Design and Implementation of Memory Protection in a Single Address Space Firmware

This thesis represents the conclusion of my Master’s Degree in Embedded Systems Development between Eurecom University, France, and Polytechnic of Turin, Italy. My university studies have focused on many aspects of embedded system development, from the Hardware to the Software design, as well as more diverse subjects, such as Cyber Security and Machine Learning. My academic track concludes with an internship at HP Security Labs in Bristol. This document’s contents are based on the work that I did during this experience. HP Security Labs is part of the broad network of research of HP. In an industrial research environment, the focus is not on developing final products, which is Business Unit’s job but on exploring the newest topics that the current research offers and leverage them based on the strategy of the company. The labs have also the role to define new strategies, thanks to their attention to the newest trends in technology. The following thesis is centered around the enhancement of the security of an Embedded system running on a microcontroller. In order to achieve this, intense activity of research in the wide domain of the Security of Embedded Systems preceded. This area of research is very active thanks to the importance and capabilities required by Embedded Systems nowadays; the challenge is to adapt to the particular case of study the huge quantity of material that the literature offers. The rapid growth of the embedded systems sector has brought several enhancements to the functionalities implemented, especially in terms of connectivity which lead to the explosion of the IoT market. This process has created two important consequences on the security: •??Embedded devices handle increasingly sensitive data, and so information which is a high-value asset •??The attack surface has increased, given the bigger exposure of the system to external interfaces. At the same time, the strict constraints in terms of performance, area and especially cost found in these devices, make security challenging, but still a requirement that has to be met. So while the industry plans on exploiting the full potential from embedded systems, it is important to accompany this process with the right security awareness.