Visible to the public Biblio

Found 191 results

Filters: Keyword is Embedded systems  [Clear All Filters]
2023-07-13
Wu, Yuhao, Wang, Yujie, Zhai, Shixuan, Li, Zihan, Li, Ao, Wang, Jinwen, Zhang, Ning.  2022.  Work-in-Progress: Measuring Security Protection in Real-time Embedded Firmware. 2022 IEEE Real-Time Systems Symposium (RTSS). :495–498.
The proliferation of real-time cyber-physical systems (CPS) is making profound changes to our daily life. Many real-time CPSs are security and safety-critical because of their continuous interactions with the physical world. While the general perception is that the security protection mechanism deployment is often absent in real-time embedded systems, there is no existing empirical study that measures the adoption of these mechanisms in the ecosystem. To bridge this gap, we conduct a measurement study for real-time embedded firmware from both a security perspective and a real-time perspective. To begin with, we collected more than 16 terabytes of embedded firmware and sampled 1,000 of them for the study. Then, we analyzed the adoption of security protection mechanisms and their potential impacts on the timeliness of real-time embedded systems. Besides, we measured the scheduling algorithms supported by real-time embedded systems since they are also security-critical.
ISSN: 2576-3172
Eisele, Max.  2022.  Debugger-driven Embedded Fuzzing. 2022 IEEE Conference on Software Testing, Verification and Validation (ICST). :483–485.
Embedded Systems - the hidden computers in our lives - are deployed in the billionths and are already in the focus of attackers. They pose security risks when not tested and maintained thoroughly. In recent years, fuzzing has become a promising technique for automated security testing of programs, which can generate tons of test inputs for a program. Fuzzing is hardly applied to embedded systems, because of their high diversity and closed character. During my research I want tackle that gap in fuzzing embedded systems - short: “Embedded Fuzzing”. My goal is to obtain insights of the embedded system during execution, by using common debugging interfaces and hardware breakpoints to enable guided fuzzing in a generic and widely applicable way. Debugging interfaces and hardware breakpoints are available for most common microcontrollers, generating a potential industry impact. Preliminary results show that the approach covers basic blocks faster than blackbox fuzzing. Additionally, it is source code agnostic and leaves the embedded firmware unaltered.
ISSN: 2159-4848
Alqarni, Mansour, Azim, Akramul.  2022.  Mining Large Data to Create a Balanced Vulnerability Detection Dataset for Embedded Linux System. 2022 IEEE/ACM International Conference on Big Data Computing, Applications and Technologies (BDCAT). :83–91.
The security of embedded systems is particularly crucial given the prevalence of embedded devices in daily life, business, and national defense. Firmware for embedded systems poses a serious threat to the safety of society, business, and the nation because of its robust concealment, difficulty in detection, and extended maintenance cycle. This technology is now an essential part of the contemporary experience, be it in the smart office, smart restaurant, smart home, or even the smart traffic system. Despite the fact that these systems are often fairly effective, the rapid expansion of embedded systems in smart cities have led to inconsistencies and misalignments between secured and unsecured systems, necessitating the development of secure, hacker-proof embedded systems. To solve this issue, we created a sizable, original, and objective dataset that is based on the latest Linux vulnerabilities for identifying the embedded system vulnerabilities and we modified a cutting-edge machine learning model for the Linux Kernel. The paper provides an updated EVDD and analysis of an extensive dataset for embedded system based vulnerability detection and also an updated state of the art deep learning model for embedded system vulnerability detection. We kept our dataset available for all researchers for future experiments and implementation.
Veremey, Anastasiya, Kustov, Vladimir, Ravi, Renjith V.  2022.  Security Research and Design of Hierarchical Embedded Information Security System. 2022 Second International Conference on Computer Science, Engineering and Applications (ICCSEA). :1–6.
In this paper, the reader’s attention is directed to the problem of inefficiency of the add-on information security tools, that are installed in operating systems, including virtualization systems. The paper shows the disadvantages, that significantly affect the maintenance of an adequate level of security in the operating system. The results allowing to control all areas hierarchical of protection of the specialized operating system are presented.
