logo EDITE Sujets de doctorat

Securing Software Stacks in Embedded Systems

Sujet proposé par
Directeur de thèse:
Doctorant: Nassim CORTEGGIANI
Unité de recherche UMR 7102 Laboratoire de recherche d'EURECOM

Domaine: Sciences et technologies de l'information et de la communication

Projet

Software security and system resiliency against vulnerability exploitation has seen a huge evolution in the past 10 to 15 years. While desktops and server systems have seen their level of resistance to attacks (e.g. bu er overow attacks) improved, this is not true at all for most embedded systems. Security in embedded systems mostly focused on performing secure cryptographic computation (e.g., resistance to side channels and faults attacks) or to secure very small and closed platforms (JavaCard). On the other hand there is an important need for techniques that can be applied to embedded devices that are not security devices but devices we have to rely on nevertheless. Such devices often cannot a ord high end hardware security measures or have to provide many features, making code bases larger and security more dicult. Finally, the hardening techniques available in general purpose systems are often dicult to port to embedded systems, either they need to be adapted or new techniques needs to be designed taking those as inspiration.

Enjeux

This section describes a preliminary work plan, which seems as of today an interesting path, that both corresponds to the expectations of Maxim Integrated and has a big potential for research contributions. It is however clear that it is inherent to the research process to deviate from original plans and to explore interesting ideas that are discovered but may not have been foreseen initially [2]. As such, this plan is an initial goal from which the actual work may deviate1 as we jointly identify and agree on interesting problems to solve. As typically done in a PhD, the student will start by a state of the art phase where he will get comfortable with the eld of software security and exploitation. There is quite a lot of literature on the topic, therefore the student will start with survey papers [10, 16, 6, 15] on the topic, then dive into more speci c papers. Some focus will then be given in understanding what can be done in embedded systems. In particular, a good exercise will be to start with experimenting with Linux kernel patch GR- Security/PAX 2 on ARM. This could be done on a platform from Maxim integrated (e.g., a base platform for point of sale devices). Many of the today's techniques present in most systems where pioneered by GRSecurity/PAX, like Address Space Layout Randomization (ASLR) [13] and making memory writable or executable (\NX" or WX techniques [14]). There are many other more recent techniques present to prevent many classes of bugs like integer overows, kernel or userspace stack overow (not to be confused with stack based bu er over ow), kernel null pointer de-references, etc. Finally, lower end platforms, that are not based on Linux but, for example, on a small RTOS, or even without an OS, also need protection. Therefore it will be worth to evaluate how pertinent the linux-oriented techniques are and can be applied here and if new, different techniques need to be designed specifically for those targets. Another aspect will be embedded system software security testing, in- deed communication interfaces of such systems (such as WIFI, ethernet, bluetooth. . . ) expose an important attack surface. While, as described before, hardening systems make attacks harder there is also a need for dis- covering and suppressing the vulnerabilities before shipping the products. In this respect large scale software testing has been used, for example at Microsoft [7, 8, 3], to discover vulnerabilities in large software such as the Office suite. Such techniques are however difficult to use in embedded devices [17] when little is known about the hardware and software. It is an interesting direction to evaluate the feasibility to perform similar work in embedded devices when hardware and software is known. Once the state of the art will be well advanced (about 6 months), the above directions will be explored in more details leading to the core of the thesis contributions. Finally, the last few months will be dedicated to writing the thesis and preparing the defense. What is expected is to develop expertise in term of attacks in parallel to countermeasures skills. That’s a good behavior in the security domain to be aware of attacks potentials and to behave as an attacker first, to be able to develop the most accurate countermeasures.