Presented recently, Meltdown and Spectre represent two critical vulnerabilities in modern processors. The adversaries can exploit these vulnerabilities in order to recover sensitive information stored in memory. The rationale is that these vulnerabilities allow adversaries to bypass the isolation between different applications. In this work, the student will present, execute and analyse these vulnerabilities (on several CPUs) in order to report their impact on real products.
Category: Master Thesis
A group key agreement (GKA) protocol ensures establishment of a common session key among the group members which remains unknown to outsiders. Practically, a GKA enables multiple remote users to communicate securely in an open environment. In this thesis, the student will present a comparative study of GKA protocols and implement them for the sake of performance analysis.
Side-Channel Attacks are attacks against implementations of cryptographic algorithms. These attacks exploit physical properties of a device under attack. For example an attacker can measure the execution time or power consumption of a device while it executes a cryptographic algorithm.
Based on neural network, deep learning represents an active research in machine learning that allows producing automatic attacks requiring no a priori information on the underlying phenomenon. The purpose of this work is to shed new light on the capabilities of deep learning in side-channel attacks.
This work is in collaboration with RISCURE (www.riscure.com), a company working on security evaluation of embedded devices.
The aim of the thesis is to propose measures to introduce security in the architecture of a modern Real-Time Operating System (RTOS) in the sense of allowing Multiple Levels of Security (MILS). This means both the security of the RTOS itself related to the authentication of the kernel, updates, drivers, services, … as well as the secure management of applications (for example: registration of a new application, update and upgrade of applications and execution of applications) and the security of data inside applications. The student would study the HIPPEROS architecture and propose, based on the state-of-the-art of secure operating systems, how to smoothly integrate such an architecture in the existing development process of HIPPEROS. The study would allow developers to implement practically and easily the proposed architecture in the operating system.
One of the challenges is to define a predictable real-time architecture. An interesting aspect of the proposed work is to deal with different domains of computer sciences: operating systems, real-time and security.
- John Rushby (1981). “Design and Verification of Secure Systems”. Proc. 8th ACM Symposium on Operating System Principles. pp. 12–21.
- W. S. Harrison, N. Hanebutte, P. Oman and J. Alves-Foss (October 2005). “The MILS Architecture for a Secure Global Information Grid”. CrossTalk 18 (10): 20–24.
- Alves-Foss, W. S. Harrison, P. Oman and C. Taylor (2007). “The MILS Architecture for High Assurance Embedded Systems”. International Journal of Embedded Systems.
- Integrating Flexible Support for Security Policies into the Linux
Operating System, Peter Loscocco and Stephen Smalley, NSA, 2011.
- Broad New OS Research: Challenges and Opportunities, Galen C. Hunt1, James R. Larus1, David Tarditi1, and Ted Wobbe. Microsoft.
- Practical Techniques for Operating System Attestation, Paul England. Trusted Computing – Challenges and Applications Volume 4968 of the series Lecture Notes in Computer Science pp 113.
- Code Signing, Certificate Authority Security Council.
- Scheduling execution of credentials in constrained secure environments. Authors: Jan-Erik Ekberg, N. Asokan, Kari Kostiainen and Aarne Rantala. Proceeding STC’08 Proceedings of the 3rd ACM workshop on Scalable trusted computing Pages 61-70.
- A multi-layered approach to security in high assurance systems, Alves-Foss, Taylor, Oman. Proceedings of the 37th International Conference on System Sciences, IEEE 2004.
- The MILS Architecture for High-Assurance Embedded Systems, Alves-Foss, Scott Harrison, Oman and Taylor, International Journal of Embedded Systems, volume 2, issue 3. September 2006.
- MILS:Architecture for High-Assurance Embedded Computing, Vanfleet, Beckwith, Ben Calloni, Like, Taylor, Uchenick, The Journal of Defense Software Engineering, August 2005.