Armoush, Ashraf.  2022.  Towards the Integration of Security and Safety Patterns in the Design of Safety-Critical Embedded Systems. 2022 4th International Conference on Applied Automation and Industrial Diagnostics (ICAAID). 1:1–6.
The design of safety-critical embedded systems is a complex process that involves the reuse of proven solutions to fulfill a set of requirements. While safety is considered as the major requirement to be satisfied in safety-critical embedded systems, the security attacks can affect the security as well as the safety of these systems. Therefore, ensuring the security of the safety-critical embedded systems is as important as ensuring the safety requirements. The concept of design patterns, which provides common solutions to widely recurring design problems, have been extensively engaged in the design of the hardware and software in many fields, including embedded systems. However, there is an inadequacy of experience with security patterns in the field of safety-critical embedded systems. To address this problem, this paper proposes an approach to integrate security patterns with safety patterns in the design of safety-critical embedded systems. Moreover, it presents a customized representation for security patterns to be more relevant to the common safety patterns in the context of safety-critical embedded systems.
Zhang, Zhun, Hao, Qiang, Xu, Dongdong, Wang, Jiqing, Ma, Jinhui, Zhang, Jinlei, Liu, Jiakang, Wang, Xiang.  2022.  Real-Time Instruction Execution Monitoring with Hardware-Assisted Security Monitoring Unit in RISC-V Embedded Systems. 2022 8th Annual International Conference on Network and Information Systems for Computers (ICNISC). :192–196.

Embedded systems involve an integration of a large number of intellectual property (IP) blocks to shorten chip's time to market, in which, many IPs are acquired from the untrusted third-party suppliers. However, existing IP trust verification techniques cannot provide an adequate security assurance that no hardware Trojan was implanted inside the untrusted IPs. Hardware Trojans in untrusted IPs may cause processor program execution failures by tampering instruction code and return address. Therefore, this paper presents a secure RISC-V embedded system by integrating a Security Monitoring Unit (SMU), in which, instruction integrity monitoring by the fine-grained program basic blocks and function return address monitoring by the shadow stack are implemented, respectively. The hardware-assisted SMU is tested and validated that while CPU executes a CoreMark program, the SMU does not incur significant performance overhead on providing instruction security monitoring. And the proposed RISC-V embedded system satisfies good balance between performance overhead and resource consumption.

Hao, Qiang, Xu, Dongdong, Zhang, Zhun, Wang, Jiqing, Le, Tong, Wang, Jiawei, Zhang, Jinlei, Liu, Jiakang, Ma, Jinhui, Wang, Xiang.  2022.  A Hardware-Assisted Security Monitoring Method for Jump Instruction and Jump Address in Embedded Systems. 2022 8th Annual International Conference on Network and Information Systems for Computers (ICNISC). :197–202.
With the development of embedded systems towards networking and intelligence, the security threats they face are becoming more difficult to prevent. Existing protection methods make it difficult to monitor jump instructions and their target addresses for tampering by attackers at the low hardware implementation overhead and performance overhead. In this paper, a hardware-assisted security monitoring module is designed to monitor the integrity of jump instructions and jump addresses when executing programs. The proposed method has been implemented on the Xilinx Kintex-7 FPGA platform. Experiments show that this method is able to effectively monitor tampering attacks on jump instructions as well as target addresses while the embedded system is executing programs.
Wu, Yan.  2022.  Information Security Management System for Archives Management Based on Embedded Artificial Intelligence. 2022 International Conference on Artificial Intelligence of Things and Crowdsensing (AIoTCs). :340–344.
