IT security experts from Bochum, headed by Prof Dr Thorsten Holz, are developing a new method for detecting and fixing vulnerabilities in the applications run on different devices — regardless of the processor integrated in the respective device.
In future, many everyday items will be connected to the Internet and, consequently, become targets of attackers. As all devices run different types of software, supplying protection mechanisms that work for all poses a significant challenge.
This is the objective pursued by the Bochum-based project “Leveraging Binary Analysis to Secure the Internet of Things,” short Bastion, funded by the European Research Council.
A shared language for all processors
As more often than not, the software running on a device remains the manufacturer’s corporate secret, researchers at the Chair for System Security at Ruhr-Universität Bochum do not analyse the original source code, but the binary code of zeros and ones that they can read directly from a device.
However, different devices are equipped with processors with different complexities: while an Intel processor in a computer understands more than 500 commands, a microcontroller in an electronic key is able to process merely 20 commands. An additional problem is that one and the same instruction, for example “add two numbers,” is represented as different sequences of zeros and ones in the binary language of two processor types. This renders an automated analysis of many different devices difficult.
In order to perform processor-independent security analyses, Thorsten Holz’ team translates the different binary languages into a so called intermediate language. The researchers have already successfully implemented this approach for three processor types named Intel, ARM and MIPS.
Closing security gaps automatically
The researchers then look for security-critical programming errors on the intermediate language level. They intend to automatically close the gaps thus detected. This does not yet work for any software. However, the team has already demonstrated that the method is sound in principle: in 2015, the IT experts identified a security gap in the Internet Explorer and succeeded in closing it automatically.
The method is expected to be completely processor-independent by the time the project is wrapped up in 2020. Integrating protection mechanisms is supposed to work for many different devices, too.
Helping faster than the manufacturers
“Sometimes, it can take a while until security gaps in a device are noticed and fixed by the manufacturers,” says Thorsten Holz. This is where the methods developed by his group can help. They protect users from attacks even if security gaps had not yet been officially closed.
Filed Under: M2M (machine to machine)