|
Scalpel: Inserting Code into Firmware Images
Navy SBIR FY2016.1
| Sol No.: |
Navy SBIR FY2016.1 |
| Topic No.: |
N161-070 |
| Topic Title: |
Scalpel: Inserting Code into Firmware Images |
| Proposal No.: |
N161-070-0167 |
| Firm: |
GrammaTech, Inc
531 Esty Street
Ithaca, New York 14850 |
| Contact: |
Matt Noonan |
| Phone: |
(607) 273-7340 |
| Web Site: |
http://www.grammatech.com |
| Abstract: |
As critical embedded systems age or their requirements shift, it is imperative that the firmware running these installed systems can be upgraded and extended long into the future. Yet the tremendous variety of embedded system architectures currently in use makes it difficult for a developer to maintain expertise across many devices. GrammaTech proposes SCALPEL, a tool for rewriting embedded firmware using high-level views of the target binary. SCALPEL will enable developers to write patches at a high level of abstraction, while automating the process of implementing the patch on the target architecture. SCALPEL will greatly reduce the patch- development workload by separating concerns: the developer may focus on what the patch must do and where it should be applied, leaving SCALPEL to determine how to implement the patch safely and with minimal disruption. SCALPEL also presents high-level, decompiled views of the firmware image to the developer, aiding in detection of bugs and enabling patches that reference or modify source-level entities. SCALPEL builds on top of GrammaTech's mature multi-platform static analysis tool CodeSurfer for Binaries by presenting a streamlined and user-friendly API that generates safe, low-level rewriting operations to be executed by CodeSurfer's rewriting engine. |
| Benefits: |
GrammaTech's proposed Scalpel tool will provide development teams, IT organizations, and individuals with the ability to more efficiently patch and modify firmware as embedded systems age. It will enable developers to rapidly locate bugs and points of interest in a target firmware image; once found, patches may be implemented using a high-level language that obviates the need for domain-specific knowledge of the wide variety of embedded architectures in common use. By synthesizing decompiled C code and debug information, Scalpel will also allow developers to apply COTS debuggers and source-code static analysis tools to aid in the process of developing firmware patches. Scalpel is targeted at organizations that must maintain firmware for which the source code is unavailable or incomplete --- for example, when the original vendor is no longer in business, or does not respond to bug reports with adequate speed. By lowering the barrier-to-entry for firmware rewriting, Scalpel enables these organizations to exercise greater control of the embedded systems that are critical to their business. |
Return
|