Archival services are one of the main functions of an information security management system for archival management, and the conversion and updating of archival intelligence services is an important means to meet the increasing diversity and wisdom of the age of intelligence. The purpose of this paper is to study an information security management system for archival management based on embedded artificial intelligence. The implementation of an embedded control management system for intelligent filing cabinets is studied. Based on a configurable embedded system security model, the access control process and the functional modules of the system based on a secure call cache are analysed. Software for wireless RF communication was designed, and two remote control options were designed using CAN technology and wireless RF technology. Tests have shown that the system is easy to use, feature-rich and reliable, and can meet the needs of different users for regular control of file room management.
2023-07-11
Gritti, Fabio, Pagani, Fabio, Grishchenko, Ilya, Dresel, Lukas, Redini, Nilo, Kruegel, Christopher, Vigna, Giovanni.  2022.  HEAPSTER: Analyzing the Security of Dynamic Allocators for Monolithic Firmware Images. 2022 IEEE Symposium on Security and Privacy (SP). :1082—1099.
Dynamic memory allocators are critical components of modern systems, and developers strive to find a balance between their performance and their security. Unfortunately, vulnerable allocators are routinely abused as building blocks in complex exploitation chains. Most of the research regarding memory allocators focuses on popular and standardized heap libraries, generally used by high-end devices such as desktop systems and servers. However, dynamic memory allocators are also extensively used in embedded systems but they have not received much scrutiny from the security community.In embedded systems, a raw firmware image is often the only available piece of information, and finding heap vulnerabilities is a manual and tedious process. First of all, recognizing a memory allocator library among thousands of stripped firmware functions can quickly become a daunting task. Moreover, emulating firmware functions to test for heap vulnerabilities comes with its own set of challenges, related, but not limited, to the re-hosting problem.To fill this gap, in this paper we present HEAPSTER, a system that automatically identifies the heap library used by a monolithic firmware image, and tests its security with symbolic execution and bounded model checking. We evaluate HEAPSTER on a dataset of 20 synthetic monolithic firmware images — used as ground truth for our analyses — and also on a dataset of 799 monolithic firmware images collected in the wild and used in real-world devices. Across these datasets, our tool identified 11 different heap management library (HML) families containing a total of 48 different variations. The security testing performed by HEAPSTER found that all the identified variants are vulnerable to at least one critical heap vulnerability. The results presented in this paper show a clear pattern of poor security standards, and raise some concerns over the security of dynamic memory allocators employed by IoT devices.
2023-05-12
Zhu, Lu, Wei, Yehua, Jiang, Haoran, Long, Jing.  2022.  CAN FD Message Authentication Enhances Parallel in-vehicle Applications Security. 2022 2nd International Conference on Intelligent Technology and Embedded Systems (ICITES). :155–160.
Controller Area Network with Flexible Data-rate(CAN FD) has the advantages of high bandwidth and data field length to meet the higher communication requirements of parallel in-vehicle applications. If the CAN FD lacking the authentication security mechanism is used, it is easy to make it suffer from masquerade attack. Therefore, a two-stage method based on message authentication is proposed to enhance the security of it. In the first stage, an anti-exhaustive message exchange and comparison algorithm is proposed. After exchanging the message comparison sequence, the lower bound of the vehicle application and redundant message space is obtained. In the second stage, an enhanced round accumulation algorithm is proposed to enhance security, which adds Message Authentication Codes(MACs) to the redundant message space in a way of fewer accumulation rounds. Experimental examples show that the proposed two-stage approach enables both small-scale and large-scale parallel in-vehicle applications security to be enhanced. Among them, in the Adaptive Cruise Control Application(ACCA), when the laxity interval is 1300μs, the total increased MACs is as high as 388Bit, and the accumulation rounds is as low as 40 rounds.
Croitoru, Adrian-Florin, Stîngă, Florin, Marian, Marius.  2022.  A Case Study for Designing a Secure Communication Protocol over a Controller Area Network. 2022 26th International Conference on System Theory, Control and Computing (ICSTCC). :47–51.
This paper presents a case study for designing and implementing a secure communication protocol over a Controller Area Network (CAN). The CAN based protocol uses a hybrid encryption method on a relatively simple hardware / software environment. Moreover, the blockchain technology is proposed as a working solution to provide an extra secure level of the proposed system.
