polito.it
Politecnico di Torino (logo)

On the applicability of software attestation techniques to embedded systems.

Marco Zudettich

On the applicability of software attestation techniques to embedded systems.

Rel. Cataldo Basile, Antonio Lioy, Alessio Viticchie'. Politecnico di Torino, Corso di laurea magistrale in Ingegneria Informatica (Computer Engineering), 2019

[img]
Preview
PDF (Tesi_di_laurea) - Tesi
Licenza: Creative Commons Attribution Non-commercial No Derivatives.

Download (994kB) | Preview
[img] Archive (ZIP) (Documenti_allegati) - Altro
Licenza: Creative Commons Attribution Non-commercial No Derivatives.

Download (4MB)
Abstract:

Software has been developed around any aspect of technology in the last few years. It has become a core part of every device, not only for personal use but also in industrial and automotive environments. A direct raise in security issues has come with its spread, particularly for programs executing in third-party contexts. A company's income might rely on software operating on devices it does not own (take smartphones for example). If physical control is not an option, an attacker can open the device, attach a debugger and potentially tamper its software. The only possible defense is to detect these attacks and take the proper countermeasures. Software attestation is a technique through which the integrity of a program can be monitored remotely. A valid example of software attestation procedure is the ASPIRE project's remote attestator. This project offers a complete framework for binary protection, but its structure and its dependencies create a problem in terms of portability. This paper elaborates on two issues. The first regards the possibility of solving the ASPIRE remote attestator's portability problems. A standalone test version of the remote attestator was extracted from the ASPIRE project. This detachment removes some dependencies and increases its portability. The second point is an analysis of the extent to which this attestation procedure can be ported to different platforms. The attestator's requirements were discussed and analyzed during this work. The results suggest that the attestator should be adaptable to most of the embedded operating systems on the market. The attestator alone does not provide complete protection of the binary since there are various methods to bypass its checks. Nevertheless, it is a valuable option to add along with other protection mechanisms. This study also shows it is portable to embedded systems, which makes it a remarkably valuable technique.

Relatori: Cataldo Basile, Antonio Lioy, Alessio Viticchie'
Anno accademico: 2019/20
Tipo di pubblicazione: Elettronica
Numero di pagine: 82
Soggetti:
Corso di laurea: Corso di laurea magistrale in Ingegneria Informatica (Computer Engineering)
Classe di laurea: Nuovo ordinamento > Laurea magistrale > LM-32 - INGEGNERIA INFORMATICA
Aziende collaboratrici: NON SPECIFICATO
URI: http://webthesis.biblio.polito.it/id/eprint/13197
Modifica (riservato agli operatori) Modifica (riservato agli operatori)