly related to the use of RFID tags (transponders) which are electronic components communicating wirelessly, and hence they are vulnerable to multiple attacks through several means. In this work, an extensive fault analysis is performed on a tag architecture in order to evaluate its hardness. Tens of millions of single-bit upset (SBU) and multiple-bit upset (MBU) faults are emulated randomly on this tag architecture using an FPGA-based emulation platform. The emulated faults are classified under five groups according to faults effect on the tag behaviour. The obtained results show the faults effect variation in function of the number of MBU affected bits. The interpretation of this variation allows evaluating the tag robustness. The proposed approach represents an efficient mean that permits to study tag architectures at the design level and evaluating their robustness and vulnerability to fault attacks.
2021-08-17
Tychalas, Dimitrios, Maniatakos, Michail.  2020.  IFFSET: In-Field Fuzzing of Industrial Control Systems using System Emulation. 2020 Design, Automation Test in Europe Conference Exhibition (DATE). :662—665.
Industrial Control Systems (ICS) have evolved in the last decade, shifting from proprietary software/hardware to contemporary embedded architectures paired with open-source operating systems. In contrast to the IT world, where continuous updates and patches are expected, decommissioning always-on ICS for security assessment can incur prohibitive costs to their owner. Thus, a solution for routinely assessing the cybersecurity posture of diverse ICS without affecting their operation is essential. Therefore, in this paper we introduce IFFSET, a platform that leverages full system emulation of Linux-based ICS firmware and utilizes fuzzing for security evaluation. Our platform extracts the file system and kernel information from a live ICS device, building an image which is emulated on a desktop system through QEMU. We employ fuzzing as a security assessment tool to analyze ICS specific libraries and find potential security threatening conditions. We test our platform with commercial PLCs, showcasing potential threats with no interruption to the control process.
2021-05-05
Konwar, Kishori M., Kumar, Saptaparni, Tseng, Lewis.  2020.  Semi-Fast Byzantine-tolerant Shared Register without Reliable Broadcast. 2020 IEEE 40th International Conference on Distributed Computing Systems (ICDCS). :743—753.
Shared register emulations on top of message-passing systems provide an illusion of a simpler shared memory system which can make the task of a system designer easier. Numerous shared register applications have a considerably high read-to-write ratio. Thus, having algorithms that make reads more efficient than writes is a fair trade-off.Typically, such algorithms for reads and writes are asymmetric and sacrifice the stringent consistency condition atomicity, as it is impossible to have fast reads for multi-writer atomicity. Safety is a consistency condition that has has gathered interest from both the systems and theory community as it is weaker than atomicity yet provides strong enough guarantees like "strong consistency" or read-my-write consistency. One requirement that is assumed by many researchers is that of the reliable broadcast (RB) primitive, which ensures the "all or none" property during a broadcast. One drawback is that such a primitive takes 1.5 rounds to complete and requires server-to-server communication.This paper implements an efficient multi-writer multi-reader safe register without using a reliable broadcast primitive. Moreover, we provide fast reads or one-shot reads – our read operations can be completed in one round of client-to-server communication. Of course, this comes with the price of requiring more servers when compared to prior solutions assuming reliable broadcast. However, we show that this increased number of servers is indeed necessary as we prove a tight bound on the number of servers required to implement Byzantine-fault tolerant safe registers in a system without reliable broadcast.We extend our results to data stored using erasure coding as well. We present an emulation of single-writer multi-reader safe register based on MDS codes. The usage of MDS codes reduces storage and communication costs. On the negative side, we also show that to use MDS codes and at the same time achieve one-shot reads, we need even more servers.
2021-01-28
Bhattacharya, A., Ramachandran, T., Banik, S., Dowling, C. P., Bopardikar, S. D..  2020.  Automated Adversary Emulation for Cyber-Physical Systems via Reinforcement Learning. 2020 IEEE International Conference on Intelligence and Security Informatics (ISI). :1—6.