ISSN: 2372-1618
2023-03-03
Yang, Gangqiang, Shi, Zhengyuan, Chen, Cheng, Xiong, Hailiang, Hu, Honggang, Wan, Zhiguo, Gai, Keke, Qiu, Meikang.  2022.  Work-in-Progress: Towards a Smaller than Grain Stream Cipher: Optimized FPGA Implementations of Fruit-80. 2022 International Conference on Compilers, Architecture, and Synthesis for Embedded Systems (CASES). :19–20.
Fruit-80, an ultra-lightweight stream cipher with 80-bit secret key, is oriented toward resource constrained devices in the Internet of Things. In this paper, we propose area and speed optimization architectures of Fruit-80 on FPGAs. The area optimization architecture reuses NFSR&LFSR feedback functions and achieves the most suitable ratio of look-up-tables and flip-flops. The speed optimization architecture adopts a hybrid approach for parallelization and reduces the latency of long data paths by pre-generating primary feedback and inserting flip-flops. In conclusion, the optimal throughput-to-area ratio of the speed optimization architecture is better than that of Grain v1. The area optimization architecture occupies only 35 slices on Xilinx Spartan-3 FPGA, smaller than that of Grain and other common stream ciphers. To the best of our knowledge, this result sets a new record of the minimum area in lightweight cipher implementations on FPGA.
2023-02-28
Gopalakrishna, Nikhil Krishna, Anandayuvaraj, Dharun, Detti, Annan, Bland, Forrest Lee, Rahaman, Sazzadur, Davis, James C..  2022.  “If security is required”: Engineering and Security Practices for Machine Learning-based IoT Devices. 2022 IEEE/ACM 4th International Workshop on Software Engineering Research and Practices for the IoT (SERP4IoT). :1—8.
The latest generation of IoT systems incorporate machine learning (ML) technologies on edge devices. This introduces new engineering challenges to bring ML onto resource-constrained hardware, and complications for ensuring system security and privacy. Existing research prescribes iterative processes for machine learning enabled IoT products to ease development and increase product success. However, these processes mostly focus on existing practices used in other generic software development areas and are not specialized for the purpose of machine learning or IoT devices. This research seeks to characterize engineering processes and security practices for ML-enabled IoT systems through the lens of the engineering lifecycle. We collected data from practitioners through a survey (N=25) and interviews (N=4). We found that security processes and engineering methods vary by company. Respondents emphasized the engineering cost of security analysis and threat modeling, and trade-offs with business needs. Engineers reduce their security investment if it is not an explicit requirement. The threats of IP theft and reverse engineering were a consistent concern among practitioners when deploying ML for IoT devices. Based on our findings, we recommend further research into understanding engineering cost, compliance, and security trade-offs.
2023-02-17
Inácio, João, Medeiros, Ibéria.  2022.  Effectiveness on C Flaws Checking and Removal. 2022 52nd Annual IEEE/IFIP International Conference on Dependable Systems and Networks - Supplemental Volume (DSN-S). :33–34.
The use of software daily has become inevitable nowadays. Almost all everyday tools and the most different areas (e.g., medicine or telecommunications) are dependent on software. The C programming language is one of the most used languages for software development, such as operating systems, drivers, embedded systems, and industrial products. Even with the appearance of new languages, it remains one of the most used [1] . At the same time, C lacks verification mechanisms, like array boundaries, leaving the entire responsibility to the developer for the correct management of memory and resources. These weaknesses are at the root of buffer overflows (BO) vulnerabilities, which range the first place in the CWE’s top 25 of the most dangerous weaknesses [2] . The exploitation of BO when existing in critical safety systems, such as railways and autonomous cars, can have catastrophic effects for manufacturers or endanger human lives.
