Run-time Kernel Integrity Monitoring on Embedded Platforms

OData support
Dr. Buttyán Levente
Department of Networked Systems and Services

Internet of Things aims to more directly integrate physical world embedded devices into the Internet. This results in various economic benefits, productivity and efficiency improvements, however IoT devices are often developed without appropriate security considerations, mostly because of limited hardware resources. One of the biggest concerns in adopting IoT technology is the lack of proper security solutions, since this can result in monetary and physical loss, and also privacy threats.

This document introduces a proof of concept run-time integrity monitoring solution for the operating system or firmware kernel running on embedded devices, based on a Trusted Execution Environment (TEE).

A TEE provides an isolated execution space from the normal operating system, thus algorithms running in it can be trusted to execute normally and produce non-compromised results. Therefore, the PoC is implemented as a Trusted Application running in OP-TEE---an open source TEE implementation. OP-TEE is a software based TEE with hardware support from ARM TrustZone technology, and more cost-efficient than a strictly hardware based solution, for example a security co-processor.

In general, kernel integrity monitoring can detect device compromises, break-in attempts, misconfigurations and various other system failures happening during run-time. In my paper I show the design and implementation of a PoC solution, which is capable of generating a list of the running processes on the Linux system and detecting if an attacker modified or somehow tampered with the executed code of the programs. The integrity and authenticity of the measurement result is ensured by public key cryptography signatures.


Please sign in to download the files of this thesis.