Constrained Internet of Things (IoT) devices with limited computing resource are increasingly employed in security critical areas. Therefore, it is important for the firmware of these devices to be tested sufficiently. On non-constrained conventional devices, dynamic testing techniques (e.g. fuzzing, symbolic execution, or concolic testing) are successfully utilized to discover critical bugs in tested software. Unfortunately, the diverse ecosystem and the dependence on low-level details of a wide range of peripherals makes it difficult to use these techniques in the IoT context. In order to address these challenges, we present SymEx-VP an open source emulation-based approach for concolic testing of IoT firmware. SymEx-VP is a virtual prototype for RISC-V hardware platforms and allows concolic testing of RISC-V machine code. To support a wide range of different peripherals, SymEx-VP utilizes SystemC, a hardware modeling language for C++. By employing a SystemC extension mechanism, SymEx-VP can inject concolic inputs into the emulated firmware through the memory-mapped I/O peripheral interface of existing SystemC peripheral models. This allows us to support different operating systems and libraries used in the IoT with minimal integration effort. We provide an extensive description of SymEx-VP, illustrate peripheral modeling and firmware testing using it by example, and perform tests with four operating systems to demonstrate the advantages of our OS-agnostic firmware testing method.
Keywords
Concolic testing
Virtual prototyping
SystemC
RISC-V
Internet of things
Cited by (0)
Sören Tempel received the Masters degree in computer science from the University of Bremen, Germany, in 2020. Since then, he is pursuing the Ph.D. degree with the University of Bremen with the Research Group of Computer Architecture. His current research interests include verification of RISC-V software using advanced symbolic execution techniques and virtual prototyping.
Vladimir Herdt received the Dr.-Ing. degree in computer science from the University of Bremen in 2020. Since 2020, he is a Senior Researcher at the University of Bremen and at the German Research Center for Artificial Intelligence (DFKI). His current research interests include virtual prototyping, verification, formal methods and analysis techniques, with a particular focus on RISC-V. In these areas he published more than 45 peer-reviewed journal and conference papers with a best paper award at the FDL in 2020. He is recipient of the Springer BestMasters and DAC Young Fellow awards.
Rolf Drechsler received the Diploma and Dr. phil. nat. degrees in computer science from the Johann Wolfgang Goethe University in Frankfurt am Main, Germany, in 1992 and 1995, respectively. He worked at the Institute of Computer Science, Albert-Ludwigs University, Freiburg im Breisgau, Germany, from 1995 to 2000, and at the Corporate Technology Department, Siemens AG, Munich, Germany, from 2000 to 2001. Since October 2001, Rolf Drechsler is Full Professor and Head of the Group of Computer Architecture, Institute of Computer Science, at the University of Bremen, Germany. In 2011, he additionally became the Director of the Cyber-Physical Systems Group at the German Research Center for Artificial Intelligence (DFKI) in Bremen. His current research interests include the development and design of data structures and algorithms with a focus on circuit and system design. He is an ACM Distinguished Member and an IEEE Fellow.
This work was supported in part by the German Federal Ministry of Education and Research
(BMBF) within the poject Scale4Edge under contract no. 16ME0127 and within the project VerSys under contract no. 01IW19001.