Chen, Yenan, Li, Linsen, Zhu, Zhaoqian, Wu, Yue.  2022.  Work-in-Progress: Reliability Evaluation of Power SCADA System with Three-Layer IDS. 2022 International Conference on Compilers, Architecture, and Synthesis for Embedded Systems (CASES). :1–2.
The SCADA (Supervisory Control And Data Acquisition) has become ubiquitous in industrial control systems. However, it may be exposed to cyber attack threats when it accesses the Internet. We propose a three-layer IDS (Intrusion Detection System) model, which integrates three main functions: access control, flow detection and password authentication. We use the reliability test system IEEE RTS-79 to evaluate the reliability. The experimental results provide insights into the establishment of the power SCADA system reliability enhancement strategies.
ISSN: 2643-1726
Haque, Siam, Mirzaei, Shahnam.  2022.  System on Chip (SoC) Security Architecture Framework for Isolated Domains Against Threats. 2022 IEEE International Symposium on Hardware Oriented Security and Trust (HOST). :29–32.
This paper presents a definition of a secure system and design principles, which help govern security policies within an embedded system. By understanding a secure system, a common system on chip (SoC) architecture is evaluated and their vulnerabilities explored. This effort helped define requirements for a framework for a secure and isolated SoC architecture for users to develop in. Throughout this paper, a SoC architecture framework for isolated domains has been proposed and its robustness verified against different attack scenarios. To support different levels of criticality and complexity in developing user applications, three computing domains were proposed: security and safety critical (SSC) domain, high performance (HP) domain, and sandbox domain. These domains allow for complex applications to be realized with varying levels of security. Isolation between different computing domains is established using consumer off the shelf (COTS) techniques and architectural components provided by the Zynq Ultrascale+ (ZU+) multiprocessor SoC (MPSoC). To the best of our knowledge, this is the first work that implements a secure system design on the ZU+ platform. There have been many other implementations in hardware security to mitigate certain attack scenarios such as side channel attacks, temporal attacks, hardware trojans, etc. However, our work is different than others, as it establishes the framework for isolated computing domains for secure applications and also verifies system security by attacking one domain from the others.
Shi, Jiameng, Guan, Le, Li, Wenqiang, Zhang, Dayou, Chen, Ping, Zhang, Ning.  2022.  HARM: Hardware-Assisted Continuous Re-randomization for Microcontrollers. 2022 IEEE 7th European Symposium on Security and Privacy (EuroS&P). :520–536.
Microcontroller-based embedded systems have become ubiquitous with the emergence of IoT technology. Given its critical roles in many applications, its security is becoming increasingly important. Unfortunately, MCU devices are especially vulnerable. Code reuse attacks are particularly noteworthy since the memory address of firmware code is static. This work seeks to combat code reuse attacks, including ROP and more advanced JIT-ROP via continuous randomization. Previous proposals are geared towards full-fledged OSs with rich runtime environments, and therefore cannot be applied to MCUs. We propose the first solution for ARM-based MCUs. Our system, named HARM, comprises a secure runtime and a binary analysis tool with rewriting module. The secure runtime, protected inside the secure world, proactively triggers and performs non-bypassable randomization to the firmware running in a sandbox in the normal world. Our system does not rely on any firmware feature, and therefore is generally applicable to both bare-metal and RTOS-powered firmware. We have implemented a prototype on a development board. Our evaluation results indicate that HARM can effectively thaw code reuse attacks while keeping the performance and energy overhead low.
Lehniger, Kai, Schölze, Mario, Jelonek, Jonas, Tabatt, Peter, Aftowicz, Marcin, Langendorfer, Peter.  2022.  Combination of ROP Defense Mechanisms for Better Safety and Security in Embedded Systems. 2022 25th Euromicro Conference on Digital System Design (DSD). :480–487.
Control flow integrity (CFI) checks are used in desktop systems, in order to protect them from various forms of attacks, but they are rarely investigated for embedded systems, due to their introduced overhead. The contribution of this paper is an efficient software implementation of a CFI-check for ARM-and Xtensa processors. Moreover, we propose the combination of this CFI-check with another defense mechanism against return-oriented-programming (ROP). We show that by this combination the security is significantly improved. Moreover, it will also in-crease the safety of the system, since the combination can detect a failed ROP-attack and bring the system in a safe state, which is not possible when using each technique separately. We will also report on the introduced overhead in code size and run time.
