Securing Software Stacks in Embedded Systems
Sujet proposé par
Directeur de thèse:
Unité de recherche
Laboratoire de recherche d'EURECOM
Domaine: Sciences et technologies de l'information et de la communication
Software security and system resiliency against vulnerability exploitation has seen a huge evolution in the past 10 to 15 years. While desktops and server systems have seen their level of resistance to attacks (e.g. buer overow attacks) improved, this is not true at all for most embedded systems. Security in embedded systems mostly focused on performing secure cryptographic computation (e.g., resistance to side channels and faults
attacks) or to secure very small and closed platforms (JavaCard). On the other hand there is an important need for techniques that can be applied to embedded devices that are not security devices but devices we have to rely on nevertheless. Such devices often cannot aord high end hardware security measures or have to provide many features, making code bases larger and security more dicult. Finally, the hardening techniques available in general purpose systems are often dicult to port to embedded systems, either they need to be adapted or new techniques needs to be designed taking those as inspiration.
This section describes a preliminary work plan, which seems as of today an interesting path, that both corresponds to the expectations of Maxim Integrated and has a big potential for research contributions. It is however clear that it is inherent to the research process to deviate from original plans and to explore interesting ideas that are discovered but may not have been foreseen initially . As such, this plan is an initial goal from
which the actual work may deviate1 as we jointly identify and agree on interesting problems to solve.
As typically done in a PhD, the student will start by a state of the art phase where he will get comfortable with the eld of software security and exploitation. There is quite a lot of literature on the topic, therefore the student will start with survey papers [10, 16, 6, 15] on the topic, then dive into more specic papers. Some focus will then be given in understanding what can be done in embedded systems. In particular, a good exercise will be to start with experimenting with Linux kernel patch GR-
Security/PAX 2 on ARM. This could be done on a platform from Maxim
integrated (e.g., a base platform for point of sale devices). Many of the today's techniques present in most systems where pioneered by GRSecurity/PAX, like Address Space Layout Randomization (ASLR)  and making memory writable or executable (\NX" or WX techniques ).
There are many other more recent techniques present to prevent many classes of bugs like integer overows, kernel or userspace stack overow (not to be confused with stack based buer over
ow), kernel null pointer de-references, etc. Finally, lower end platforms, that are not based on Linux but, for example, on a small RTOS, or even without an OS, also
need protection. Therefore it will be worth to evaluate how pertinent the linux-oriented techniques
are and can be applied here and if new, different techniques need to be designed specifically for
Another aspect will be embedded system software security testing, in- deed communication interfaces
of such systems (such as WIFI, ethernet, bluetooth. . . ) expose an important attack surface.
While, as described before, hardening systems make attacks harder there is also a need for dis-
covering and suppressing the vulnerabilities before shipping the products. In this respect large
scale software testing has been used, for example at Microsoft [7, 8, 3], to discover
vulnerabilities in large software such as the Office suite. Such techniques are however difficult
to use in embedded devices  when little is known about the hardware and software. It is an
interesting direction to evaluate the feasibility to perform similar work in embedded devices when
hardware and software is known.
Once the state of the art will be well advanced (about 6 months), the above directions will be
explored in more details leading to the core of the thesis contributions. Finally, the last few
months will be dedicated to writing the thesis and preparing the defense.
What is expected is to develop expertise in term of attacks in parallel to countermeasures skills.
That’s a good behavior in the security domain to be aware of attacks potentials and to behave as an
attacker first, to be
able to develop the most accurate countermeasures.