News
Bug Credits for Zero-daysWritten on 26.09.23 (last change on 20.09.24) by Simon Wörner Hi, I've added a note field for your GitHub account / name so we can credit you for the found bugs when we do the cumulated reporting.
Simon |
Grades are out - The EndWritten on 25.09.23 by Ali Abbasi Hi, The final grades are out in the CMS. You can see it in the Tests And Exams section. Thank you, everybody, for attending this course and for the fantastic work you have done throughout the course. I was impressed by all of you. I hope you continue the great work you are doing in the… Read more Hi, The final grades are out in the CMS. You can see it in the Tests And Exams section. Thank you, everybody, for attending this course and for the fantastic work you have done throughout the course. I was impressed by all of you. I hope you continue the great work you are doing in the future. If you need a recommendation or are looking for a Job/Ph.D. position, please let me know, and I will personally vouch for each of you.
Cheers, Ali PS: As mentioned before, there will be prizes for the top 3 students. Due to delivery issues, I will hand in awards during the System Security lecture in October. I will contact you individually once I have delivery information for the prizes.
|
Winter is Coming....Exam DateWritten on 20.09.23 by Ali Abbasi Hi Everybody, Here is just a reminder that your exam date is approaching. Regarding the time, here is the time each of you take the exam:
13:00 to 13:30: Lorenz 13:30 to 14:00: Tristan 14:00 to 14:30: Ulysse 14:30 to 15:00: Raoul 15:00 to 15:30 Addison
Fabian and… Read more Hi Everybody, Here is just a reminder that your exam date is approaching. Regarding the time, here is the time each of you take the exam:
13:00 to 13:30: Lorenz 13:30 to 14:00: Tristan 14:00 to 14:30: Ulysse 14:30 to 15:00: Raoul 15:00 to 15:30 Addison
Fabian and Florian: 14:00 to 15:00 21st September.
Location: CISPA C0 building room 2-16
Remember to submit your reports beforehand and bring your laptop. Note: Those who will have the exam tomorrow (Fabian and Florian) should be able to share their screen on their computer.
We will try to have a hand-in prize date. It depends on CISPA procurement. If they are fast and prizes are delivered on time, the top 3 students will get their awards from the ZF. Otherwise, we have to delay the award date.
Cheers, Ali
|
Reminder on Exam RegistrationWritten on 17.09.23 by Ali Abbasi Hi, This is a reminder that you should register for the exam by the end of today.
Cheers, Ali
|
Exam RegistrationWritten on 13.09.23 by Ali Abbasi Hi, Please make sure to register for the exam before 18th September.
Cheers, Ali
|
Updated Diffs for embed OS BuildWritten on 11.09.23 (last change on 11.09.23) by Tobias Scharnowski Hi everyone, we updated the patches for the embed OS target to remove hard-to-triage interactions between the emulator and the target.
Regards, Tobi |
Final Project Target 1Written on 08.09.23 (last change on 10.09.23) by Simon Wörner Hi,
just to make sure there is no confusion: The first target is BLE_GAP of mbed-os-example-ble (Day 7 Task 2), to enable fuzzing be sure to apply the software floating point patch (mbed_disable_hard_floats.diff).
Regards, |
Day 9 Submission ExtensionWritten on 07.09.23 by Simon Wörner Hi, we extended the submission deadline of day 9 to Sunday 23:59.
Simon |
Order of PresentationWritten on 04.09.23 by Ali Abbasi Hi, The order of presentation for tomorrow is the following: 1. Avatar 2: A multi-target orchestration platform.", 2018
2. What You Corrupt Is Not What You Crash: Challenges in Fuzzing Embedded Devices, NDSS 2018
3. Firm-AFL: High-Throughput Greybox Fuzzing of IoT Firmware via Augmented… Read more Hi, The order of presentation for tomorrow is the following: 1. Avatar 2: A multi-target orchestration platform.", 2018
2. What You Corrupt Is Not What You Crash: Challenges in Fuzzing Embedded Devices, NDSS 2018
3. Firm-AFL: High-Throughput Greybox Fuzzing of IoT Firmware via Augmented Process Emulation, Usenix Sec 2019
4. HALucinator: Firmware Re-hosting Through Abstraction Layer Emulation, Usenix 2020
5. PartEmu: Enabling Dynamic Analysis of Real-World TrustZone Software Using Emulation, Usenix 2020
6. DICE: Automatic emulation of dma input channels for dynamic firmware analysis, IEEE S&P, 2021
7. What Your Firmware Tells You Is Not How You Should Emulate It: A Specification-Guided Approach for Firmware Emulation, CCS 2022
8. Hoedur: Embedded Firmware Fuzzing using Multi-Stream Inputs, Usenix Sec 2023
9. Greenhouse: Single-Service Rehosting of Linux-Based Firmware Binaries in User-Space Emulation, Usenix Sec 2023
|
Day 6 Submission FormWritten on 04.09.23 by Ali Abbasi Hi, Day 6 Submission Form is now available.
