Security Testing of Software on Embedded Devices Using x86 Platform

Security testing of software on embedded devices is often impeded for lacking advanced program analysis tools. The main obstacle is that state-of-the-art tools do not support the instruction set of common architectures of embedded device (e.g., MIPS). It requires either developing new program analysis tool aiming to architecture or introducing many manual efforts to help security testing. However, re-implementing a program analysis tool needs considerable amount of time and is generally a repetitive task. To address this issue efficiently, our observation is that most programs on embedded devices are compiled from source code of high level languages, and it is feasible to compile the same source code to different platforms. Therefore, it is also expected to directly translate the compiled executable to support another platform. This paper presents a binary translation based security testing approach for software on embedded devices. Our approach first translates a MIPS executable to an x86 executable leveraging the LLVM-IR, then reuses existing x86 program analysis tools to help employ in-depth security testing. This approach is not only efficient for it reuses existing tools and utilizes the x86 platform with higher performance to conduct security analysis and testing, but also more flexible for it can test code fragment with different levels of granularity (e.g., a function or an entire program). Our evaluation on frequently used data transformation algorithms and utilities illustrates the accuracy and efficiency of the proposed approach.