Digital Twin: a new approach to tracking BIOS and Hardware level security information = Digital Twin: a new approach to tracking Hardware and Firmware level security information

Throughout recent years, we have seen a resurgence in attacks targeting the lower levels of the technological stack. Looking to exploit the UEFI/BIOS environment, attackers have started exploiting a growing number of vulnerabilities below the Operating System (OS). This kind of attack aims at leveraging the complexity of gathering information about a device's lower-level configuration, which, combined with the lack of scalable management solutions at this level, makes detecting and remediating such attacks much harder. In this thesis, we will start by recounting a brief history of low-level attacks and then explain why platform security must focus on two fundamental challenges: digital transparency, i.e. the ability to access critical device information; and manageability, i.e. the ability to perform complex analytics on large fleets of devices. After defining the current challenges in platform security, we propose our solution to tackle them: a system for tracking, identifying and managing device configurations based on the Digital Twin (DT) model. The DT model aims at creating a digital representation of the device's configuration. This twinning, created by merging real-time and historical data, allows the DT to make the platform security landscape safer by offering better management, information tracking and security analytics. To efficiently store and process device configurations, we've modelled three different data structures tailored to store different core low-level attributes based on their frequency of change and ease of correlation. Leveraging this powerful data aggregation structure, the DT model developed in this thesis provides security services and management solutions with a trusted interface to access devices' past or current configurations. Compared to current-day solutions, the DT model increases data transparency by providing access to historical data. The DT system developed is a cloud-based microservice architecture that stores trusted and accurate device data across multiple storage modules. Using the custom architecture designed in this thesis, the DT model can track large fleets of devices, providing historical trends, security analytics and detailed reporting. This process of data aggregation allows for improved manageability, solving the second of our challenges. In response to the urgent need for a better solution in tracking and managing low-level device configurations, this thesis provides a scalable solution based on the DT paradigm. Our research shows that infrastructures such as the DT system developed help solve the platform security challenges posed at the beginning of this thesis, as well as future-proofing the low-level security environment.