Matching Items (3)
Filtering by
- All Subjects: Embedded Systems
- All Subjects: Application
- Creators: Doupe, Adam
- Member of: Barrett, The Honors College Thesis/Creative Project Collection
Description
Despite the more tightly controlled permissions and Java framework used by most programs in the Android operating system, an attacker can use the same classic vulnerabilities that exist for traditional Linux binaries on the programs in the Android operating system. Some classic vulnerabilities include stack overows, string formats, and heap meta-information corruption. Through the exploitation of these vulnerabilities an attacker can hijack the execution ow of an application. After hijacking the execution ow, an attacker can then violate the con_dentiality, integrity, or availability of the operating system. Over the years, the operating systems and compliers have implemented a number of protections to prevent the exploitation of vulnerable programs. The most widely implemented protections include Non-eXecutable stack (NX Stack), Address Space Layout Randomization (ASLR), and Stack Canaries (Canaries). NX Stack protections prevent the injection and execution of arbitrary code through the use of a permissions framework within a program. Whereas, ASLR and Canaries rely on obfuscation techniques to protect control ow, which requires su_cient entropy between each execution. Early in the implementation of these protections in Linux, researchers discovered that without su_cient entropy between executions, ASLR and Canaries were easily bypassed. For example, the obfuscation techniques were useless in programs that ran continuously because the programs did not change the canaries or re-randomize the address space. Similarly, aws in the implementation of ASLR and Canaries in Android only re-randomizes the values after rebooting, which means the address space locations and canary values remain constant across the executions of an Android program. As a result, an attacker can hijack the control ow Android binaries that contain control ow vulnerabilities. The purpose of this paper is to expose these aws and the methodology used to verify their existence in Android versions 4.1 (Jelly Bean) through 8.0 (Oreo).
ContributorsGibbs, Wil (Author) / Doupe, Adam (Thesis director) / Shoshitaishvili, Yan (Committee member) / Barrett, The Honors College (Contributor) / Computer Science and Engineering Program (Contributor)
Created2018-12
Description
The purpose of this project was to implement and analyze a new proposed rootkit that claims a greater level of stealth by hiding in cache. Today, the vast majority of embedded devices are powered by ARM processors. To protect their processors from attacks, ARM introduced a hardware security extension known as TrustZone. It provides an isolated execution environment within the embedded device that enables us to run various memory integrity and malware detection tools to identify possible breaches in security to the normal world. Although TrustZone provides this additional layer of security, it also adds another layer of complexity, and thus comes with its own set of vulnerabilities. This new rootkit identifies and exploits a cache incoherence in the ARM device as a result of TrustZone. The newly proposed rootkit, called CacheKit, takes advantage of this cache incoherence to avoid memory introspection from tools in secure world. We implement CacheKit on the i.MX53 development board, which features a single ARM Cortex A8 processor, to analyze the limitations and vulnerabilities described in the original paper. We set up the Linux environment on the computer to be able to cross-compile for the development board which will be running the FreeScale android 2.3.4 platform with a 2.6.33 Linux kernel. The project is implemented as a kernel module that once installed on the board can manipulate cache as desired to conceal the rootkit. The module exploits the fact that in TrustZone, the secure world does not have access to the normal world cache. First, a technique known as Cache-asRAM is used to ensure that the rootkit is loaded only into cache of the normal world where it can avoid detection from the secure world. Then, we employ the cache maintenance instructions and resisters provided in the cp15 coprocessor to keep the code persistent in cache. Furthermore, the cache lines are mapped to unused I/O address space so that if cache content is flushed to RAM for inspection, the data is simply lost. This ensures that even if the rootkit were to be flushed into memory, any trace of the malicious code would be lost. CacheKit prevents defenders from analyzing the code and destroys any forensic evidence. This provides attackers with a new and powerful tool that is excellent for certain scenarios that were previously thought to be secure. Finally, we determine the limitations of the prototype to determine possible areas for future growth and research into the security of networked embedded devices.
ContributorsGutierrez Barnett, Mauricio Antonio (Author) / Zhao, Ziming (Thesis director) / Doupe, Adam (Committee member) / Computer Science and Engineering Program (Contributor) / Barrett, The Honors College (Contributor)
Created2016-12
Description
Pollution is an increasing problem around the world, and one of the main forms it takes is air pollution. Air pollution, from oxides and dioxides to particulate matter, continues to contribute to millions of deaths each year, which is more than the next three leading causes of environment-related death combined. Plus, the problem is only growing as industrial plants, factories, and transportation continues to rapidly increase across the globe. Those most affected include less developed countries and individuals with pre-existing respiratory conditions. Although many citizens know about this issue, it is often unclear what times and locations are worst in terms of pollutant concentration as it can vary on the time of day, local activity, and other variable factors. As a result, citizens lack the knowledge and resources to properly combat or avoid air pollution, as well as the data and evidence to support any sort of regulatory change. Many companies and organizations have tried to address this through Air Quality Indexes (AQIs) but are not focused enough to help the everyday citizen, and often fail to include many significant pollutants. Thus, we sought to address this issue in a cost-effective way through creating a network of IoT (Internet of Things) devices and deploying them in a select area of Tempe, Arizona. We utilized Arduino Microprocessors and Wireless Radio Frequency Transceivers to send and receive air pollution data in real time. Then, displayed this data in such a way that it could be released to the public via web or mobile app. Furthermore, the product is cheap enough to be reproduced and sold in bulk as well as scaled and customized to be compatible with dozens of different air quality sensors.
ContributorsCoury, Abrahm Philip (Co-author) / Gillespie, Cody (Co-author) / Ren, Fengbo (Thesis director) / Shrivastava, Aviral (Committee member) / Computer Science and Engineering Program (Contributor, Contributor) / Barrett, The Honors College (Contributor)
Created2019-05