Emulation-based security measurement with applications in avionics, redaction, and industrial control

Bland, Maxwell

Permalink

https://hdl.handle.net/2142/121481 Copy

Description

Title

Emulation-based security measurement with applications in avionics, redaction, and industrial control

Author(s)

Bland, Maxwell

Issue Date

2023-07-12

Director of Research (if dissertation) or Advisor (if thesis)

Levchenko, Kirill

Doctoral Committee Chair(s)

Levchenko, Kirill

Committee Member(s)

• Bates, Adam
• Schulman, Aaron
• Wang, Gang

Department of Study

Computer Science

Discipline

Computer Science

Degree Granting Institution

University of Illinois at Urbana-Champaign

Degree Name

Ph.D.

Degree Level

Dissertation

Keyword(s)

• Security
• Privacy
• Redactions
• Avionics
• Emulation
• Industrial Control
• Rehosting
• Information leaks
• Lifting

Abstract

The safety of critical systems and data is of paramount importance to society. Attacks on these systems can have catastrophic consequences, and the security of these systems is often difficult to measure. Existing methods often involve access to an operating version of the system, such as a physical device or executable specification, to provide ground-truth. However, access to a complete representation of the system is not always possible or practical. In this dissertation, we explore the use of emulation to measure the security of systems in the absence of this ground-truth information. Complex system emulation often requires sophisticated approaches to digital forensics and tactics for navigating undecidability resulting from uncertainty of the system's state. To address these challenges, we present intelligent guess-and-check strategies for deducing hidden information in executable code in the absence of original source code or other auxiliary information. Our core technical contributions are (1) the first symbolic execution based firmware rehosting system, used to generate emulations of embedded systems. (2) A novel system for the analysis and recovery of glyph positioning information in PDF documents. This system was used to recover redacted text information where the characters were removed in hundreds of sensitive documents. (3) A logic-based intermediate representation and framework for the extraction of lifted function summaries from binary firmware. This framework makes existing verification and synthesis techniques applicable to real-world systems by translating implemented code to mathematical models. Where appropriate, we justify our strategies through discussions of correctness, precision, and generalizability. Our results are never theoretical: we apply them to pre-existing, empirically validatable domain rather than models: among others, we study the Communication Management Unit used in Boeing 737 Aircraft, historically important redacted documents, and a programmable logic controller operating a Tennessee Eastman chemical plant reactor pressure valve.

Graduation Semester

2023-08

Type of Resource

Thesis

Copyright and License Information

Copyright 2023 Maxwell Bland

Owning Collections