Browsing by Author "Nyman, Thomas"

Filter results by typing the first few letters
Now showing 1 - 8 of 8
  • ASSURED: Architecture for Secure Software Update of Realistic Embedded Devices
    (2018-11) Asokan, N.; Nyman, Thomas; Rattanavipanon, Norrathep; Sadeghi, Ahmad-Reza; Tsudik, Gene
     A1 Alkuperäisartikkeli tieteellisessä aikakauslehdessä
    Secure firmware update is an important stage in the IoT device life-cycle. Prior techniques, designed for other computational settings, are not readily suitable for IoT devices, since they do not consider idiosyncrasies of a realistic large-scale IoT deployment. This motivates our design of ASSURED, a secure and scalable update framework for IoT. ASSURED includes all stakeholders in a typical IoT update ecosystem, while providing end-to-end security between manufacturers and devices. To demonstrate its feasibility and practicality, ASSURED is instantiated and experimentally evaluated on two commodity hardware platforms. Results show that ASSURED is considerably faster than current update mechanisms in realistic settings.
  • HardScope: Hardening Embedded Systems Against Data-Oriented Attacks
    (2019-06-02) Nyman, Thomas; Dessouky, Ghada; Zeitouni, Shaza; Lehikoinen, Aaro; Paverd, Andrew; Asokan, N.; Sadeghi, Ahmad-Reza
     A4 Artikkeli konferenssijulkaisussa
    Memory-unsafe programming languages like C and C++ leave many (embedded) systems vulnerable to attacks like control-flow hijacking. However, defenses against control-flow attacks, such as (fine-grained) randomization or control-flow integrity are in-effective against data-oriented attacks and more expressive Data-oriented Programming (DOP) attacks that bypass state-of-the-art defenses. We propose run-time scope enforcement (RSE), a novel approach that efficiently mitigates all currently known DOP attacks by enforcing compile-time memory safety constraints like variable visibility rules at run-time. We present Hardscope, a proof-of-concept implementation of hardware-assisted RSE for RISC-V, and show it has a low performance overhead of 3.2% for embedded benchmarks.
  • Java APIs for Trusted Execution Environments
    (2016-07-29) Yang, Rui
     Perustieteiden korkeakoulu | Master's thesis
    Based on GlobalPlatform (GP) Trusted Execution Environment (TEE) specifications, Open-TEE paved the way for ordinary developers to create and deploy Trusted Applications in a GP-compliant TEE. However, when developing an Android Client Application which intends to use the functionality of the GP-Compliant TEE, there still lacks an easy way of using the C binding GP TEE Client API. In this thesis, the problem is addressed in more details and the proposed solution by designing and prototyping a Java API is discussed.
  • Late breaking results: Authenticated call stack
    (2019-06-02) Liljestrand, Hans; Nyman, Thomas; Ekberg, Jan Erik; Asokan, N.
     A4 Artikkeli konferenssijulkaisussa
    Shadow stacks are the go-to solution for perfect backward-edge control-flow integrity (CFI). Software shadow stacks trade off security for performance. Hardware-assisted shadow stacks are efficient and secure, but expensive to deploy. We present authenticated call stack (ACS), a novel mechanism for precise verification of return addresses using aggregated message authentication codes. We show how ACS can be realized using ARMv8.3-A pointer authentication, a new low-overhead mechanism for protecting pointer integrity. Our solution achieves security comparable to hardware-assisted shadow stacks, while incurring negligible performance overhead (< 0.5%) but requiring no additional hardware support.
  • Siltanosturisarjan tuotevariaatioiden hallinta
    (2009) Nyman, Thomas
     Helsinki University of Technology | Master's thesis
    Diplomityön tavoitteena oli siltanosturisarjan mekaanisten osien tuotevariaatioiden hallitseminen NX ja Teamcenter ympäristössä. Yksi pääkannattajaisen siltanosturin nosto- ja siirtokoneistot ovat mahdollisesti sijoitettu pääkannattajan toiseen päähän. Työn aikana selvitettiin mahdollisuudet muokata pienellä parametrimäärällä asiakasvarioituvaa tuotetta. Tavoitteena oli määrittää säännöt komponenttien mitoitukseen ja sarjoittaa komponentit. Asiakasvarioituvuuden sisällyttäminen 3D-tuotemalliin edellytti modulaarisen tuotearkkitehtuurin hyödyntämistä. Tehokkaan projektikohtaisen tuotemallin luonti puolestaan vaati tuotemallin konfigurointia. Työn sisältöä rajoitettiin koskemaan teräsrakenteen ja nostokoneiston konfigurointia ja moduulijakoa valitussa siltanosturisarjassa. Teoriaosassa käsitellään olemassa olevaa siltanosturia, joka poikkeaa valitusta tuoteperheestä. Tämän lisäksi käydään läpi standardit, jotka vaikuttavat nosturin suunnitteluun. Työssä määriteltiin teräsrakenteen laskennalliset mitat ja otettiin huomioon ohjausvoimat pääkannattajan rakenteen suunnitellussa. Köysitykseen vaikuttavat asiat käsitellään teoriaosassa. Työssä ei käsitellä köysityksen esisuunnittelua, mutta tehdään valinta ideoidusta köysityksestä laskennan perusteella. Työn käytännön osuudessa tuoteperhe konfiguroidaan tuotetiedonhallintajärjestelmällä. Lisäksi työssä on käsitelty suunnitteluympäristön kannalta huomioitavia asioita, kuten geneerisen tuoterakenteen ja skeletonin luominen.