Ali |
SDCard ReaderWritten on 31.08.23 by Ali Abbasi Hi, For tomorrow's practical session, please have an SDCard reader with you.
Cheers, Ali
|
Selecting the paperWritten on 28.08.23 by Ali Abbasi Hi, To select the paper for 10 mins presentation, here is the forum link:
https://cms.cispa.saarland/emsecexpdevs2023/forum/viewtopic.php?t=1
Cheers, Ali
|
Software/Hardware RequirementWritten on 23.08.23 by Ali Abbasi Hi Everybody, We are getting close to the start day of our course. I wanted to give you some heads-up about the location and some requirements.
Requirements:1. Please Bring a Laptop with you. It should be a Linux machine, preferably Ubuntu. Please also install Linux build environment… Read more Hi Everybody, We are getting close to the start day of our course. I wanted to give you some heads-up about the location and some requirements.
Requirements:1. Please Bring a Laptop with you. It should be a Linux machine, preferably Ubuntu. Please also install Linux build environment for it. You should have an SSH client installed on it. 2. Please have a USB hub for 4th and 5th course day (next week, Thursday and Friday).
Important Note: If you use a pacemaker or any other medical device sensitive to electrical interference, please inform us ASAP.
Location:The course location will be in CISPA main building, room 0.01. We will start every day at 10:00 AM and have lectures until 12:00. We will have lunch time between 12:00 and 13:00. We will start the practical session from 13:00 until 17:00 (or whatever it takes).
Recommended Text Book for the course:1. Fuzzing Against the Machine, Automate Vulnerability Research with Emulated IoT Devices on QEMU 2. The Hardware Hacking Handbook 3. Real-Time Embedded Systems, Design Principles and Engineering Practices
Verbal Exam Date:There is going to be a verbal exam. The verbal exam is designed so that by doing all the practical parts and delivering your final project, you do not need to study for it. We will talk about your final project in the verbal exam. The verbal exam date is Monday, 25th September, from 09:00 AM until 17:00. Your exact time slot will be announced at the end of the last lecture. If you can not attend the exam date, please inform us ASAP. The exam location will be my office at CISPA main building, room 2-16.
Cheers, Ali
|
Course RegistrationWritten on 12.07.23 by Ali Abbasi Hi Everybody, I see that some students already registered in the course without writing me an email first. You will get removed from the course on 15 July unless you wrote your background and justification for this course and got approval from me.
Ali
|
About the course
From critical infrastructure to consumer electronics, embedded systems are all around us and underpin the technological fabric of everyday life. As a result, the security of embedded systems is crucial to us.
Therefore, in this course, we will work toward understanding the fundamentals of developing software/hardware exploits against embedded systems. In this course. We will cover topics such as firmware extraction, modification, and different hardware serial protocols. We also cover topics such as exploit development for ARM-based embedded devices and write exploits for vulnerabilities such as uninitialized stack variables, off-by-one bugs, Use-after-free, and utilize techniques such as ROP, Signal-oriented programming, to attack embedded systems. We also attack micro-controllers and try to extract secrets from them by utilizing reverse-engineering techniques. Finally, we perform fuzz-testing on embedded firmware via re-hosting.
Prerequisites
Do not register directly, before contacting us (abbasi@cispa.de). While we do not have a formal registration requirement, it is absolutely essential that you only apply for this course when you already passed the system security course, or have a very strong background in system security. There is a high probability that you fail the course if you do not have such a background. It is not worth it, do not try.
- You should have experience in systems-oriented programming. In addition, it helps if you have experience in the C programming language to understand some of the topics, Python is helpful as well.
- You should have a basic understanding of operating systems (e.g., memory management, scheduling, etc.).
- You should be familiar with Linux.
Time and Location and structure
The lecture will take place in two weeks from 28 August to 1st September and 4th to 8th September. There will be lectures in the morning followed by practical exercises in the afternoon. The exam will be the week after on 13th September.
Grading
To pass the course, you must score at least 50% on the final oral exam. In the final exam, you can reach 100 points, so you need to achieve at least 50 points in the final exam to pass the course. To be admitted to the exam, you must achieve at least 50% of the points from the exercises.
You will typically have the task of exploiting a vulnerable program to extract a secret flag.
- Strict no cheating policy
You may discuss the assignments with other students, but you are not allowed to collaborate with others on the solution. Your solution should be original and not an existing solution (e.g., from someone else or from the internet). All submissions will be automatically checked for plagiarism, as we have a strict no-cheating policy. If we find a case of plagiarism, we will assign zero points. If you ever get stuck, you can ask questions in the forum or participate in the exercise lessons. We invite you to help fellow students who have asked questions but avoid giving away the solution. Nobody likes spoilers :)
Oral Exam
At the end of the semester, there will be an oral exam for a duration of 30 minutes. All questions of the exam are in English.
Registration
Register for the course here in the CISPA CMS pending prior communication.