TUM Logo

Considering Attackers with Root Access in Embedded Linux Update Systems

Considering Attackers with Root Access in Embedded Linux Update Systems

Supervisor(s): Corinna Lingstädt, Dr. Mykolai Protsenko
Status: open
Topic: Linux stuff
Type of Thesis: Bachelorthesis
Thesis topic in co-operation with the Fraunhofer Institute for Applied and Integrated Security AISEC, Garching

Description

Bachelor’s thesis in cooperation with Fraunhofer AISEC
Considering Attackers with Root Access in
Embedded Linux Update Systems
Secure over-the-air updates become increasingly important as the number of IoT devices rises. While software updates are crucial to patch system vulnerabilities, they can also introduce new attack vectors. Our previous research indicates that most of the open-source
update solutions1 have a large Trusted Computing Base (TCB) making them susceptible to root attackers. Hence, in a previous project we have proposed SUITED, a mechanism which excludes the Linux OS from the TCB by performing all update verification and in-
stallation in the U-Boot bootloader.
The goal of this Bachelor thesis is to improve the security of an existing open-source update solution using SUITED. Therefore, a suitable solution needs to be identified and modified to perform update installation and verification in the bootloader. The feasibility of
the approach shall be demonstrated in a proof of concept (PoC) implementation.
Task Description
• Research existing embedded Linux update solutions
• Evaluate compatibility between existing solutions and SUITED
• Provide a PoC implementation of one update solution using SUITED
• Evaluate the efficiency and the security of the implementation
Requirements
• High motivation and ability to work independently
• Good C programming skills
• Preferably experience with U-Boot bootloader and/or the Yocto Toolchain.
Contact
Please send your application with current CV and transcript of records to:
Corinna Lingstädt
Secure Embedded Systems Software
Department Secure Operating Systems
corinna.lingstaedt@aisec.fraunhofer.de
Phone: +49 89 322 9986-1022


Dr. Mykolai Protsenko
Head of Research Group
Secure Embedded Systems Software
Department Secure Operating Systems
mykolai.protsenko@aisec.fraunhofer.de
Phone: +49 89 322 9986-192

1e.g. https://rauc.io/, https://mender.io/, https://sbabic.github.io/swupdate/

 Fraunhofer Institute for Applied and Integrated Security (AISEC)
Lichtenbergstr. 11, 85748 Garching near Munich
Publication Date: 07.12.2022