Critical vulnerabilities continue to be discovered in the boot process of Android smartphones used around the world. The entire device's security is compromised if boot security is compromised, so any weakness presents undue risk to users. Vulnerabilities persist, in part, because independent security analysts lack access and appropriate tools. In response to this gap, we implemented a procedure for emulating the early phase of the Android boot process. This work demonstrated feasibility and utility of emulation in this space. By using HALucinator, we derived execution context and data flow, as well as incorporated peripheral hardware behavior. While smartphones with shared processors have substantial code overlap regardless of vendor, generational changes can have a significant impact. By applying our approach to older and modern devices, we learned interesting characteristics about the system. Such capabilities introduce new levels of introspection and operation understanding not previously available to mobile researchers.
Trust in a microelectronics-based system can be characterized as the level of confidence that a system is free of subversive alterations made during system development, or that the development process of a system has not been manipulated by a malicious adversary. Trust in systems has become an increasing concern over the past decade. This article presents a novel game-theoretic framework, called GPLADD (Graph-based Probabilistic Learning Attacker and Dynamic Defender), for analyzing and quantifying system trustworthiness at the end of the development process, through the analysis of risk of development-time system manipulation. GPLADD represents attacks and attacker-defender contests over time. It treats time as an explicit constraint and allows incorporating the informational asymmetries between the attacker and defender into analysis. GPLADD includes an explicit representation of attack steps via multi-step attack graphs, attacker and defender strategies, and player actions at different times. GPLADD allows quantifying the attack success probability over time and the attacker and defender costs based on their capabilities and strategies. This ability to quantify different attacks provides an input for evaluation of trust in the development process. We demonstrate GPLADD on an example attack and its variants. We develop a method for representing success probability for arbitrary attacks and derive an explicit analytic characterization of success probability for a specific attack. We present a numeric Monte Carlo study of a small set of attacks, quantify attack success probabilities, attacker and defender costs, and illustrate the options the defender has for limiting the attack success and improving trust in the development process.