Tobias Scharnowski and Felix Buchmann (Ruhr-Universitat Bochum), Simon Woerner and Thorsten Holz (CISPA Helmholtz Center for Information Security)

Presenter: Tobias Scharnowski

Satellites perform critical functions of our modern digital infrastructure, such as providing communications, navigation, and earth observation services. Maintaining a satellite requires remote access, so securing that access is an essential aspect of developing and operating a satellite. While satellites have traditionally not been subjected to regular attacks, this might not hold in the future. Hence, securing satellite firmware—the software that controls the space segment of satellite missions— becomes increasingly relevant.

In this work, we perform a case study of applying recent embedded firmware analysis techniques to satellite payload data handling systems. We explore whether FUZZWARE, a state-of-the-art firmware fuzz testing system, can be used to these firmware images. During this case study, we also describe and apply the process of manually optimizing FUZZWARE configurations for firmware targets, and measure the impact of different optimizations. Finally, we identify challenging aspects of fuzz testing satellite firmware and directions for future work to optimize fuzz testing performance in a fully automated manner. As part of our case study, we identified and responsibly disclosed 6 bugs in 3 satellite firmware images.

View More Papers

Folk Models of Misinformation on Social Media

Filipo Sharevski (DePaul University), Amy Devine (DePaul University), Emma Pieroni (DePaul University), Peter Jachim (DePaul University)

Read More

Assessing the Impact of Interface Vulnerabilities in Compartmentalized Software

Hugo Lefeuvre (The University of Manchester), Vlad-Andrei Bădoiu (University Politehnica of Bucharest), Yi Chen (Rice University), Felipe Huici (Unikraft.io), Nathan Dautenhahn (Rice University), Pierre Olivier (The University of Manchester)

Read More

PPA: Preference Profiling Attack Against Federated Learning

Chunyi Zhou (Nanjing University of Science and Technology), Yansong Gao (Nanjing University of Science and Technology), Anmin Fu (Nanjing University of Science and Technology), Kai Chen (Chinese Academy of Science), Zhiyang Dai (Nanjing University of Science and Technology), Zhi Zhang (CSIRO's Data61), Minhui Xue (CSIRO's Data61), Yuqing Zhang (University of Chinese Academy of Science)

Read More

The evolution of program analysis approaches in the era...

Alex Matrosov (CEO and Founder of Binarly Inc.)

Read More