ELF dynamic analysis tool for IoT systems with symbolic execution

As a result of background work on analysis in embedded Linux OS, the authors created the ELF (embedded linux fuzzing) tool that provides functionality for use in conventional dynamic analysis tools working with IoT devices. The article discusses the use of full-system symbolic execution for the analysis of IoT systems based on Linux kernels, describes how to integrate S2E full-system symbolic execution frameworks into the ELF tool environment, as well as the possibility of applicability of the resulting toolchain to the implementation of distributed hybrid IoT fuzzing.

1. OSS-Sydr-Fuzz: Hybrid Fuzzing for Open Source Software. Available at: https://github.com/ispras/oss-sydr-fuzz.git, accessed 16.08.2022.

2. C. Halbronn. The Return of Robin Hood vs Cisco ASA Available at: https://www.nccgroup.trust/globalassets/newsroom/uk/events/offensivecon2018-the-return-of-robin-hood-vs-cisco-asa.pdf, accessed: 16.08.2022.

3. Коваленко Р.Д., Макаров А.Н. Динамический анализ IoT-систем на основе полносистемной эмуляции в QEMU. Труды ИСП РАН, том 33, вып. 5, 2021 г., стр. 155-166. DOI: 10.15514/ISPRAS–2021–33(5)–9 / Kovalenko R.D., Makarov A.N. Dynamic analysis of IoT systems based on full-system emulation in QEMU. Trudy ISP RAN/Proc. ISP RAS, vol. 33, issue 5, 2021, pp. 155-166 (in Russian).

4. P. Dovgalyuk. Deterministic Replay of System’s Execution with Multi-target QEMU Simulator for Dynamic Analysis and Reverse Debugging. In Proc. of the 16th European Conference on Software Maintenance and Reengineerin, 2012, pp. 553-556.

5. V. Chipounov, V. Kuznetsov, G. Candea. S2E: a platform for in-vivo multi-path analysis of software systems. ACM SIGPLAN Notices, vol. 46, issue 3, 2011, pp 265-278.

6. S2E: The Selective Symbolic Execution Platform. Available at: http://s2e.systems/docs/, accessed 16.08.2022.

7. The fuzzer afl++. Available at: https://github.com/AFLplusplus/AFLplusplus, accessed 16.08.2022.

8. J. Pereyda. Boofuzz Documentation, Release 0.4.1. Available at: https://buildmedia.readthedocs.org/media/pdf/boofuzz/latest/boofuzz.pdf, accessed 16.08.2022.

9. radamsa: a general-purpose fuzzer. Available at: https://gitlab.com/akihe/radamsa, accessed 16.08.2022.

10. KLEE Symbolic Execution Engine. c https://klee.github.io/, accessed 16.08.2022.

11. The Z3 Theorem Prover. The Z3 Theorem Prover. Available at: https://github.com/Z3Prover/z3, accessed 16.08.2022.

12. Using SystemTap with S2E. Available at: http://s2e.systems/docs/Tutorials/SystemTap/index.html, accessed 16.08.2022.