Uma arquitetura de seguran?a para sistemas embarcados virtualizados
Ano de defesa: | 2017 |
---|---|
Autor(a) principal: | |
Orientador(a): | |
Banca de defesa: | |
Tipo de documento: | Dissertação |
Tipo de acesso: | Acesso aberto |
Idioma: | por |
Instituição de defesa: |
Pontif?cia Universidade Cat?lica do Rio Grande do Sul
|
Programa de Pós-Graduação: |
Programa de P?s-Gradua??o em Ci?ncia da Computa??o
|
Departamento: |
Escola Polit?cnica
|
País: |
Brasil
|
Palavras-chave em Português: | |
Área do conhecimento CNPq: | |
Link de acesso: | http://tede2.pucrs.br/tede2/handle/tede/7922 |
Resumo: | Historically embedded systems (ES) were designed to perform a single task throughout their lifetime. However, this view has changed with the new paradigm of computing called the Internet of Things or IoT. An example of environment where IoT can be applied are smart cities by creating products such as smart poles. Thus, smart poles can be responsible not only for city lighting, but also for the control of security cameras, in addition to temperature and noise sensors. In this scenario, the virtualization technique in ES appears to contribute to the development of IoT devices since it allows a better use of the available resources in the ES besides contributing to the increase of the security. ES security has been neglected and IoT oriented ES have attracted malicious attacks as they play a central role in the operation of essential services for individuals and enterprises. Therefore, the objective of this work is to identify a set of security mechanisms that use cryptography techniques that, combined with the virtualization technique, can establish a security architecture for IoT oriented virtualized ES (VES). Thus, establishing a minimum level of confidence between the users and the SEV. Two security mechanisms have been implemented in prplHypervisor: integrity checking and introspection of guest system hypercalls. The results show that for a guest system with a size of 256kB the integrity check mechanism imposed a 150.33ms initialization delay time while the introspection engine imposed 10.57ms of initialization delay. 2,029 lines of code have been added to the prplHypervisor to perform the integrity check and 120 lines of code to implement the introspection engine. The final size of the prplHypervisor has 32kB which represents a 53% increase over the original code. However, growth does not prevent the use of security mechanisms since the storage capacity available on the platform is 2MB. |
id |
P_RS_d1e930f913f4aac9f7e3462cb4c0c2fe |
---|---|
oai_identifier_str |
oai:tede2.pucrs.br:tede/7922 |
network_acronym_str |
P_RS |
network_name_str |
Biblioteca Digital de Teses e Dissertações da PUC_RS |
repository_id_str |
|
spelling |
Hessel, Fabiano Passuelohttp://buscatextual.cnpq.br/buscatextual/visualizacv.do?id=K4728802T7http://buscatextual.cnpq.br/buscatextual/visualizacv.do?id=K4300708P9Vasconcelos, Matheus Duarte2018-04-04T13:40:43Z2017-08-31http://tede2.pucrs.br/tede2/handle/tede/7922Historically embedded systems (ES) were designed to perform a single task throughout their lifetime. However, this view has changed with the new paradigm of computing called the Internet of Things or IoT. An example of environment where IoT can be