As the number of embedded devices grows and their functional requirements increase, embedded firmware is becoming increasingly larger, thereby expanding its attack surface. Despite the increase in firmware size, many embedded devices, such as robotic vehicles (RVs), operate in distinct modes, each requiring only a small subset of the firmware code at runtime. We refer to such devices as mode-based embedded devices. Debloating is an approach to reduce attack surfaces by removing or restricting unneeded code, but existing techniques suffer from significant limitations, such as coarse granularity and irreversible code removal, limiting their applicability. To address these limitations, we propose RVDebloater, a novel adaptive debloating technique for mode-based embedded devices that automatically identifies unneeded firmware code for each mode using either static or dynamic analysis, and dynamically debloats the firmware for each mode at the function level at runtime. RVDebloater introduces a new software-based enforcement approach that supports diverse mode-based embedded devices. We implemented RVDebloater using the LLVM compiler and evaluated its efficiency and effectiveness on six different RVs, including both simulated and real ones, with different real-world missions. We find that device requirements change throughout its lifetime for each mode, and that many critical firmware functions can be restricted in other modes, with an average of 85% of functions not being required. The results showed that none of the missions failed after debloating with RVDebloater, indicating that it neither incurred false positives nor false negatives. Further, RVDebloater prunes the firmware call graph by an average of 45% across different firmware. Finally, RVDebloater incurred an average performance overhead of 3.9% and memory overhead of 4% (approximately 0.25 MB) on real RVs.

翻译：随着嵌入式设备数量的增长及其功能需求的增加，嵌入式固件规模日益庞大，从而扩大了其攻击面。尽管固件尺寸不断增大，但许多嵌入式设备（如机器人车辆）在运行时仅需固件代码的一小部分子集，且通常以不同模式运行。我们将此类设备称为基于模式的嵌入式设备。代码精简是一种通过移除或限制不需要的代码来缩减攻击面的方法，但现有技术存在显著局限性，例如粒度粗糙和代码移除不可逆，限制了其适用性。为应对这些局限性，本文提出RVDebloater——一种面向基于模式的嵌入式设备的新型自适应精简技术。该技术通过静态或动态分析自动识别各模式下不需要的固件代码，并在运行时以函数粒度动态执行固件精简。RVDebloater引入了一种基于软件的新型执行机制，可支持多样化的基于模式的嵌入式设备。我们基于LLVM编译器实现了RVDebloater，并在六款不同机器人车辆（包括仿真和实体设备）上通过多种实际任务评估了其效率与有效性。研究发现：设备在各模式下的需求会随生命周期变化，且大量关键固件函数在其他模式下可被限制——平均85%的函数非必需。实验结果表明，经RVDebloater精简后所有任务均正常运行，表明其既未产生误报也未出现漏报。此外，RVDebloater在不同固件中将调用图规模平均缩减45%。最终，在实体机器人车辆上实测的平均性能开销为3.9%，内存开销为4%（约0.25 MB）。