Modern cybersecurity techniques such as fuzzing, symbolic execution, and error amplification enable accurate and actionable detection of software vulnerabilities. However, barriers to widespread adoption of these techniques remain, including gaps in usability and scalability. Unique challenges arise for binary software with no available source code, and for embedded firmware, where hardware-in-the-loop execution has limited scalability and may even risk damaging a valuable device.
Our tools address the above barriers and challenges. Proteus is an advanced software testing system for automatically finding and fixing vulnerabilities. It enables fuzzing at scale and with high usability, even for binaries with no source code. It supports enhancements like symbolic execution, error amplification, and binary hardening to mitigate identified defects.
REAFFIRM and HALucinator support cybersecurity assessments for embedded firmware. REAFFIRM is able to unpack and analyze firmware, as well as extract individual components for fuzzing in emulation. HALucinator enables whole-firmware emulation, replacing hardware dependencies with software models. Using one or both of those tools, it is possible to construct a Cyber Digital Twin of a Cyber Physical System or other embedded device, and to perform safe, comprehensive, and scalable security assessments on that Digital Twin.