applied are smart cities by creating products such as smart poles. Thus, smart poles can be responsible not only for city lighting, but also for the control of security cameras, in addition to temperature and noise sensors. In this scenario, the virtualization technique in ES appears to contribute to the development of IoT devices since it allows a better use of the available resources in the ES besides contributing to the increase of the security. ES security has been neglected and IoT oriented ES have attracted malicious attacks as they play a central role in the operation of essential services for individuals and enterprises. Therefore, the objective of this work is to identify a set of security mechanisms that use cryptography techniques that, combined with the virtualization technique, can establish a security architecture for IoT oriented virtualized ES (VES). Thus, establishing a minimum level of confidence between the users and the SEV. Two security mechanisms have been implemented in prplHypervisor: integrity checking and introspection of guest system hypercalls. The results show that for a guest system with a size of 256kB the integrity check mechanism imposed a 150.33ms initialization delay time while the introspection engine imposed 10.57ms of initialization delay. 2,029 lines of code have been added to the prplHypervisor to perform the integrity check and 120 lines of code to implement the introspection engine. The final size of the prplHypervisor has 32kB which represents a 53% increase over the original code. However, growth does not prevent the use of security mechanisms since the storage capacity available on the platform is 2MB.Historicamente os sistemas embarcados (SE) eram desenvolvidos para realizar uma ?nica tarefa em toda a sua vida. Entretanto, esta vis?o mudou com o novo paradigma da computa??o chamado Internet das Coisas ou IoT. Um ambiente onde a IoT pode ser aplicada s?o as cidades inteligentes por meio da cria??o de produtos como, por exemplo, os postes inteligentes. Assim, os postes inteligentes podem ser respons?veis n?o s? pela ilumina??o da cidade, mas encarregados tamb?m pelo controle de c?meras de seguran?a, al?m de sensores de temperatura e ru?do. Neste cen?rio, a t?cnica de virtualiza??o em SE surge para contribuir no desenvolvimento de dispositivos IoT, pois permite uma melhor utiliza??o dos recursos dispon?veis nos SE al?m de auxiliar para o aumento da seguran?a. A seguran?a dos SE tem sido negligenciada e os SE voltados para IoT t?m atra?do ataques maliciosos, visto que, desempenham um papel central no funcionamento de servi?os essenciais para as pessoas e empresas. O objetivo deste trabalho ? identificar um conjunto de mecanismos de seguran?a que utilizam t?cnicas de criptografia que, combinados com a t?cnica de virtualiza??o, possam estabelecer uma arquitetura de seguran?a para os SE virtualizados (SEV) voltados para IoT. Assim, estabelecendo um n?vel de confian?a m?nimo entre os usu?rios e os SEV. Al?m disso, foram implementados dois mecanismos de seguran?a no prplHypervisor: a verifica??o de integridade e a introspec??o das hypercalls do sistema convidado. Os resultados mostram que para um sistema convidado com tamanho de 256kB o mecanismo de verifica??o de integridade imp?s um tempo