MetaEmu: an architecture agnostic rehosting framework for automotive firmware

Zitai Chen*, Sam Thomas*, Flavio Garcia

*Corresponding author for this work

Research output: Chapter in Book/Report/Conference proceedingConference contribution

80 Downloads (Pure)

Abstract

In this paper, we present MetaEmu, an architecture-agnostic framework geared towards rehosting and security analysis of automotive firmware. MetaEmu improves over existing rehosting environments in two ways: Firstly, it solves the hitherto open-problem of a lack of generic Virtual Execution Environments (VXEs) by synthesizing processor simulators from Ghidra’s language definitions. Secondly, MetaEmu can rehost and analyze multiple targets, each of different architecture, simultaneously, and share analysis facts between each target’s analysis environment, a technique we call inter-device analysis.

We show that the flexibility afforded by our approach does not lead to a performance trade-off—MetaEmu lifts rehosted firmware to an optimized intermediate representation, and provides performance comparable to existing emulation tools, such as Unicorn. Our evaluation spans five different architectures, bare-metal and RTOS-based firmware, and three kinds of automotive Electronic Control Unit (ECU) from four distinct vendors—none of which can be rehosted or emulated by current tools, due to lack of processor support. Further, we show how MetaEmu enables a diverse set of analyses by implementing a fuzzer, a symbolic executor for solving peripheral access checks, a CAN ID reverse engineering tool, and an inter-device coverage tracker.
Original languageEnglish
Title of host publicationCCS '22
Subtitle of host publicationProceedings of the 2022 ACM SIGSAC Conference on Computer and Communications Security
PublisherAssociation for Computing Machinery (ACM)
Pages515–529
ISBN (Print)9781450394505
DOIs
Publication statusPublished - 7 Nov 2022
EventCCS '22: 2022 ACM SIGSAC Conference on Computer and Communications Security - Los Angeles, United States
Duration: 7 Nov 202211 Nov 2022

Publication series

Name Proceedings of the ACM Conference on Computer and Communications Security
PublisherACM
ISSN (Print)1543-7221

Conference

ConferenceCCS '22: 2022 ACM SIGSAC Conference on Computer and Communications Security
Abbreviated titleCCS'22
Country/TerritoryUnited States
CityLos Angeles
Period7/11/2211/11/22

Keywords

  • automotive
  • dynamic program analysis
  • firmware
  • emulation

Fingerprint

Dive into the research topics of 'MetaEmu: an architecture agnostic rehosting framework for automotive firmware'. Together they form a unique fingerprint.

Cite this