Tuba Yavuz

Seyedehzahra Khoshmanesh, Tuba Yavuz, Robyn R. Lutz

Features in product lines and highly configurable systems can interact in ways that are contrary to developers' intent. Current methods to identify such unanticipated feature interactions are costly and inadequate. To address this problem we propose a new approach to learn feature interactions, both in those product lines where constraints on feature combinations are specified and in feature-rich configurable systems where such specifications often are not available. The contribution of the paper is to use program analysis to extract feature-relevant learning models from the source code in order to detect unwanted feature interactions. Where specifications of feature constraints are unavailable, our approach infers the constraints using feature-related data-flow dependency information. Evaluation in experiments on three software product line benchmarks and a highly configurable system shows that this approach is fast and effective. The contribution is to support developers by automatically detecting feature combinations in a new product or version that can interact in unwanted or unrecognized ways. This enables better understanding of latent interactions and identifies software components that should be tested together because their features interact in some configurations.

Grant Hernandez, Farhaan Fowze, Dave Tian et al.

The USB protocol has become ubiquitous, supporting devices from high-powered computing devices to small embedded devices and control systems. USB's greatest feature, its openness and expandability, is also its weakness, and attacks such as BadUSB exploit the unconstrained functionality afforded to these devices as a vector for compromise. Fundamentally, it is virtually impossible to know whether a USB device is benign or malicious. This work introduces FirmUSB, a USB-specific firmware analysis framework that uses domain knowledge of the USB protocol to examine firmware images and determine the activity that they can produce. Embedded USB devices use microcontrollers that have not been well studied by the binary analysis community, and our work demonstrates how lifters into popular intermediate representations for analysis can be built, as well as the challenges of doing so. We develop targeting algorithms and use domain knowledge to speed up these processes by a factor of 7 compared to unconstrained fully symbolic execution. We also successfully find malicious activity in embedded 8051 firmwares without the use of source code. Finally, we provide insights into the challenges of symbolic analysis on embedded architectures and provide guidance on improving tools to better handle this important class of devices.