de atraso na inicializa??o de 150,33ms enquanto o mecanismo de introspec??o imp?s 10,57ms de atraso na inicializa??o. Foram adicionados 2.029 linhas de c?digo ao prplHypervisor para realizar a verifica??o de integridade e 120 linhas de c?digo para implementar o mecanismo de introspec??o. O tamanho final do prplHypervisor possui 32kB o que representa um aumento de 53% em rela??o ao c?digo original. Todavia, o crescimento n?o inviabiliza o uso dos mecanismos de seguran?a, dado que, a capacidade de armazenamento dispon?vel na plataforma utilizada ? de 2MB.Submitted by PPG Ci?ncia da Computa??o (ppgcc@pucrs.br) on 2018-03-21T19:00:14Z No. of bitstreams: 1 MATHEUS_DUARTE_VASCONCELOS_DIS.pdf: 1962973 bytes, checksum: 77c055e16913a3e7b366d18bb3c59fa3 (MD5)Approved for entry into archive by Tatiana Lopes (tatiana.lopes@pucrs.br) on 2018-04-04T13:36:20Z (GMT) No. of bitstreams: 1 MATHEUS_DUARTE_VASCONCELOS_DIS.pdf: 1962973 bytes, checksum: 77c055e16913a3e7b366d18bb3c59fa3 (MD5)Made available in DSpace on 2018-04-04T13:40:43Z (GMT). No. of bitstreams: 1 MATHEUS_DUARTE_VASCONCELOS_DIS.pdf: 1962973 bytes, checksum: 77c055e16913a3e7b366d18bb3c59fa3 (MD5) Previous issue date: 2017-08-31application/pdfhttp://tede2.pucrs.br:80/tede2/retrieve/171344/MATHEUS_DUARTE_VASCONCELOS_DIS.pdf.jpgporPontif?cia Universidade Cat?lica do Rio Grande do SulPrograma de P?s-Gradua??o em Ci?ncia da Computa??oPUCRSBrasilEscola Polit?cnicaSeguran?aSistemas EmbarcadosVirtualiza??oIoTCIENCIA DA COMPUTACAO::TEORIA DA COMPUTACAOUma arquitetura de seguran?a para sistemas embarcados virtualizadosinfo:eu-repo/semantics/publishedVersioninfo:eu-repo/semantics/masterThesisTrabalho n?o apresenta restri??o para publica??o1974996533081274470500500-862078257083325301info:eu-repo/semantics/openAccessreponame:Biblioteca Digital de Teses e Dissertações da PUC_RSinstname:Pontifícia Universidade Católica do Rio Grande do Sul (PUCRS)instacron:PUC_RSTHUMBNAILMATHEUS_DUARTE_VASCONCELOS_DIS.pdf.jpgMATHEUS_DUARTE_VASCONCELOS_DIS.pdf.jpgimage/jpeg5739http://tede2.pucrs.br/tede2/bitstream/tede/7922/4/MATHEUS_DUARTE_VASCONCELOS_DIS.pdf.jpg06279553d5a00cf6b9f45a261752eb46MD54TEXTMATHEUS_DUARTE_VASCONCELOS_DIS.pdf.txtMATHEUS_DUARTE_VASCONCELOS_DIS.pdf.txttext/plain129389http://tede2.pucrs.br/tede2/bitstream/tede/7922/3/MATHEUS_DUARTE_VASCONCELOS_DIS.pdf.txt1e4974c6f9414e759bfc6d030503982bMD53ORIGINALMATHEUS_DUARTE_VASCONCELOS_DIS.pdfMATHEUS_DUARTE_VASCONCELOS_DIS.pdfapplication/pdf1962973http://tede2.pucrs.br/tede2/bitstream/tede/7922/2/MATHEUS_DUARTE_VASCONCELOS_DIS.pdf77c055e16913a3e7b366d18bb3c59fa3MD52LICENSElicense.txtlicense.txttext/plain; charset=utf-8610http://tede2.pucrs.br/tede2/bitstream/tede/7922/1/license.txt5a9d6006225b368ef605ba16b4f6d1beMD51tede/79222018-04-04 12:00:49.077oai:tede2.pucrs.br:tede/7922QXV0b3JpemHDp8OjbyBwYXJhIFB1YmxpY2HDp8OjbyBFbGV0csO0bmljYTogQ29tIGJhc2Ugbm8gZGlzcG9zdG8gbmEgTGVpIEZlZGVyYWwgbsK6OS42MTAsIGRlIDE5IGRlIGZldmVyZWlybyBkZSAxOTk4LCBvIGF1dG9yIEFVVE9SSVpBIGEgcHVibGljYcOnw6NvIGVsZXRyw7RuaWNhIGRhIHByZXNlbnRlIG9icmEgbm8gYWNlcnZvIGRhIEJpYmxpb3RlY2EgRGlnaXRhbCBkYSBQb250aWbDrWNpYSBVbml2ZXJzaWRhZGUgQ2F0w7NsaWNhIGRvIFJpbyBHcmFuZGUgZG8gU3VsLCBzZWRpYWRhIGEgQXYuIElwaXJhbmdhIDY2ODEsIFBvcnRvIEFsZWdyZSwgUmlvIEdyYW5kZSBkbyBTdWwsIGNvbSByZWdpc3RybyBkZSBDTlBKIDg4NjMwNDEzMDAwMi04MSBiZW0gY29tbyBlbSBvdXRyYXMgYmlibGlvdGVjYXMgZGlnaXRhaXMsIG5hY2lvbmFpcyBlIGludGVybmFjaW9uYWlzLCBjb25zw7NyY2lvcyBlIHJlZGVzIMOgcyBxdWFpcyBhIGJpYmxpb3RlY2EgZGEgUFVDUlMgcG9zc2EgYSB2aXIgcGFydGljaXBhciwgc2VtIMO0bnVzIGFsdXNpdm8gYW9zIGRpcmVpdG9zIGF1dG9yYWlzLCBhIHTDrXR1bG8gZGUgZGl2dWxnYcOnw6NvIGRhIHByb2R1w6fDo28gY2llbnTDrWZpY2EuCg==Biblioteca