@inproceedings{383c28eee0f5423ba13d6e661c95f220,
title = "Towards automated exploit generation for embedded systems",
abstract = "Manual vulnerability discovery and exploit development on an executable are very challenging tasks for developers. Therefore, the automation of those tasks is becoming interesting in the field of software security. In this paper, we implement an approach of automated exploit generation for firmware of embedded systems by extending an existing dynamic analysis framework called Avatar. Embedded systems occupy a significant portion of the market but lack typical security features found on general purpose computers, making them prone to critical vulnerabilities. We discuss several techniques to automatically discover vulnerabilities and generate exploits for embedded systems, and evaluate our proposed approach by generating exploits for two vulnerable firmware written for a popular ARM Cortex-M3 microcontroller.",
keywords = "Embedded system, Exploit generation, Software vulnerability",
author = "Matthew Ruffell and Hong, \{Jin B.\} and Hyoungshick Kim and Kim, \{Dong Seong\}",
note = "Publisher Copyright: {\textcopyright} Springer International Publishing AG 2017.; 17th International Workshop on Information Security Applications, WISA 2016 ; Conference date: 25-08-2016 Through 25-08-2016",
year = "2017",
doi = "10.1007/978-3-319-56549-1\_14",
language = "English",
isbn = "9783319565484",
series = "Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)",
publisher = "Springer Verlag",
pages = "161--173",
editor = "Dooho Choi and \{Guilley \}, Sylvain",
booktitle = "Information Security Applications - 17th International Workshop, WISA 2016, Revised Selected Papers",
}