Systematically Detecting Packet Validation Vulnerabilities in Embedded Network Stacks

This is a brief for the research paper “Systematically Detecting Packet Validation Vulnerabilities in Embedded Network Stacks”, published in the technical track of the International Conference on Automated Software Engineering (ASE 2023). This work was led by Paschal Amusuo. The full paper is available <a href="https://arxiv.org/abs/2308.10965" rel="noopener ugc nofollow" target="_blank">here</a>. Paschal wrote this post, which I have lightly edited. We are grateful to the US National Science Foundation and to Rolls Royce for funding this research project. Incidentally, the authors of this project hail from 4.5 continents: Africa (Amusuo), South America (Méndez), Asia (Xu), India (Machiry), and North America (Davis). <h1>Motivation and Background</h1> <h2>The “I” in “IoT” is for Embedded Network Stack</h2> We live in the age of the Internet of Things (IoT). Everyday gadgets and industry systems are being connected to networks to enable remote sensing and control. Our ovens and our cars use Embedded Network Stacks (ENS) to network with other devices, e.g. over the Internet (think of a WiFi baby monitor), through your phone (think of a Bluetooth app for your car), or on a company intranet (critical infrastructure such as dams and nuclear reactors, though you may remember that water treatment facility in Florida that was connected to the Internet with inadequate authentication…). As a result, these ENSs become the access point for packets arriving at the embedded system. Any vulnerability in these ENSs could expose the underlying embedded system to exploitation. Recent industry-led research has shown that popular embedded network stacks contain critical vulnerabilities, leading to the security flaws in the systems that rely on them. <a href="https://blog.stackademic.com/systematically-detecting-packet-validation-vulnerabilities-in-embedded-network-stacks-4a9954ff393d">Website</a>