Digital de Teses e Dissertaçõeshttp://tede2.pucrs.br/tede2/PRIhttps://tede2.pucrs.br/oai/requestbiblioteca.central@pucrs.br||opendoar:2018-04-04T15:00:49Biblioteca Digital de Teses e Dissertações da PUC_RS - Pontifícia Universidade Católica do Rio Grande do Sul (PUCRS)false |
dc.title.por.fl_str_mv |
Uma arquitetura de seguran?a para sistemas embarcados virtualizados |
title |
Uma arquitetura de seguran?a para sistemas embarcados virtualizados |
spellingShingle |
Uma arquitetura de seguran?a para sistemas embarcados virtualizados Vasconcelos, Matheus Duarte Seguran?a Sistemas Embarcados Virtualiza??o IoT CIENCIA DA COMPUTACAO::TEORIA DA COMPUTACAO |
title_short |
Uma arquitetura de seguran?a para sistemas embarcados virtualizados |
title_full |
Uma arquitetura de seguran?a para sistemas embarcados virtualizados |
title_fullStr |
Uma arquitetura de seguran?a para sistemas embarcados virtualizados |
title_full_unstemmed |
Uma arquitetura de seguran?a para sistemas embarcados virtualizados |
title_sort |
Uma arquitetura de seguran?a para sistemas embarcados virtualizados |
author |
Vasconcelos, Matheus Duarte |
author_facet |
Vasconcelos, Matheus Duarte |
author_role |
author |
dc.contributor.advisor1.fl_str_mv |
Hessel, Fabiano Passuelo |
dc.contributor.advisor1Lattes.fl_str_mv |
http://buscatextual.cnpq.br/buscatextual/visualizacv.do?id=K4728802T7 |
dc.contributor.authorLattes.fl_str_mv |
http://buscatextual.cnpq.br/buscatextual/visualizacv.do?id=K4300708P9 |
dc.contributor.author.fl_str_mv |
Vasconcelos, Matheus Duarte |
contributor_str_mv |
Hessel, Fabiano Passuelo |
dc.subject.por.fl_str_mv |
Seguran?a Sistemas Embarcados Virtualiza??o IoT |
topic |
Seguran?a Sistemas Embarcados Virtualiza??o IoT CIENCIA DA COMPUTACAO::TEORIA DA COMPUTACAO |
dc.subject.cnpq.fl_str_mv |
CIENCIA DA COMPUTACAO::TEORIA DA COMPUTACAO |
description |
Historically embedded systems (ES) were designed to perform a single task throughout their lifetime. However, this view has changed with the new paradigm of computing called the Internet of Things or IoT. An example of environment where IoT can be applied are smart cities by creating products such as smart poles. Thus, smart poles can be responsible not only for city lighting, but also for the control of security cameras, in addition to temperature and noise sensors. In this scenario, the virtualization technique in ES appears to contribute to the development of IoT devices since it allows a better use of the available resources in the ES besides contributing to the increase of the security. ES security has been neglected and IoT oriented ES have attracted malicious attacks as they play a central role in the operation of essential services for individuals and enterprises. Therefore, the objective of this work is to identify a set of security mechanisms that use cryptography techniques that, combined with the virtualization technique, can establish a security architecture for IoT oriented virtualized ES (VES). Thus, establishing a minimum level of confidence between the users and the SEV. Two security mechanisms have been implemented in prplHypervisor: integrity checking and introspection of guest system hypercalls. The results show that for a guest system with a size of 256kB the integrity check mechanism imposed a 150.33ms initialization delay time while the introspection engine imposed 10.57ms of initialization delay. 