| CPC G06F 21/577 (2013.01) [G06F 8/65 (2013.01); G06F 21/54 (2013.01); G06F 2221/033 (2013.01)] | 24 Claims |
|
1. A system for embedded device vulnerability identification and mitigation, comprising:
one or more hardware processors; and
a non-transitory machine-readable storage medium encoded with instructions executable by the one or more hardware processors to perform operations comprising:
injecting at least one security software component into a firmware binary to create a monitored firmware binary;
loading the monitored firmware binary into an embedded device;
collecting live forensic information related to the monitored firmware binary via the injected at least one security software component;
detecting, by the injected at least one security software component, an unauthorized modification to the monitored firmware binary based on the live forensic information and static analysis data, the static analysis data comprising data generated by one or more static analysis techniques before operation of the firmware binary, wherein the unauthorized modification to the monitored firmware binary comprises an unauthorized modification of at least one in memory data item acted upon by one or more functions of the modified firmware binary;
based on the detected unauthorized modification, identifying one or more areas within the monitored firmware binary; and
modifying the identified one or more areas within the monitored firmware binary while the monitored firmware binary is running to create a hardened firmware binary that limits the identified one or more areas within the monitored firmware binary to a reduced set of operating software functions selected to reduce the number of attack vectors available to an attacker based on a given configuration for the embedded device, the modifying comprising one or more of deactivating code strings in the identified one or more areas within the firmware binary, or removing code strings in the identified one or more areas within the firmware binary.
|