Mobile and Embedded Platform Security

dc.contributorAalto-yliopistofi
dc.contributorAalto Universityen
dc.contributor.authorReshetova, Elena
dc.contributor.departmentTietotekniikan laitosfi
dc.contributor.departmentDepartment of Computer Scienceen
dc.contributor.labSecure Systems Group (SSG)en
dc.contributor.schoolPerustieteiden korkeakoulufi
dc.contributor.schoolSchool of Scienceen
dc.contributor.supervisorAsokan, N., Prof., Aalto University, Department of Computer Science, Finland
dc.date.accessioned2018-08-22T09:02:58Z
dc.date.available2018-08-22T09:02:58Z
dc.date.defence2018-09-14
dc.date.issued2018
dc.description.abstractThe number of various mobile and embedded devices around us is growing very rapidly. Nowadays they are employed in many areas, such as automotive, industry automation, healthcare, smart home systems etc. At the same time, the number of attacks targeting these devices and associated infrastructure is also growing. The long history of information and device protection in the PC world has developed a set of hardware and software mechanisms, commonly refereed as platform security, to withstand these attacks. However, they are usually not very well suited for mobile and embedded devices. As a result new platform security architectures for mobile and embedded device platforms were designed and widely employed. In this dissertation, we present a platform security model for mobile devices and compare various popular mobile platform security architectures with regards to this model. We also introduce a platform security model for embedded devices with the focus on the mainline Linux kernel due to its widespread use and popularity. Next, we outline the two major platform security aspects that nowadays present an ongoing challenge for mobile and embedded security architects: application isolation and operating system kernel hardening. Traditionally various mandatory access control (MAC) mechanisms have been used to achieve strong application and process isolation for personal computers and servers. Nowadays, these mechanisms (albeit with modifications) are making their way into mobile and embedded platform security architectures, such as SEAndroid MAC, used on Android mobile devices. This dissertation studies the challenges in adopting SEAndroid MAC for mobile devices, and presents the number of tools that can help security architects and researchers to create better SEAndroid access control policies. In addition, we also explore an emerging alternative method for application and process isolation, OS-level virtualization, and examine its security guarantees and shortcomings. The central piece of any platform security architecture is the security of the operating system's kernel, because its breach almost always leads to a compromise of the whole system. The designers of many popular mobile and embedded operating systems have spent considerable effort tightening the security of userspace applications and, as a result, attackers are more and more focusing their effort on the kernel itself. This dissertation examines the strength of existing protection in on of the Linux kernel subsystem, just-in-time (JIT) compiler for Berkeley Packet Filter, and shows that it is vulnerable to JIT spray attacks. Next, it considers the problem of temporal and spatial memory safety in the mainline Linux kernel and implements two different methods to address it. As a result, this dissertation addresses a number of important practical challenges in the present-day mobile and embedded platform security architectures and also gives a brief outlook on the upcoming future research directions in this area.en
dc.format.extent58 + app. 99
dc.format.mimetypeapplication/pdfen
dc.identifier.isbn978-952-60-8114-4 (electronic)
dc.identifier.isbn978-952-60-8113-7 (printed)
dc.identifier.issn1799-4942 (electronic)
dc.identifier.issn1799-4934 (printed)
dc.identifier.issn1799-4934 (ISSN-L)
dc.identifier.urihttps://aaltodoc.aalto.fi/handle/123456789/33579
dc.identifier.urnURN:ISBN:978-952-60-8114-4
dc.language.isoenen
dc.opnSteiner, Michael, Dr., Intel Labs, USA
dc.publisherAalto Universityen
dc.publisherAalto-yliopistofi
dc.relation.haspart[Publication 1]: Kostiainen, Kari and Reshetova, Elena and Ekberg, Jan-Erik and Asokan, N. Old, new, borrowed, blue: a perspective on the evolution of mobile platform security architectures. In Proceedings of the First ACM Conference on Data and Application Security and Privacy, San Antonio, USA, pages 13–24, February 2011. DOI: 10.1145/1943513.1943517
dc.relation.haspart[Publication 2]: Reshetova, Elena and Bonazzi, Filippo and Nyman, Thomas and Borgaonkar, Ravishankar and Asokan, N. Characterizing SEAndroid Policies in the Wild. In Proceedings of the 2nd International Conference on Information Systems Security and Privacy - Volume 1: ICISSP, Rome, Italy, pages 482–489, February 2016. DOI: 10.5220/0005759204820489
dc.relation.haspart[Publication 3]: Reshetova, Elena and Bonazzi, Filippo and and Asokan, N. SELint: an SEAndroid policy analysis tool. In Proceedings of the 3rd International Conference on Information Systems Security and Privacy - Volume 1: ICISSP, Porto, Portugal, pages 47–58, February 2017.
dc.relation.haspart[Publication 4]: Reshetova, Elena and Karhunen, Janne and Nyman, Thomas and Asokan, N. Security of OS-Level Virtualization Technologies. In Bernsmed K., Fischer-Hübner S. (eds) Secure IT Systems. NordSec 2014. Lecture Notes in Computer Science, vol 8788, Tromsø, Norway, pages 77-93, October 2014. DOI: 10.1007/978-3-319-11599-3_5
dc.relation.haspart[Publication 5]: Reshetova, Elena and Bonazzi, Filippo and Asokan, N. Randomization Can’t Stop BPF JIT Spray. In Yan Z., Molva R., Mazurczyk W., Kantola R. (eds) Network and System Security. NSS 2017. Lecture Notes in Computer Science, vol 10394, Helsinki, Finland, pages 233-247, August 2017.
dc.relation.haspart[Publication 6]: Reshetova, Elena and Liljestrand, Hans and Paverd, Andrew and Asokan, N. Towards Linux Kernel Memory Safety. Accepted for publication in Software: Practice and Experience, August 2018.
dc.relation.ispartofseriesAalto University publication series DOCTORAL DISSERTATIONSen
dc.relation.ispartofseries144/2018
dc.revBeresford, Alastair, Dr., University of Cambridge, UK
dc.revBugiel, Sven, Dr., Saarland University, Germany
dc.subject.keywordplatform securityen
dc.subject.keywordLinux OS securityen
dc.subject.otherComputer scienceen
dc.titleMobile and Embedded Platform Securityen
dc.typeG5 Artikkeliväitöskirjafi
dc.type.dcmitypetexten
dc.type.ontasotDoctoral dissertation (article-based)en
dc.type.ontasotVäitöskirja (artikkeli)fi
local.aalto.acrisexportstatuschecked
local.aalto.archiveyes
local.aalto.formfolder2018_08_22_klo_10_54

Files

Original bundle

Now showing 1 - 1 of 1
No Thumbnail Available
Name:
isbn9789526081144.pdf
Size:
2.56 MB
Format:
Adobe Portable Document Format