ARMPatch: A Binary Patching Framework for ARM-based IoT Devices
- 13 October 2021
- journal article
- research article
- Published by River Publishers in Journal of Web Engineering
- Vol. 20 (6), 1829-1852
- https://doi.org/10.13052/jwe1540-9589.2066
Abstract
With the rapid advancement of hardware and internet technologies, we are surrounded by more and more Internet of Things (IoT) devices. Despite the convenience and boosted productivity that these devices have brought to our lives and industries, new security implications have arisen. IoT devices bring many new attack vectors, causing an increment of cyber-attacks that target these systems in the recent years. However, security vulnerabilities on numerous devices are often not fixed. This may due to providers not being informed in time, they have stopped maintaining these models, or they simply no longer exist. Even if an official fix for a security issue is finally released, it usually takes a long time. This gives hackers time to exploit vulnerabilities extensively, which in many cases requires customers to disconnect vulnerable devices, leading to outages. As the software is usually closed source, it is also unlikely that the community will review and modify the source code themselves and provide updates. In this study, we present ARMPatch, a flexible static binary patching framework for ARM-based IoT devices, with a focus on security fixes. After identified the unique challenges of performing binary patching on ARM platforms, we have provided novel features by replacing, modifying, and adding code to already compiled programs. Then, the viability and usefulness of our solution has been verified through demos and final programs on real devices. Finally, we have discussed the current limitations of our approach and future challenges.Keywords
This publication has 2 references indexed in Scilit:
- DeepBinDiff: Learning Program-Wide Code Representations for Binary DiffingPublished by Internet Society ,2020
- Position-Independent Code Reuse: On the Effectiveness of ASLR in the Absence of Information DisclosurePublished by Institute of Electrical and Electronics Engineers (IEEE) ,2018