Security of Embedded Software : An Analysis of Embedded Software Vulnerabilities and Related Security Solutions

Abstract: The increased use of computer systems for storing private data or doing critical operations leads to some security issues gathered in the area cybersecurity. This neologism leads people to think about the security of information systems and general-purpose computers. However, with the growth of the Internet of Things, embedded systems are also concerned with these issues. The speed of development of this area often leads to a backwardness in the security features. The thesis investigates the security of embedded systems by focusing on embedded software. After classifying the vulnerabilities which could be encountered in this field, a first part of this work introduces the realisation of a document gathering guidelines related to secure development of embedded software. This realisation is based on an analysis of the literature review, but also on the knowledge of engineers of the company. These guidelines are applied to the project of a client. The result of their application allows us to prove their consistency and to write a set of recommendations to enhance the security of the project. The thesis presents the implementation of some of them. Particularly, it introduces a way to secure an Inter-Process Communication (IPC) mean: D-Bus, through a proof of concept. The result shows that the security policy of D-Bus is efficient against some attacks. Nevertheless, it also points out that some att acks remain feasible. The solution is implemented on an embedded board to analyse the computational overhead related to this embedded aspect. As expected, a more complex and detailed a policy is, the higher the overhead tends to be. Nevertheless, this computational overhead is proportional to the number of rules of the policy.