动态分析，通过重定位技术，是嵌入式系统软件安全性评估的重要能力。现有的重定位技术旨在通过精确模拟硬件和外设交互提供高保真度执行。然而，由于可用外设数量的增加以及为多样化硬件设计仿真模型所涉及的复杂性，这些技术在实际应用中面临诸多挑战。此外，与现有工作的指导信念相反，我们对已报告漏洞的分析表明，暴露大多数嵌入式软件中的漏洞并不需要高保真度执行。我们的核心假设是安全漏洞更可能出现在较高的抽象层次上。为了验证这一假设，我们引入了LEMIX框架，该框架通过将嵌入式应用重定位为脱离硬件依赖的x86 Linux应用，从而实现动态分析。使嵌入式应用能够在Linux上原生运行，有助于利用现有的分析技术和Linux平台强大的硬件资源提高测试吞吐量。我们开发了多种技术以解决将嵌入式应用转换为Linux应用时遇到的各种挑战。我们在四个实时操作系统（RTOS）下的18个真实世界嵌入式应用上评估了LEMIX，发现了12个应用中的21个新漏洞以及全部4个RTOS内核中的漏洞。结果表明，LEMIX在代码覆盖率（约提升2倍）和漏洞检测（多发现18个漏洞）方面均优于现有的最先进方法。

Dynamic analysis, through rehosting, is an important capability for security assessment in embedded systems software. Existing rehosting techniques aim to provide high-fidelity execution by accurately emulating hardware and peripheral interactions. However, these techniques face challenges in adoption due to the increasing number of available peripherals and the complexities involved in designing emulation models for diverse hardware. Additionally, contrary to the prevailing belief that guides existing works, our analysis of reported bugs shows that high-fidelity execution is not required to expose most bugs in embedded software. Our key hypothesis is that security vulnerabilities are more likely to arise at higher abstraction levels. To substantiate our hypothesis, we introduce LEMIX, a framework enabling dynamic analysis of embedded applications by rehosting them as x86 Linux applications decoupled from hardware dependencies. Enabling embedded applications to run natively on Linux facilitates security analysis using available techniques and takes advantage of the powerful hardware available on the Linux platform for higher testing throughput. We develop various techniques to address the challenges involved in converting embedded applications to Linux applications. We evaluated LEMIX on 18 real-world embedded applications across four RTOSes and found 21 new bugs in 12 of the applications and all 4 of the RTOS kernels. We report that LEMIX is superior to existing state-of-the-art techniques both in terms of code coverage (~2x more coverage) and bug detection (18 more bugs).