Adversary emulation is an offensive exercise that provides a comprehensive assessment of a system’s resilience against cyber attacks. However, adversary emulation is typically a manual process, making it costly and hard to deploy in cyber-physical systems (CPS) with complex dynamics, vulnerabilities, and operational uncertainties. In this paper, we develop an automated, domain-aware approach to adversary emulation for CPS. We formulate a Markov Decision Process (MDP) model to determine an optimal attack sequence over a hybrid attack graph with cyber (discrete) and physical (continuous) components and related physical dynamics. We apply model-based and model-free reinforcement learning (RL) methods to solve the discrete-continuous MDP in a tractable fashion. As a baseline, we also develop a greedy attack algorithm and compare it with the RL procedures. We summarize our findings through a numerical study on sensor deception attacks in buildings to compare the performance and solution quality of the proposed algorithms.

2020-09-18
Sureka, N., Gunaseelan, K..  2019.  Detection Defense against Primary User Emulation Attack in Dynamic Cognitive Radio Networks. 2019 Fifth International Conference on Science Technology Engineering and Mathematics (ICONSTEM). 1:505—510.
Cognitive radio is a promising technology that intends on solving the spectrum scarcity problem by allocating free spectrum dynamically to the unlicensed Secondary Users (SUs) in order to establish coexistence between the licensed Primary User (PU) & SUs, without causing any interference to the incumbent transmission. Primary user emulation attack (PUEA) is one such major threat posed on spectrum sensing, which decreases the spectrum access probability. Detection and defense against PUEA is realized using Yardstick based Threshold Allocation technique (YTA), by assigning threshold level to the base station thereby efficiently enhancing the spectrum sensing ability in a dynamic CR network. The simulation is performed using NS2 and analysis by using X-graph. The results shows minimum interference to primary transmissions by letting SUs spontaneously predict the prospective spectrum availability and aiding in effective prevention of potential emulation attacks along with proficient improvement of throughput in a dynamic cognitive radio environment.
2020-03-09
Kourai, Kenichi, Shiota, Yuji.  2019.  Consistent Offline Update of Suspended Virtual Machines in Clouds. 2019 IEEE Intl Conf on Dependable, Autonomic and Secure Computing, Intl Conf on Pervasive Intelligence and Computing, Intl Conf on Cloud and Big Data Computing, Intl Conf on Cyber Science and Technology Congress (DASC/PiCom/CBDCom/CyberSciTech). :58–65.

In Infrastructure-as-a-Service clouds, there exist many virtual machines (VMs) that are not used for a long time. For such VMs, many vulnerabilities are often found in installed software while VMs are suspended. If security updates are applied to such VMs after the VMs are resumed, the VMs easily suffer from attacks via the Internet. To solve this problem, offline update of VMs has been proposed, but some approaches have to permit cloud administrators to resume users' VMs. The others are applicable only to completely stopped VMs and often corrupt virtual disks if they are applied to suspended VMs. In addition, it is sometimes difficult to accurately emulate security updates offline. In this paper, we propose OUassister, which enables consistent offline update of suspended VMs. OUassister emulates security updates of VMs offline in a non-intrusive manner and applies the emulation results to the VMs online. This separation prevents virtual disks of even suspended VMs from being corrupted. For more accurate emulation of security updates, OUassister provides an emulation environment using a technique called VM introspection. Using this environment, it automatically extracts updated files and executed scripts. We have implemented OUassister in Xen and confirmed that the time for critical online update was largely reduced.

2019-12-05
Avila, J, Prem, S, Sneha, R, Thenmozhi, K.  2018.  Mitigating Physical Layer Attack in Cognitive Radio - A New Approach. 2018 International Conference on Computer Communication and Informatics (ICCCI). :1-4.

With the improvement in technology and with the increase in the use of wireless devices there is deficiency of radio spectrum. Cognitive radio is considered as the solution for this problem. Cognitive radio is capable to detect which communication channels are in use and which are free, and immediately move into free channels while avoiding the used ones. This increases the usage of radio frequency spectrum. Any wireless system is prone to attack. Likewise, the main two attacks in the physical layer of cognitive radio are Primary User Emulation Attack (PUEA) and replay attack. This paper focusses on mitigating these two attacks with the aid of authentication tag and distance calculation. Mitigation of these attacks results in error free transmission which in turn fallouts in efficient dynamic spectrum access.

