Dissertation/Thesis Abstract

The Security and Performance Impact of Object File Shuffling
by Buch, Jonathan, M.S., University of Idaho, 2020, 68; 27833446
Abstract (Summary)

Software running on desktop computers, laptops, and servers can be updated on a regular basis, installing security and bug fixes. However, industrial control system devices and embedded devices are often deployed and then left in operation for long periods of time with no software updates. The software running in these devices is often installed as an integral part of the system, and is typically called firmware. As these devices age, many have security vulnerabilities found that are located in their firmware or related libraries and as such need to be patched to mitigate the vulnerability, or they are otherwise vulnerable to exploitation. One issue with updating this firmware is that the original image may contain an old version of a library that they rely on for their processes and haphazardly updating may break that functionality. Also, updates may cause changes in critical real-time behavior of the systems. If the firmware is not updated, attacks that exploit discovered vulnerabilities can be successful against all of the deployed devices. This research explores diversification of deployed firmware through the use of shuffling portions of the firmware's code while retaining original functionality. This thesis examines the security impact of shuffling and then reports on a set of experiments that look at performance impact of the shuffling. Results indicate that shuffling can improve security against many modern low-level attacks, and that rearranging the code can change run-time performance of the program by a couple percentage points. With increased security and little performance impact, we recommend further study into the use of shuffling as an added security mechanism.

Supplemental Files

Some files may require a special program or browser plug-in. More Information

Indexing (document details)
Advisor: Alves-Foss, Jim
Commitee: Song, Jia, Conte de Leon, Daniel
School: University of Idaho
Department: Computer Science
School Location: United States -- Idaho
Source: MAI 82/3(E), Masters Abstracts International
Subjects: Computer science
Keywords: Automated cybersecurity, Firmware
Publication Number: 27833446
ISBN: 9798664796636
Copyright © 2021 ProQuest LLC. All rights reserved. Terms and Conditions Privacy Policy Cookie Policy