Firmware Verification

Project overview:

• Location: Amsterdam/ Eindhoven
  
• Time frame: 6-12 months
• Starting: 1 October 2022
• Complexity: High
• Team: Security Specialists
• Supervisor: Ena Kurtovic

As a student, you have:

Education:

• An HBO or WO level of education in the field of information security or computer science.

Technical skills:

• ARM/Aarch64, Binwalk, BANG, Capstone Engine, Unicorn Engine , Qiling Framework, AFL++ familiarity is a bonus;
  
• Proven skills or experience in binary analysis methods;
• Programming experience in Python;
• Experience in reading ARM and/or MIPS assembly;
• Experience in reading formal proofs and an understanding of graph theory;
  
  Soft skills:

• Ability to work well in an international team environment;
• Good communication skills, self-organization;
• Clear documentation writing skills.
• The project you will be working on:

Secura is currently involved in a large scale EU level project called REWIRE. The objective of REWIRE is to provide a holistic framework for continuous security assessment and management throughout the entire lifecycle of IoT devices under the zero-trust concept. The scope of the project is targeted to firmware for devices used in smart cities, smart satellites, and the automotive industry. This means the software architecture is limited to ARM and Aarch64 processors.

The REWIRE project aims to automatically verify the integrity of firmware images as well as open source code. This means it will make use of static design-time analysis and an analysis during runtime. In the case of design-time analysis the state of the art varies slightly depending on the source code language being used, but generally relies on pattern checks.

As an intern, you will be responsible for the following:

1. Acquire an understanding of the project and used technologies;

2. Design a solution through which firmware integrity verification will be processed including:

• Firmware unpacking;
• Firmware sanitization;
• Coverage guided fuzzing;
• Static symbolic execution;
  
  

3. Implement the solution.

4. Test the effectiveness of your implementation and improve it where necessary;

5. Document the process and results.