Hussain, Muzzammil, Swami, Tulsi.  2018.  Primary User Authentication in Cognitive Radio Network Using Pre-Generated Hash Digest. 2018 International Conference on Advances in Computing, Communications and Informatics (ICACCI). :903-908.

The primary objective of Cognitive Radio Networks (CRN) is to opportunistically utilize the available spectrum for efficient and seamless communication. Like all other radio networks, Cognitive Radio Network also suffers from a number of security attacks and Primary User Emulation Attack (PUEA) is vital among them. Primary user Emulation Attack not only degrades the performance of the Cognitive Radio Networks but also dissolve the objective of Cognitive Radio Network. Efficient and secure authentication of Primary Users (PU) is an only solution to mitigate Primary User Emulation Attack but most of the mechanisms designed for this are either complex or make changes to the spectrum. Here, we proposed a mechanism to authenticate Primary Users in Cognitive Radio Network which is neither complex nor make any changes to spectrum. The proposed mechanism is secure and also has improved the performance of the Cognitive Radio Network substantially.

Yadav, Kuldeep, Roy, Sanjay Dhar, Kundu, Sumit.  2018.  Total Error Reduction in Presence of Malicious User in a Cognitive Radio Network. 2018 2nd International Conference on Electronics, Materials Engineering Nano-Technology (IEMENTech). :1-4.

Primary user emulation (PUE) attack causes security issues in a cognitive radio network (CRN) while sensing the unused spectrum. In PUE attack, malicious users transmit an emulated primary signal in spectrum sensing interval to secondary users (SUs) to forestall them from accessing the primary user (PU) spectrum bands. In the present paper, the defense against such attack by Neyman-Pearson criterion is shown in terms of total error probability. Impact of several parameters such as attacker strength, attacker's presence probability, and signal-to-noise ratio on SU is shown. Result shows proposed method protect the harmful effects of PUE attack in spectrum sensing.

Bouabdellah, Mounia, Ghribi, Elias, Kaabouch, Naima.  2019.  RSS-Based Localization with Maximum Likelihood Estimation for PUE Attacker Detection in Cognitive Radio Networks. 2019 IEEE International Conference on Electro Information Technology (EIT). :1-6.

With the rapid proliferation of mobile users, the spectrum scarcity has become one of the issues that have to be addressed. Cognitive Radio technology addresses this problem by allowing an opportunistic use of the spectrum bands. In cognitive radio networks, unlicensed users can use licensed channels without causing harmful interference to licensed users. However, cognitive radio networks can be subject to different security threats which can cause severe performance degradation. One of the main attacks on these networks is the primary user emulation in which a malicious node emulates the characteristics of the primary user signals. In this paper, we propose a detection technique of this attack based on the RSS-based localization with the maximum likelihood estimation. The simulation results show that the proposed technique outperforms the RSS-based localization method in detecting the primary user emulation attacker.

2019-03-15
Crouch, A., Hunter, E., Levin, P. L..  2018.  Enabling Hardware Trojan Detection and Prevention through Emulation. 2018 IEEE International Symposium on Technologies for Homeland Security (HST). :1-5.

Hardware Trojans, implantable at a myriad of points within the supply chain, are difficult to detect and identify. By emulating systems on programmable hardware, the authors have created a tool from which to create and evaluate Trojan attack signatures and therefore enable better Trojan detection (for in-service systems) and prevention (for in-design systems).

2018-01-23
Babu, V., Kumar, R., Nguyen, H. H., Nicol, D. M., Palani, K., Reed, E..  2017.  Melody: Synthesized datasets for evaluating intrusion detection systems for the smart grid. 2017 Winter Simulation Conference (WSC). :1061–1072.

As smart grid systems become increasingly reliant on networks of control devices, attacks on their inherent security vulnerabilities could lead to catastrophic system failures. Network Intrusion Detection Systems(NIDS) detect such attacks by learning traffic patterns and finding anomalies in them. However, availability of data for robust training and evaluation of NIDS is rare due to associated operational and security risks of sharing such data. Consequently, we present Melody, a scalable framework for synthesizing such datasets. Melody models both, the cyber and physical components of the smart grid by integrating a simulated physical network with an emulated cyber network while using virtual time for high temporal fidelity. We present a systematic approach to generate traffic representing multi-stage attacks, where each stage is either emulated or recreated with a mechanism to replay arbitrary packet traces. We describe and evaluate the suitability of Melodys datasets for intrusion detection, by analyzing the extent to which temporal accuracy of pertinent features is maintained.

