Software running on desktop computers, laptops, and servers can be updated on a regular basis, installing security and bug fixes. However, industrial control system devices and embedded devices are often deployed and then left in operation for long periods of time with no software updates. The software running in these devices is often installed as an integral part of the system, and is typically called firmware. As these devices age, many have security vulnerabilities found that are located in their firmware or related libraries and as such need to be patched to mitigate the vulnerability, or they are otherwise vulnerable to exploitation. One issue with updating this firmware is that the original image may contain an old version of a library that they rely on for their processes and haphazardly updating may break that functionality. Also, updates may cause changes in critical real-time behavior of the systems. If the firmware is not updated, attacks that exploit discovered vulnerabilities can be successful against all of the deployed devices. This research explores diversification of deployed firmware through the use of shuffling portions of the firmware's code while retaining original functionality. This thesis examines the security impact of shuffling and then reports on a set of experiments that look at performance impact of the shuffling. Results indicate that shuffling can improve security against many modern low-level attacks, and that rearranging the code can change run-time performance of the program by a couple percentage points. With increased security and little performance impact, we recommend further study into the use of shuffling as an added security mechanism.
Some files may require a special program or browser plug-in. More Information
|Commitee:||Song, Jia, Conte de Leon, Daniel|
|School:||University of Idaho|
|School Location:||United States -- Idaho|
|Source:||MAI 82/3(E), Masters Abstracts International|
|Keywords:||Automated cybersecurity, Firmware|
Copyright in each Dissertation and Thesis is retained by the author. All Rights Reserved
The supplemental file or files you are about to download were provided to ProQuest by the author as part of a
dissertation or thesis. The supplemental files are provided "AS IS" without warranty. ProQuest is not responsible for the
content, format or impact on the supplemental file(s) on our system. in some cases, the file type may be unknown or
may be a .exe file. We recommend caution as you open such files.
Copyright of the original materials contained in the supplemental file is retained by the author and your access to the
supplemental files is subject to the ProQuest Terms and Conditions of use.
Depending on the size of the file(s) you are downloading, the system may take some time to download them. Please be