Modern systems are mainly composed of IoT devices and Smartphones. Most of these devices use ARM processors, which, along with flexible licensing, have new security architecture features, such as ARM TrustZone, that enables execution of a secure application in an untrusted environment. Furthermore, with well-supported, extensible, open-source embedded operating systems like Android allows the manufactures to quickly customize their operating system with device drivers, thus reducing the time-to-market. Unfortunately, the proliferation of device vendors and race to the market has resulted in poor quality device drivers containing critical security vulnerabilities. Furthermore, the patches for these vulnerabilities get merged into the end-products with a significant delay resulting in the Patch Gap, which causes privacy and security of billions of users to be at risk.
In this dissertation, I will show how the new architecture features can lead to security issues by introducing new attack vectors. Second, I will show that the existing techniques are inadequate to find the security issues in Linux kernel drivers and how, with certain well-defined optimizations, we can precisely find security issues. Third, I will present my solution to the problem of Patch Gap by showing a principled approach to automatically port patches to vendor product repositories.
Finally, I will present our on-going work to automatically port C to Checked C, which provides a low overhead, backward-compatible, and memory-safe C alternative that could be used on resource-constrained modern systems to prevent security vulnerabilities. Through this work, I presented effective ways to find, fix, propagate, and prevent vulnerabilities in modern system software, thus improving modern systems security.
|Advisor:||Kruegel, Christopher, Vigna, Giovanni|
|Commitee:||Hardekopf, Ben, Hicks, Michael|
|School:||University of California, Santa Barbara|
|School Location:||United States -- California|
|Source:||DAI-A 82/4(E), Dissertation Abstracts International|
|Subjects:||Computer science, Information Technology, Public policy, Artificial intelligence, Systems science|
|Keywords:||Smart devices, Internet of Things, Smartphones, ARM processors, Flexible licensing, Android, Device drivers, Patch Gap, Attack vectors, Cyber-security|
Copyright in each Dissertation and Thesis is retained by the author. All Rights Reserved
The supplemental file or files you are about to download were provided to ProQuest by the author as part of a
dissertation or thesis. The supplemental files are provided "AS IS" without warranty. ProQuest is not responsible for the
content, format or impact on the supplemental file(s) on our system. in some cases, the file type may be unknown or
may be a .exe file. We recommend caution as you open such files.
Copyright of the original materials contained in the supplemental file is retained by the author and your access to the
supplemental files is subject to the ProQuest Terms and Conditions of use.
Depending on the size of the file(s) you are downloading, the system may take some time to download them. Please be