Tabatt, P., Jelonek, J., Schölzel, M., Lehniger, K., Langendörfer, P..  2022.  Code Mutation as a mean against ROP Attacks for Embedded Systems. 2022 11th Mediterranean Conference on Embedded Computing (MECO). :1–4.
This paper presents a program-code mutation technique that is applied in-field to embedded systems in order to create diversity in a population of systems that are identical at the time of their deployment. With this diversity, it becomes more difficult for attackers to carry out the very popular Return-Oriented-Programming (ROP) attack in a large scale, since the gadgets in different systems are located at different program addresses after code permutation. In order to prevent the system from a system crash after a failed ROP attack, we further propose the combination of the code mutation with a return address checking. We will report the overhead in time and memory along with a security analysis.
2023-01-13
Schwaiger, Patrick, Simopoulos, Dimitrios, Wolf, Andreas.  2022.  Automated IoT security testing with SecLab. NOMS 2022-2022 IEEE/IFIP Network Operations and Management Symposium. :1–6.
With the growing number of IoT applications and devices, IoT security breaches are a dangerous reality. Cost pressure and complexity of security tests for embedded systems and networked infrastructure are often the excuse for skipping them completely. In our paper we introduce SecLab security test lab to overcome that problem. Based on a flexible and lightweight architecture, SecLab allows developers and IoT security specialists to harden their systems with a low entry hurdle. The open architecture supports the reuse of existing external security test libraries and scalability for the assessment of complex IoT Systems. A reference implementation of security tests in a realistic IoT application scenario proves the approach.
2023-01-05
Ebrahimabadi, Mohammad, Younis, Mohamed, Lalouani, Wassila, Karimi, Naghmeh.  2022.  An Attack Resilient PUF-based Authentication Mechanism for Distributed Systems. 2022 35th International Conference on VLSI Design and 2022 21st International Conference on Embedded Systems (VLSID). :108–113.
In most PUF-based authentication schemes, a central server is usually engaged to verify the response of the device’s PUF to challenge bit-streams. However, the server availability may be intermittent in practice. To tackle such an issue, this paper proposes a new protocol for supporting distributed authentication while avoiding vulnerability to information leakage where CRPs could be retrieved from hacked devices and collectively used to model the PUF. The main idea is to provision for scrambling the challenge bit-stream in a way that is dependent on the verifier. The scrambling pattern varies per authentication round for each device and independently across devices. In essence, the scrambling function becomes node- and packetspecific and the response received by two verifiers of one device for the same challenge bit-stream could vary. Thus, neither the scrambling function can be reverted, nor the PUF can be modeled even by a collusive set of malicious nodes. The validation results using data of an FPGA-based implementation demonstrate the effectiveness of our approach in thwarting PUF modeling attacks by collusive actors. We also discuss the approach resiliency against impersonation, Sybil, and reverse engineering attacks.
2022-12-09
Sepehrzadeh, Hamed.  2022.  Security Evaluation of Cyber-Physical Systems with Redundant Components. 2022 CPSSI 4th International Symposium on Real-Time and Embedded Systems and Technologies (RTEST). :1—7.
The emergence of CPSs leads to modernization of critical infrastructures and improving flexibility and efficiency from one point of view. However, from another point of view, this modernization has subjected them to cyber threats. This paper provides a modeling approach for evaluating the security of CPSs. The main idea behind the presented model is to study the attacker and the system behaviors in the penetration and attack phases with exploiting some defensive countermeasures such as redundant components and attack detection strategies. By using the proposed approach, we can investigate how redundancy factor of sensors, controllers and actuators and intrusion detection systems can improve the system security and delay the system security failure.
