Emulation is at the core of many security analyses. However, emulating embedded systems is still not possible in most cases. To facilitate this critical analysis, we present Conware, a hardware emulation framework that can automatically generate models for hardware peripherals, which alleviates one of the major challenges currently hindering embedded systems emulation. Conware enables individual peripherals to be modeled, exported, and combined with other peripherals in a pluggable fashion. Conware achieves this by first obtaining a recording of the low-level hardware interactions between the firmware and the peripheral, using either existing methods or our source-code instrumentation technique. These recordings are then used to create high-fidelity automata representations of the peripheral using novel automata-generation techniques. The various models can then be merged to facilitate full-system emulation of any embedded firmware that uses any of the modeled peripherals, even if that specific firmware or its target hardware was never directly instrumented. Indeed, we demonstrate that Conware is able to successfully emulate a peripheral-heavy firmware binary that was never instrumented, by merging the models of six unique peripherals that were trained on a development board using only the vendor-provided example code.
@inproceedings{2021spenskyconware,
title = {{Conware: Automated Modeling of Hardware Peripherals}},
author = {Spensky, Chad and Machiry, Aravind and Redini, Nilo and Unger, Colin and Foster, Graham and Blasband, Evan and Okhravi, Hamed and Kruegel, Christopher and Vigna, Giovanni},
booktitle = {Proceedings of the 2021 ACM Asia Conference on Computer and Communications Security},
year = {2021},
isbn = {9781450382878},
keywords = {hardware peripherals, embedded systems, emulation},
numpages = {15},
pages = {95--109},
publisher = {Association for Computing Machinery},
url = {https://doi.org/10.1145/3433210.3437532}
}