LUP Student Papers

Application security for embedded systems

• Mark

Abstract

With the rise of Internet of Things (IoT) accessories such as network attached cameras, light bulbs and thermostats are all constantly connected to the Internet and security concerns must be taken seriously. If a bug exists in an application it could be hacked by a malicious adversary that then could harm the underlying system, leak information or attack other devices or networks.
Applications should not be allowed to damage the underlying system and there exists many isolation techniques for the general purpose computer, but these so- lutions are not designed for the embedded world and needs to be evaluated. This thesis compares isolation techniques in Linux for a specific embedded system and benchmarks performance and security. The... (More)

With the rise of Internet of Things (IoT) accessories such as network attached cameras, light bulbs and thermostats are all constantly connected to the Internet and security concerns must be taken seriously. If a bug exists in an application it could be hacked by a malicious adversary that then could harm the underlying system, leak information or attack other devices or networks.
Applications should not be allowed to damage the underlying system and there exists many isolation techniques for the general purpose computer, but these so- lutions are not designed for the embedded world and needs to be evaluated. This thesis compares isolation techniques in Linux for a specific embedded system and benchmarks performance and security. The thesis concludes that there are many non working isolation techniques for embedded systems and that further work is needed to enable them. However the best current solutions in this dissertation is Bubblewrap, Firejail and TOMOYO. (Less)

Popular Abstract

In all operating systems applications should be executed in a fashion that has no possibility of harming the underlying operating system or other applications. This kind of protection already exists in many flavours for ordinary systems, but for the use in embedded systems the already running protections have to be tested and evaluated regarding disc space usage, CPU usage and other limited resources. The solution proposed in this dissertation for achieving operating system protection is isolation of applications in a Linux environment.
The isolation part in this thesis is aimed at embedded systems and after elabo- rating the basics regarding how applications can be isolated in a Linux environment and what general threats exist for an... (More)

In all operating systems applications should be executed in a fashion that has no possibility of harming the underlying operating system or other applications. This kind of protection already exists in many flavours for ordinary systems, but for the use in embedded systems the already running protections have to be tested and evaluated regarding disc space usage, CPU usage and other limited resources. The solution proposed in this dissertation for achieving operating system protection is isolation of applications in a Linux environment.
The isolation part in this thesis is aimed at embedded systems and after elabo- rating the basics regarding how applications can be isolated in a Linux environment and what general threats exist for an isolation technique the actual techniques are presented. There exists various tools in the Linux kernel that helps to do this iso- lation, for example seccomp, capabilities and namespaces. However these cannot provide enough isolation by themselves and should only be seen as parts of the operating system that will be used by more elaborate tools to achieve isolation.
Linux Security Modules is one of the more evolved candidates that can achieve this type of isolation and with it being built into the kernel the possible benefits are large. Other solutions presented include containers and other tools that can be seen as sandboxes. In total 11 different implementations were chosen to be described further and applied on the embedded system. However not all of them turned out to be suited for our embedded system and were not able to be run due to various reasons.
One crucial part for the embedded system used in this thesis was the extra size required by the implementation and two had to be discarded straight away since they required too much disc space to function. Other problems included un- supported architectures, lack of user space tools and support for transfer an entire Linux file system to the embedded system. The thesis presents implementations that are running on the system and recommendations on which one to use based on security evaluation and performance, but it also provides some valuable insight as to where the focus and continued work should be regarding implementations that did not run.
One conclusions of the thesis is that even though some isolation techniques that is being used in embedded systems today it might not work on the embedded system within the scope of this thesis. The reason for this is that all embedded
systems are so fundamentally different with architectures, available memory and use cases. The final recommendations of implementations that should be used are TOMOYO and Bubblewrap. TOMOYO is recommended since it almost does not add extra overhead and the user space tools is easy to use and activate. Bub- blewrap is recommended since it isolates the applications very easily and runs unprivileged which means that if an isolation breakout is achieved the resulting damage would be limited on the system. (Less)