2022-11-08
Javaheripi, Mojan, Samragh, Mohammad, Fields, Gregory, Javidi, Tara, Koushanfar, Farinaz.  2020.  CleaNN: Accelerated Trojan Shield for Embedded Neural Networks. 2020 IEEE/ACM International Conference On Computer Aided Design (ICCAD). :1–9.
We propose Cleann, the first end-to-end framework that enables online mitigation of Trojans for embedded Deep Neural Network (DNN) applications. A Trojan attack works by injecting a backdoor in the DNN while training; during inference, the Trojan can be activated by the specific backdoor trigger. What differentiates Cleann from the prior work is its lightweight methodology which recovers the ground-truth class of Trojan samples without the need for labeled data, model retraining, or prior assumptions on the trigger or the attack. We leverage dictionary learning and sparse approximation to characterize the statistical behavior of benign data and identify Trojan triggers. Cleann is devised based on algorithm/hardware co-design and is equipped with specialized hardware to enable efficient real-time execution on resource-constrained embedded platforms. Proof of concept evaluations on Cleann for the state-of-the-art Neural Trojan attacks on visual benchmarks demonstrate its competitive advantage in terms of attack resiliency and execution overhead.
2022-10-16
Hauschild, Florian, Garb, Kathrin, Auer, Lukas, Selmke, Bodo, Obermaier, Johannes.  2021.  ARCHIE: A QEMU-Based Framework for Architecture-Independent Evaluation of Faults. 2021 Workshop on Fault Detection and Tolerance in Cryptography (FDTC). :20–30.
Fault injection is a major threat to embedded system security since it can lead to modified control flows and leakage of critical security parameters, such as secret keys. However, injecting physical faults into devices is cumbersome and difficult since it requires a lot of preparation and manual inspection of the assembly instructions. Furthermore, a single fault injection method cannot cover all possible fault types. Simulating fault injection in comparison, is, in general, less costly, more time-efficient, and can cover a large amount of possible fault combinations. Hence, many different fault injection tools have been developed for this purpose. However, previous tools have several drawbacks since they target only individual architectures or cover merely a limited amount of the possible fault types for only specific memory types. In this paper, we present ARCHIE, a QEMU-based architecture-independent fault evaluation tool, that is able to simulate transient and permanent instruction and data faults in RAM, flash, and processor registers. ARCHIE supports dynamic code analysis and parallelized execution. It makes use of the Tiny Code Generator (TCG) plugin, which we extended with our fault plugin to enable read and write operations from and to guest memory. We demonstrate ARCHIE’s capabilities through automatic binary analysis of two exemplary applications, TinyAES and a secure bootloader, and validate our tool’s results in a laser fault injection experiment. We show that ARCHIE can be run both on a server with extensive resources and on a common laptop. ARCHIE can be applied to a wide range of use cases for analyzing and enhancing open source and proprietary firmware in white, grey, or black box tests.
Shekarisaz, Mohsen, Talebian, Fatemeh, Jabariani, Marjan, Mehri, Farzad, Faghih, Fathiyeh, Kargahi, Mehdi.  2020.  Program Energy-Hotspot Detection and Removal: A Static Analysis Approach. 2020 CSI/CPSSI International Symposium on Real-Time and Embedded Systems and Technologies (RTEST). :1–8.
The major energy-hungry components in today's battery-operated embedded devices are mostly peripheral modules like LTE, WiFi, GPS, etc. Inefficient use of these modules causes energy hotspots, namely segments of the embedded software in which the module wastes energy. We study two such hotspots in the current paper, and provide the corresponding detection and removal algorithms based on static analysis techniques. The program code hotspots occur due to unnecessary releasing and re-acquiring of a module (which puts the module in power saving mode for a while) and misplaced acquiring of the module (which makes the module or processor to waste energy in idle mode). The detections are performed according to some relation between extreme (worst-case/best-case) execution times of some program segments and time/energy specifications of the module. The experimental results on our benchmarks show about 28 percent of energy reduction after the hotspot removals.