Tesi etd-03142023-125318
Link copiato negli appunti
Tipo di tesi
Dottorato
Autore
DI LEONARDI, SANDRO
URN
etd-03142023-125318
Titolo
Addressing Security and Real-Time Constraints in Embedded Software
Settore scientifico disciplinare
ING-INF/05
Corso di studi
Istituto di Tecnologie della Comunicazione, dell'Informazione e della Percezione - PHD IN EMERGING DIGITAL TECHNOLOGIES
Commissione
Membro Prof. FOGLIA, PIERFRANCESCO
Membro MATTEUCCI, ILARIA
Presidente Prof. BIONDI, ALESSANDRO
Membro MATTEUCCI, ILARIA
Presidente Prof. BIONDI, ALESSANDRO
Parole chiave
- safety
- schedulability analysis
- security optimization
Data inizio appello
25/07/2023;
Disponibilità
completa
Riassunto analitico
Recent technological advances in cyber-physical systems have opened up new possible attack surfaces for malicious software and hardware.
Over the last few years, information security has become an aspect of fundamental importance in various systems, including embedded systems. Given the growing susceptibility to malicious cyber attacks, this Ph.D. work, finalized with this thesis, aims at providing tools to ensure security and invulnerability.
The defense techniques available differ in processing times, performance, and optimization of the computational load.
This thesis represents a technological contribution towards realizing appropriate defense techniques respecting the fundamental time constraints for real-time systems.
In particular, this thesis addresses two main research aspects, one focused on studying possible software attack surfaces at the source code level with the appropriate countermeasures, and the other focused on providing efficient mechanisms to reduce computation times and guarantee timing constraints.
On the first aspect, the thesis proposes methods for identifying software vulnerabilities, referring to the international community's standards. For each of them, there are appropriate countermeasures that, when correctly managed, analyzed, and combined, can guarantee a certain level of system security starting from the source code. Existing approaches aim at detecting undefined or suspicious actions at source code compile time by checking when the application terminates unexpectedly. However, related countermeasures tend to increase the overhead of the system. In the industrial environment, a number of coding rules have been defined to make the software for embedded systems more secure. A secure system must guarantee safety, security, and reliability.
In this thesis, the proposed security strategy uses a fundamental unit of the machine code to meet these needs: the basic block. Leveraging information at the basic block level allows to act in a granular and direct way in creating countermeasures without interfering with sections of code not susceptible to attack.
The second topic addressed in the thesis investigates how to measure the WCET (worst-case execution time) of a single basic-block unit.
The intrinsic aspects of timing and security, for instance, the measurement of the timing behavior of security-related code, have been the subject of extensive studies, as the basic block characterization is not sufficiently present in the scientific literature.
The identification and characterization of the temporal analysis, necessary for a real-time system, has traditionally been developed through techniques that analyze the source code in combination with the control flow and make a measurement of the single basic blocks for all the paths that compose the control flow.
This thesis proposes and describes a comprehensive approach to secure real-time systems or systems subject to timing constraints, leveraging a quantitative assignment of the security level of the software to determine an optimal configuration of security mechanisms in the application. This approach, combined with international standards of safety-critical industrial software, has also guided the development of a safe operating system for the railway sector.
Over the last few years, information security has become an aspect of fundamental importance in various systems, including embedded systems. Given the growing susceptibility to malicious cyber attacks, this Ph.D. work, finalized with this thesis, aims at providing tools to ensure security and invulnerability.
The defense techniques available differ in processing times, performance, and optimization of the computational load.
This thesis represents a technological contribution towards realizing appropriate defense techniques respecting the fundamental time constraints for real-time systems.
In particular, this thesis addresses two main research aspects, one focused on studying possible software attack surfaces at the source code level with the appropriate countermeasures, and the other focused on providing efficient mechanisms to reduce computation times and guarantee timing constraints.
On the first aspect, the thesis proposes methods for identifying software vulnerabilities, referring to the international community's standards. For each of them, there are appropriate countermeasures that, when correctly managed, analyzed, and combined, can guarantee a certain level of system security starting from the source code. Existing approaches aim at detecting undefined or suspicious actions at source code compile time by checking when the application terminates unexpectedly. However, related countermeasures tend to increase the overhead of the system. In the industrial environment, a number of coding rules have been defined to make the software for embedded systems more secure. A secure system must guarantee safety, security, and reliability.
In this thesis, the proposed security strategy uses a fundamental unit of the machine code to meet these needs: the basic block. Leveraging information at the basic block level allows to act in a granular and direct way in creating countermeasures without interfering with sections of code not susceptible to attack.
The second topic addressed in the thesis investigates how to measure the WCET (worst-case execution time) of a single basic-block unit.
The intrinsic aspects of timing and security, for instance, the measurement of the timing behavior of security-related code, have been the subject of extensive studies, as the basic block characterization is not sufficiently present in the scientific literature.
The identification and characterization of the temporal analysis, necessary for a real-time system, has traditionally been developed through techniques that analyze the source code in combination with the control flow and make a measurement of the single basic blocks for all the paths that compose the control flow.
This thesis proposes and describes a comprehensive approach to secure real-time systems or systems subject to timing constraints, leveraging a quantitative assignment of the security level of the software to determine an optimal configuration of security mechanisms in the application. This approach, combined with international standards of safety-critical industrial software, has also guided the development of a safe operating system for the railway sector.
File
Nome file | Dimensione |
---|---|
Addressi...tware.pdf | 1.38 Mb |
Contatta l'autore |