2,029 lines of code have been added to the prplHypervisor to perform the integrity check and 120 lines of code to implement the introspection engine. The final size of the prplHypervisor has 32kB which represents a 53% increase over the original code. However, growth does not prevent the use of security mechanisms since the storage capacity available on the platform is 2MB. |
publishDate |
2017 |
dc.date.issued.fl_str_mv |
2017-08-31 |
dc.date.accessioned.fl_str_mv |
2018-04-04T13:40:43Z |
dc.type.status.fl_str_mv |
info:eu-repo/semantics/publishedVersion |
dc.type.driver.fl_str_mv |
info:eu-repo/semantics/masterThesis |
format |
masterThesis |
status_str |
publishedVersion |
dc.identifier.uri.fl_str_mv |
http://tede2.pucrs.br/tede2/handle/tede/7922 |
url |
http://tede2.pucrs.br/tede2/handle/tede/7922 |
dc.language.iso.fl_str_mv |
por |
language |
por |
dc.relation.program.fl_str_mv |
1974996533081274470 |
dc.relation.confidence.fl_str_mv |
500 500 |
dc.relation.cnpq.fl_str_mv |
-862078257083325301 |
dc.rights.driver.fl_str_mv |
info:eu-repo/semantics/openAccess |
eu_rights_str_mv |
openAccess |
dc.format.none.fl_str_mv |
application/pdf |
dc.publisher.none.fl_str_mv |
Pontif?cia Universidade Cat?lica do Rio Grande do Sul |
dc.publisher.program.fl_str_mv |
Programa de P?s-Gradua??o em Ci?ncia da Computa??o |
dc.publisher.initials.fl_str_mv |
PUCRS |
dc.publisher.country.fl_str_mv |
Brasil |
dc.publisher.department.fl_str_mv |
Escola Polit?cnica |
publisher.none.fl_str_mv |
Pontif?cia Universidade Cat?lica do Rio Grande do Sul |
dc.source.none.fl_str_mv |
reponame:Biblioteca Digital de Teses e Dissertações da PUC_RS instname:Pontifícia Universidade Católica do Rio Grande do Sul (PUCRS) instacron:PUC_RS |
instname_str |
Pontifícia Universidade Católica do Rio Grande do Sul (PUCRS) |
instacron_str |
PUC_RS |
institution |
PUC_RS |
reponame_str |
Biblioteca Digital de Teses e Dissertações da PUC_RS |
collection |
Biblioteca Digital de Teses e Dissertações da PUC_RS |
bitstream.url.fl_str_mv |
http://tede2.pucrs.br/tede2/bitstream/tede/7922/4/MATHEUS_DUARTE_VASCONCELOS_DIS.pdf.jpg http://tede2.pucrs.br/tede2/bitstream/tede/7922/3/MATHEUS_DUARTE_VASCONCELOS_DIS.pdf.txt http://tede2.pucrs.br/tede2/bitstream/tede/7922/2/MATHEUS_DUARTE_VASCONCELOS_DIS.pdf http://tede2.pucrs.br/tede2/bitstream/tede/7922/1/license.txt |
bitstream.checksum.fl_str_mv |
06279553d5a00cf6b9f45a261752eb46 1e4974c6f9414e759bfc6d030503982b 77c055e16913a3e7b366d18bb3c59fa3 5a9d6006225b368ef605ba16b4f6d1be |
bitstream.checksumAlgorithm.fl_str_mv |
MD5 MD5 MD5 MD5 |
repository.name.fl_str_mv |
Biblioteca Digital de Teses e Dissertações da PUC_RS - Pontifícia Universidade Católica do Rio Grande do Sul (PUCRS) |
repository.mail.fl_str_mv |
biblioteca.central@pucrs.br|| |
_version_ |
1796793231701180416 |