Repairing COTS Router Firmware without Access to Source Code or Test Suites: A Case Study in Evolutionary Software Repair

Created by W.Langdon from gp-bibliography.bib Revision:1.4420

  author =       "Eric Schulte and Westley Weimer and 
                 Stephanie Forrest",
  title =        "Repairing {COTS} Router Firmware without Access to
                 Source Code or Test Suites: A Case Study in
                 Evolutionary Software Repair",
  booktitle =    "Genetic Improvement 2015 Workshop",
  year =         "2015",
  editor =       "William B. Langdon and Justyna Petke and 
                 David R. White",
  pages =        "847--854",
  address =      "Madrid",
  publisher_address = "New York, NY, USA",
  month =        "11-15 " # jul,
  organisation = "SIGEvo",
  publisher =    "ACM",
  note =         "Best Paper",
  keywords =     "genetic algorithms, genetic programming, Genetic
  isbn13 =       "978-1-4503-3488-4",
  URL =          "",
  URL =          "",
  DOI =          "doi:10.1145/2739482.2768427",
  size =         "8 pages",
  abstract =     "The speed with which newly discovered software
                 vulnerabilities are patched is a critical factor in
                 mitigating the harm caused by subsequent exploits.
                 Unfortunately, software vendors are often slow or
                 unwilling to patch vulnerabilities, especially in
                 embedded systems which frequently have no mechanism for
                 updating factory-installed firmware. The situation is
                 particularly dire for commercial off the shelf (COTS)
                 software users, who lack source code and are wholly
                 dependent on patches released by the vendor.

                 We propose a solution in which the vulnerabilities
                 drive an automated evolutionary computation repair
                 process capable of directly patching embedded systems
                 firmware. Our approach does not require access to
                 source code, regression tests, or any participation
                 from the software vendor. Instead, we present an
                 interactive evolutionary algorithm that searches for
                 patches that resolve target vulnerabilities while
                 relying heavily on post-evolution difference
                 minimisation to remove most regressions. Extensions to
                 prior work in evolutionary program repair include:
                 repairing vulnerabilities in COTS router firmware;
                 handling stripped MIPS executable; operating without
                 fault localisation information; operating without a
                 regression test suite; and incorporating user
                 interaction into the evolutionary repair process.

                 We demonstrate this method by repairing two well-known
                 vulnerabilities in version 4 of NETGEAR's WNDR3700
                 wireless router before NETGEAR released patches
                 publicly for the vulnerabilities. Without fault
                 localisation we are able to find repair edits that are
                 not located on execution traces. Without the advantage
                 of regression tests to guide the search, we find that
                 80percent of repairs of the example vulnerabilities
                 retain program functionality after minimisation. With
                 minimal user interaction to demonstrate required
                 functionality, 100percent of the proposed repairs were
                 able to address the vulnerabilities while retaining
                 required functionality.",
  notes =        "Slides:

Genetic Programming entries for Eric Schulte Westley Weimer Stephanie Forrest