Automatic State Space Analysis for Modeling Untrusted Embedded Device Drivers

This paper presents a semi-automatic methodology to create abstract driver models to be used as formal reference when developing the firmware for embedded device drivers. Our methodology extracts the behavior of driver software automatically as an abstract finite state machine. This replaces manually crafting these models from informal specifications, which is error-prone, laborious, and does not account for undocumented behavior. Our approach specifically targets untrusted driver software that is only available as binary code, for example as third-party IP, and for which the source code is unknown. Our extracted model is formally sound with respect to the implementation, while still being understandable by a human developer. Our experiments for industry-size driver software demonstrate that human-readable, sound, abstract driver models can be extracted from binary code in affordable run times and with small manual effort.