  • Protecting the stack with PACed canaries
    (2019-10-27) Liljestrand, Hans; Gauhar, Zaheer; Nyman, Thomas; Ekberg, Jan-Erik; Asokan, N.
     A4 Artikkeli konferenssijulkaisussa
    Stack canaries remain a widely deployed defense against memory corruption attacks. Despite their practical usefulness, canaries are vulnerable to memory disclosure and brute-forcing attacks. We propose PCan, a new approach based on ARMv8.3-A pointer authentication (PA), that uses dynamically-generated canaries to mitigate these weaknesses and show that it provides more fine-grained protec- tion with minimal performance overhead.
  • Realizing eID scheme on TPM 2.0 hardware
    (2016-05-09) Lehtomäki, Lari
     Perustieteiden korkeakoulu | Master's thesis
    Most of the financial, healthcare, and governmental services are available on Internet, where traditional identification methods used on face-to-face identification are not possible. Identification with username and password is a mediocre solution and therefore some services require strong authentication. Finland has three approved strong authentication methods: smart cards, bank credentials, and mobile ID. Out of the three authentication methods, only the government issued smart card is available to everyone who police can identify reliably. Bank credentials require identification with an identity document from Finland or other European Economic Area (EEA) country. Mobile ID explicitly require identification with Finnish identity document. The problem with smart cards is the requirement for a reader, slow functioning, and requirement for custom driver. A TPM could function as a replacement for a smart card with accompanying software library. In this thesis, I created a PKCS #11 software library that allows TPM to be used for browser based authentication according to draft specification by Finnish population registry. The keys used for authentication are created, stored and used securely inside the TPM. TPMs are deemed viable replacement for smart cards. The implemented system is faster to use than smart cards and has similar security properties as smart cards have. The created library contains implementations for 30% of all TPM 2.0 functions and could be used as a base for further TPM 2.0 based software.
  • Toward Hardware-assisted Run-time Protection
    (2020) Nyman, Thomas
     School of Science | Doctoral dissertation (article-based)
    Software defects, such as buffer overflows, are prominent enablers of cyberattacks in programs written in memory-unsafe programming languages. As a consequence, vulnerable software programs can be exploited by a sophisticated adversary through run-time attacks to trigger program actions never intended by the software developer, and even to gain unauthorized access to the computer system. For example, the adversary can corrupt memory references (pointers) to program code stored in memory to hijack the flow of execution, and redirect the processor to execute instructions chosen by the adversary. Such control-flow attacks can be particularly devastating, as they can allow arbitrary code execution, and grant complete control of a victim system to an adversary. Recently, data-oriented attacks have been shown to enable equally expressive attacks, without violating the integrity of control-flows within the victim program. Over the past thirty years, there has been an ever-escalating arms race between increasingly sophisticated attacks and defenses to thwart them. Software-only defenses that retrofit programs written in C and C++ with memory-safety or control-flow integrity (CFI) guarantees can be effective against large classes of attacks but are prohibitively expensive. Recently, there have also been significant advances by both researchers and practitioners in understanding and defending against run-time attacks, especially those that attempt to defeat CFI. Practical defenses against run-time attacks must consider how to trade-off security, performance and deployability. The goal of this dissertation is to investigate how hardware-assisted defenses can protect against run-time attacks without incurring a significant performance penalty. Hardware-assisted defenses have been shown to drastically improve the efficiency of attack detection but face various deployment challenges, such as requiring 1) invasive changes to the underlying processor architecture or system software stack, and 2) overly-restrictive security policies, which have difficulties dealing with the inherent flexibility of C and C++, leading to compatibility issues with existing software. In particular the work described in this dissertation provides advances in the following reserch topics:1) adapting hardware-assisted defenses for embedded systems, including low-end microcontrollers (MCUs), where the challenges for deployment are amplified,2) remotely attesting the control-flow to learn about run-time attacks, and the dynamic behaviour of an embedded device, and3) showing how hardware-assisted defenses can defend against attacks that defeat CFI.Finally, I present my own observations about the state-of-the-art and practice in hardware-assisted run-time defenses, and discuss potential directions for future research.