Browse > Article
http://dx.doi.org/10.3745/KTCCS.2014.3.2.31

An Implementation of JTAG API to Perform Dynamic Program Analysis for Embedded Systems  

Kim, Hyung Chan (한국전자통신연구원 부설연구소)
Park, Il Hwan (한국전자통신연구원 부설연구소)
Publication Information
KIPS Transactions on Computer and Communication Systems / v.3, no.2, 2014 , pp. 31-42 More about this Journal
Abstract
Debugger systems are necessary to apply dynamic program analysis when evaluating security properties of embedded system software. It may be possible to make the use of software-based debugger and/or DBI framework if target devices support general purpose operating systems, however, constraints on applicability as well as environmental transparency might be incurred thereby hindering overall analyzability. Analysis with JTAG (IEEE 1149.1) debugging devices can overcome these difficulties in that no change would be involved in terms of internal software environment. In that sense, JTAG API can facilitate to practically perform dynamic program analysis for evaluating security properties of target device software. In this paper, we introduce an implementation of JTAG API to enable analysis of ARM core based embedded systems. The API function set includes the categories of debugger and target device controls: debugging environment and operation. To verify API applicability, we also provide example analysis tool implementations: our JTAG API could be used to build kernel function fuzzing and live memory forensics modules.
Keywords
Embedded Systems; JTAG; Program Analysis; Security Evaluation;
Citations & Related Records
연도 인용수 순위
  • Reference
1 N. L. Petroni, Jr., T. Fraser, T. Fraser, and W. A. Arbaug, "Copilot - a coprocessor-based kernel runtime integrity monitor," Proc. of the 13th conference on USENIX Security Symposium, p.13, 2004.
2 H. Lee, H. Moon, D. Jang, K. Kim, J. Lee, Y. Paek, and B.B. Kang, "KI-Mon: A Hardware-assisted Event-triggered Monitoring Platform for Mutable Kernel Object," Proc. of the 22nd USENIX Security Symposium, pp.511-526, 2013.
3 R. G. Bennetts, "Boundary-Scan Tutorial," ASSET InterTech, Inc., Version 2.1, 2002.
4 JndTech, CodeViser [Internet], http://www.jndtech.com/.
5 Lauterbach, Trace32 [Internet], http://www.lauterbach.com.
6 Arium [Internet], http://www.arium.com/.
7 JTAG Finder [Internet], http://elinux.org/JTAG_Finder.
8 Joe Gran, "JTAGulator: Assisted discovery of on-chip debug interfaces," BlackHat US, 2013.
9 JndTech, "CVD API Guide," Rev 1.0, 2011.
10 G. Goth, "Addressing the monoculture," IEEE Security & Privacy, Vol.1, No.6, pp.8-10, 2003.
11 GDB: The GNU Project Debugger [Internet], http://www.gnu.org/software/gdb/.
12 Lauterbach GmbH, "API for Remote Control and JTAG Access," 2013.
13 M. J. Eager, Introduction to the DWARF Debugging Format Introduction to the DWARF Debugging Format, http://dwarfstd.org/.
14 Hardkernel, ODROID-PC [Internet], http://www.hardkernel.com/.
15 X. Roussel, "In-Memory Fuzzing with Java," High-Tech Bridge, 2012.
16 IEEE Computer Society, "IEEE Standard Test Access Port and Boundary-Scan Architecture," IEEE Std 1149.1-2013, 2013.
17 G. Chawdhary and V. Uppal, "Cisco IOS Shellcode," BlackHat US, 2008.
18 J. Zaddach, "Embedded devices' firmware reversing," MOCA 2012, 2012.
19 C. Luk, R. Cohn, R. Muth, H. Patil, A. Klauser, G. Lowney, S. Wallace, V. J. Reddi and K. Hazelwood, "Pin: building customized program analysis tools with dynamic instrumentation," Proc. of the ACM SIGPLAN Conf. on Programming Language Design and Implementation (PLDI), pp.190-200, 2005.
20 N. Nethercote and J. Seward, "Valgrind: a framework for heavyweight dynamic binary instrumentation," SIGPLAN Not., Vol.42, No.2, pp.89-100, 2007.   DOI
21 F. Bellard, "QEMU, a fast and portable dynamic translator," Proc. of the USENIX 2005 Annual Technical Conference, FREENIX Track, pp.41-46, 2005.
22 G. Delugre, "Closer to metal: Reverse engineering the Broadcom NetExtreme's firmware," HACK.LU 2010, 2010.
23 S. Muniz and A. Ortega, "Fuzzing and Debugging Cisco IOS," BlackHat EU, 2011.
24 ARM, "CoreSight Architecture Specification," ARM IHI0029B, 2005.
25 CVE-2013-4254 [Internet], http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-4254.
26 The Volatility Framework [Internet], http://code.google.com/p/volatility/.