Protecting Smart Devices from the Bottom-up
- Author(s): Machiry, Aravind;
- Advisor(s): Kruegel, Christopher;
- Vigna, Giovanni
- et al.
Modern systems are mainly composed of IoT devices and Smartphones.
Most of these devices use ARM processors, which, along with flexible
licensing, have new security architecture features, such as ARM
TrustZone, that enables execution of a secure application in an
untrusted environment. Furthermore, with well-supported, extensible,
open-source embedded operating systems like Android allows the
manufactures to quickly customize their operating system with device
drivers, thus reducing the time-to-market.
Unfortunately, the proliferation of device vendors and race to the market has resulted in poor quality device drivers containing critical
security vulnerabilities. Furthermore, the patches for these
vulnerabilities get merged into the end-products with a significant
delay resulting in the Patch Gap, which causes privacy and
security of billions of users to be at risk.
In this dissertation, I will show how the new architecture features can lead
to security issues by introducing new attack vectors.
Second, I will show that the existing techniques are inadequate to
find the security issues in Linux kernel drivers and how, with certain well-defined optimizations, we can
precisely find security issues.
Third, I will present my solution to the problem of Patch Gap by
showing a principled approach to automatically port patches to vendor product
Finally, I will present our on-going work to automatically port C to
Checked C, which provides a low overhead, backward-compatible, and
memory-safe C alternative that could be used on resource-constrained
modern systems to prevent security vulnerabilities.
Through this work, I presented effective ways to find, fix, propagate, and prevent vulnerabilities in modern system software, thus improving modern systems security.