2017-12-20
Wampler, J. A., Hsieh, C., Toth, A..  2017.  Efficient distribution of fragmented sensor data for obfuscation. MILCOM 2017 - 2017 IEEE Military Communications Conference (MILCOM). :695–700.
The inherent nature of unattended sensors makes these devices most vulnerable to detection, exploitation, and denial in contested environments. Physical access is often cited as the easiest way to compromise any device or network. A new mechanism for mitigating these types of attacks developed under the Assistant Secretary of Defense for Research and Engineering, ASD(R&E) project, “Smoke Screen in Cyberspace”, was previously demonstrated in a live, over-the-air experiment. Smoke Screen encrypts, slices up, and disburses redundant fragments of files throughout the network. This paper describes enhancements to the disbursement of the file fragments routing improving the efficiency and time to completion of fragment distribution by defining the exact route, fragments should take to the destination. This is the first step in defining a custom protocol for the discovery of participating nodes and the efficient distribution of fragments in a mobile network. Future work will focus on the movement of fragments to avoid traffic analysis and avoid the collection of the entire fragment set that would enable an adversary to reconstruct the original piece of data.
2017-10-10
Graziano, Mariano, Balzarotti, Davide, Zidouemba, Alain.  2016.  ROPMEMU: A Framework for the Analysis of Complex Code-Reuse Attacks. Proceedings of the 11th ACM on Asia Conference on Computer and Communications Security. :47–58.

Code reuse attacks based on return oriented programming (ROP) are becoming more and more prevalent every year. They started as a way to circumvent operating systems protections against injected code, but they are now also used as a technique to keep the malicious code hidden from detection and analysis systems. This means that while in the past ROP chains were short and simple (and therefore did not require any dedicated tool for their analysis), we recently started to observe very complex algorithms – such as a complete rootkit – implemented entirely as a sequence of ROP gadgets. In this paper, we present a set of techniques to analyze complex code reuse attacks. First, we identify and discuss the main challenges that complicate the reverse engineer of code implemented using ROP. Second, we propose an emulation-based framework to dissect, reconstruct, and simplify ROP chains. Finally, we test our tool on the most complex example available to date: a ROP rootkit containing four separate chains, two of them dynamically generated at runtime.

2017-09-19
Costin, Andrei, Zarras, Apostolis, Francillon, Aurélien.  2016.  Automated Dynamic Firmware Analysis at Scale: A Case Study on Embedded Web Interfaces. Proceedings of the 11th ACM on Asia Conference on Computer and Communications Security. :437–448.

Embedded devices are becoming more widespread, interconnected, and web-enabled than ever. However, recent studies showed that embedded devices are far from being secure. Moreover, many embedded systems rely on web interfaces for user interaction or administration. Web security is still difficult and therefore the web interfaces of embedded systems represent a considerable attack surface. In this paper, we present the first fully automated framework that applies dynamic firmware analysis techniques to achieve, in a scalable manner, automated vulnerability discovery within embedded firmware images. We apply our framework to study the security of embedded web interfaces running in Commercial Off-The-Shelf (COTS) embedded devices, such as routers, DSL/cable modems, VoIP phones, IP/CCTV cameras. We introduce a methodology and implement a scalable framework for discovery of vulnerabilities in embedded web interfaces regardless of the devices' vendor, type, or architecture. To reach this goal, we perform full system emulation to achieve the execution of firmware images in a software-only environment, i.e., without involving any physical embedded devices. Then, we automatically analyze the web interfaces within the firmware using both static and dynamic analysis tools. We also present some interesting case-studies and discuss the main challenges associated with the dynamic analysis of firmware images and their web interfaces and network services. The observations we make in this paper shed light on an important aspect of embedded devices which was not previously studied at a large scale.