DEF CON Forum Site Header Art


No announcement yet.

AV Talk: Space System Binary Analysis: Gaining Assurance or Discovering Zero-Days?

  • Filter
  • Time
  • Show
Clear All
new posts

  • AV Talk: Space System Binary Analysis: Gaining Assurance or Discovering Zero-Days?

    Abstract: With the proliferation of open source and 3rd party proprietary software, the spacecraft/embedded community needs to identify tools and techniques on the market or open sourced to evaluate the security posture of software without the presence of source code. As the commercialization of space increases or access to source code is not part of the contract deliverable, it is getting more common that spacecraft/embedded binaries are a black box. With black boxes, the appetite for unknown risk acceptance is often more palatable than performing in-depth analysis for the fear of the unknown. The head in the sand mentality still prevails in certain circles where some would prefer to accept unknown risk than known risk. Looking under the hood may result in a zero-day discovery that could be detrimental. From a cybersecurity perspective it is usually better to know the risk vice ignore it; therefore, as the lack of visibility on spacecraft software increases it becomes necessary to perform analysis to gain as much assurance as possible that the software is free of weaknesses, vulnerabilities or even malicious features. There needs to be a way to perform binary inspection in a cost effective, fast, repeatable manner which can be constantly enhanced to have the latest capability to build secure products. By assessing the quality of components and identifying vulnerabilities, you will be able to explore the attack surface of custom software, determine high risk components and help remediate vulnerabilities. This presentation will highlight analysis tools and methods where access to source code will not be required. The focus will include embedded applications and some traditional x86_64 binaries. Case studies will be presented to determine if these methods can be used to detect weaknesses/vulnerabilities within a spacecraft binary. This presentation will highlight results from a study on the best of breed in relation to static binary analysis techniques