Mobile and Embedded Platform Security

 |  Login

Show simple item record

dc.contributor Aalto-yliopisto fi
dc.contributor Aalto University en
dc.contributor.author Reshetova, Elena
dc.date.accessioned 2018-08-22T09:02:58Z
dc.date.available 2018-08-22T09:02:58Z
dc.date.issued 2018
dc.identifier.isbn 978-952-60-8114-4 (electronic)
dc.identifier.isbn 978-952-60-8113-7 (printed)
dc.identifier.issn 1799-4942 (electronic)
dc.identifier.issn 1799-4934 (printed)
dc.identifier.issn 1799-4934 (ISSN-L)
dc.identifier.uri https://aaltodoc.aalto.fi/handle/123456789/33579
dc.description.abstract The number of various mobile and embedded devices around us is growing very rapidly. Nowadays they are employed in many areas, such as automotive, industry automation, healthcare, smart home systems etc. At the same time, the number of attacks targeting these devices and associated infrastructure is also growing. The long history of information and device protection in the PC world has developed a set of hardware and software mechanisms, commonly refereed as platform security, to withstand these attacks. However, they are usually not very well suited for mobile and embedded devices. As a result new platform security architectures for mobile and embedded device platforms were designed and widely employed. In this dissertation, we present a platform security model for mobile devices and compare various popular mobile platform security architectures with regards to this model. We also introduce a platform security model for embedded devices with the focus on the mainline Linux kernel due to its widespread use and popularity. Next, we outline the two major platform security aspects that nowadays present an ongoing challenge for mobile and embedded security architects: application isolation and operating system kernel hardening. Traditionally various mandatory access control (MAC) mechanisms have been used to achieve strong application and process isolation for personal computers and servers. Nowadays, these mechanisms (albeit with modifications) are making their way into mobile and embedded platform security architectures, such as SEAndroid MAC, used on Android mobile devices. This dissertation studies the challenges in adopting SEAndroid MAC for mobile devices, and presents the number of tools that can help security architects and researchers to create better SEAndroid access control policies. In addition, we also explore an emerging alternative method for application and process isolation, OS-level virtualization, and examine its security guarantees and shortcomings. The central piece of any platform security architecture is the security of the operating system's kernel, because its breach almost always leads to a compromise of the whole system. The designers of many popular mobile and embedded operating systems have spent considerable effort tightening the security of userspace applications and, as a result, attackers are more and more focusing their effort on the kernel itself. This dissertation examines the strength of existing protection in on of the Linux kernel subsystem, just-in-time (JIT) compiler for Berkeley Packet Filter, and shows that it is vulnerable to JIT spray attacks. Next, it considers the problem of temporal and spatial memory safety in the mainline Linux kernel and implements two different methods to address it. As a result, this dissertation addresses a number of important practical challenges in the present-day mobile and embedded platform security architectures and also gives a brief outlook on the upcoming future research directions in this area. en
dc.format.extent 58 + app. 99
dc.format.mimetype application/pdf en
dc.language.iso en en
dc.publisher Aalto University en
dc.publisher Aalto-yliopisto fi
dc.relation.ispartofseries Aalto University publication series DOCTORAL DISSERTATIONS en
dc.relation.ispartofseries 144/2018
dc.relation.haspart [Publication 1]: Kostiainen, Kari and Reshetova, Elena and Ekberg, Jan-Erik and Asokan, N. Old, new, borrowed, blue: a perspective on the evolution of mobile platform security architectures. In Proceedings of the First ACM Conference on Data and Application Security and Privacy, San Antonio, USA, pages 13–24, February 2011. DOI: 10.1145/1943513.1943517
dc.relation.haspart [Publication 2]: Reshetova, Elena and Bonazzi, Filippo and Nyman, Thomas and Borgaonkar, Ravishankar and Asokan, N. Characterizing SEAndroid Policies in the Wild. In Proceedings of the 2nd International Conference on Information Systems Security and Privacy - Volume 1: ICISSP, Rome, Italy, pages 482–489, February 2016. DOI: 10.5220/0005759204820489
dc.relation.haspart [Publication 3]: Reshetova, Elena and Bonazzi, Filippo and and Asokan, N. SELint: an SEAndroid policy analysis tool. In Proceedings of the 3rd International Conference on Information Systems Security and Privacy - Volume 1: ICISSP, Porto, Portugal, pages 47–58, February 2017.
dc.relation.haspart [Publication 4]: Reshetova, Elena and Karhunen, Janne and Nyman, Thomas and Asokan, N. Security of OS-Level Virtualization Technologies. In Bernsmed K., Fischer-Hübner S. (eds) Secure IT Systems. NordSec 2014. Lecture Notes in Computer Science, vol 8788, Tromsø, Norway, pages 77-93, October 2014. DOI: 10.1007/978-3-319-11599-3_5
dc.relation.haspart [Publication 5]: Reshetova, Elena and Bonazzi, Filippo and Asokan, N. Randomization Can’t Stop BPF JIT Spray. In Yan Z., Molva R., Mazurczyk W., Kantola R. (eds) Network and System Security. NSS 2017. Lecture Notes in Computer Science, vol 10394, Helsinki, Finland, pages 233-247, August 2017.
dc.relation.haspart [Publication 6]: Reshetova, Elena and Liljestrand, Hans and Paverd, Andrew and Asokan, N. Towards Linux Kernel Memory Safety. Accepted for publication in Software: Practice and Experience, August 2018.
dc.subject.other Computer science en
dc.title Mobile and Embedded Platform Security en
dc.type G5 Artikkeliväitöskirja fi
dc.contributor.school Perustieteiden korkeakoulu fi
dc.contributor.school School of Science en
dc.contributor.department Tietotekniikan laitos fi
dc.contributor.department Department of Computer Science en
dc.subject.keyword platform security en
dc.subject.keyword Linux OS security en
dc.identifier.urn URN:ISBN:978-952-60-8114-4
dc.type.dcmitype text en
dc.type.ontasot Doctoral dissertation (article-based) en
dc.type.ontasot Väitöskirja (artikkeli) fi
dc.contributor.supervisor Asokan, N., Prof., Aalto University, Department of Computer Science, Finland
dc.opn Steiner, Michael, Dr., Intel Labs, USA
dc.contributor.lab Secure Systems Group (SSG) en
dc.rev Beresford, Alastair, Dr., University of Cambridge, UK
dc.rev Bugiel, Sven, Dr., Saarland University, Germany
dc.date.defence 2018-09-14
local.aalto.acrisexportstatus checked


Files in this item

This item appears in the following Collection(s)

Show simple item record

Search archive


Advanced Search

article-iconSubmit a publication

Browse

My Account