Open Platform Systems under Scrutiny: A Cybersecurity Analysis of the Device Tree

Dimitrios Tychalas, Michail Maniatakos

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Abstract

Embedded systems are deployed in systems ranging from personal devices to systems deployed in critical infrastructure. Due to the advent of Industry 4.0 and the rising need for platform transparency and uniformity, developers opt for open-source modular system software that replace the conventional monolithic firmware approach. A common part of the modern embedded system is the Device Tree, a hardware description structure leveraged by the OS kernel. This modular approach and its malleability, however, can be exposed as a vulnerability and enable an array of attacks that would disrupt and destabilize the system. In this paper, we consider the Device Tree from a cybersecurity perspective. We identify scenarios that would enable covert attacks on a target system as well as propose countermeasures from the state-of-the-art.

Original languageEnglish (US)
Title of host publication2018 25th IEEE International Conference on Electronics Circuits and Systems, ICECS 2018
PublisherInstitute of Electrical and Electronics Engineers Inc.
Pages477-480
Number of pages4
ISBN (Electronic)9781538695623
DOIs
StatePublished - Jan 17 2019
Event25th IEEE International Conference on Electronics Circuits and Systems, ICECS 2018 - Bordeaux, France
Duration: Dec 9 2018Dec 12 2018

Publication series

Name2018 25th IEEE International Conference on Electronics Circuits and Systems, ICECS 2018

Conference

Conference25th IEEE International Conference on Electronics Circuits and Systems, ICECS 2018
CountryFrance
CityBordeaux
Period12/9/1812/12/18

Fingerprint

Embedded systems
platforms
Critical infrastructures
Firmware
attack
malleability
Transparency
firmware
Computer hardware
Computer systems
vulnerability
countermeasures
photographic developers
hardware
industries
computer programs
Industry

ASJC Scopus subject areas

  • Electrical and Electronic Engineering
  • Instrumentation

Cite this

Tychalas, D., & Maniatakos, M. (2019). Open Platform Systems under Scrutiny: A Cybersecurity Analysis of the Device Tree. In 2018 25th IEEE International Conference on Electronics Circuits and Systems, ICECS 2018 (pp. 477-480). [8618042] (2018 25th IEEE International Conference on Electronics Circuits and Systems, ICECS 2018). Institute of Electrical and Electronics Engineers Inc.. https://doi.org/10.1109/ICECS.2018.8618042

Open Platform Systems under Scrutiny : A Cybersecurity Analysis of the Device Tree. / Tychalas, Dimitrios; Maniatakos, Michail.

2018 25th IEEE International Conference on Electronics Circuits and Systems, ICECS 2018. Institute of Electrical and Electronics Engineers Inc., 2019. p. 477-480 8618042 (2018 25th IEEE International Conference on Electronics Circuits and Systems, ICECS 2018).

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Tychalas, D & Maniatakos, M 2019, Open Platform Systems under Scrutiny: A Cybersecurity Analysis of the Device Tree. in 2018 25th IEEE International Conference on Electronics Circuits and Systems, ICECS 2018., 8618042, 2018 25th IEEE International Conference on Electronics Circuits and Systems, ICECS 2018, Institute of Electrical and Electronics Engineers Inc., pp. 477-480, 25th IEEE International Conference on Electronics Circuits and Systems, ICECS 2018, Bordeaux, France, 12/9/18. https://doi.org/10.1109/ICECS.2018.8618042
Tychalas D, Maniatakos M. Open Platform Systems under Scrutiny: A Cybersecurity Analysis of the Device Tree. In 2018 25th IEEE International Conference on Electronics Circuits and Systems, ICECS 2018. Institute of Electrical and Electronics Engineers Inc. 2019. p. 477-480. 8618042. (2018 25th IEEE International Conference on Electronics Circuits and Systems, ICECS 2018). https://doi.org/10.1109/ICECS.2018.8618042
Tychalas, Dimitrios ; Maniatakos, Michail. / Open Platform Systems under Scrutiny : A Cybersecurity Analysis of the Device Tree. 2018 25th IEEE International Conference on Electronics Circuits and Systems, ICECS 2018. Institute of Electrical and Electronics Engineers Inc., 2019. pp. 477-480 (2018 25th IEEE International Conference on Electronics Circuits and Systems, ICECS 2018).
@inproceedings{b0deca4ea8d94c938b8aae6af3a418b4,
title = "Open Platform Systems under Scrutiny: A Cybersecurity Analysis of the Device Tree",
abstract = "Embedded systems are deployed in systems ranging from personal devices to systems deployed in critical infrastructure. Due to the advent of Industry 4.0 and the rising need for platform transparency and uniformity, developers opt for open-source modular system software that replace the conventional monolithic firmware approach. A common part of the modern embedded system is the Device Tree, a hardware description structure leveraged by the OS kernel. This modular approach and its malleability, however, can be exposed as a vulnerability and enable an array of attacks that would disrupt and destabilize the system. In this paper, we consider the Device Tree from a cybersecurity perspective. We identify scenarios that would enable covert attacks on a target system as well as propose countermeasures from the state-of-the-art.",
author = "Dimitrios Tychalas and Michail Maniatakos",
year = "2019",
month = "1",
day = "17",
doi = "10.1109/ICECS.2018.8618042",
language = "English (US)",
series = "2018 25th IEEE International Conference on Electronics Circuits and Systems, ICECS 2018",
publisher = "Institute of Electrical and Electronics Engineers Inc.",
pages = "477--480",
booktitle = "2018 25th IEEE International Conference on Electronics Circuits and Systems, ICECS 2018",

}

TY - GEN

T1 - Open Platform Systems under Scrutiny

T2 - A Cybersecurity Analysis of the Device Tree

AU - Tychalas, Dimitrios

AU - Maniatakos, Michail

PY - 2019/1/17

Y1 - 2019/1/17

N2 - Embedded systems are deployed in systems ranging from personal devices to systems deployed in critical infrastructure. Due to the advent of Industry 4.0 and the rising need for platform transparency and uniformity, developers opt for open-source modular system software that replace the conventional monolithic firmware approach. A common part of the modern embedded system is the Device Tree, a hardware description structure leveraged by the OS kernel. This modular approach and its malleability, however, can be exposed as a vulnerability and enable an array of attacks that would disrupt and destabilize the system. In this paper, we consider the Device Tree from a cybersecurity perspective. We identify scenarios that would enable covert attacks on a target system as well as propose countermeasures from the state-of-the-art.

AB - Embedded systems are deployed in systems ranging from personal devices to systems deployed in critical infrastructure. Due to the advent of Industry 4.0 and the rising need for platform transparency and uniformity, developers opt for open-source modular system software that replace the conventional monolithic firmware approach. A common part of the modern embedded system is the Device Tree, a hardware description structure leveraged by the OS kernel. This modular approach and its malleability, however, can be exposed as a vulnerability and enable an array of attacks that would disrupt and destabilize the system. In this paper, we consider the Device Tree from a cybersecurity perspective. We identify scenarios that would enable covert attacks on a target system as well as propose countermeasures from the state-of-the-art.

UR - http://www.scopus.com/inward/record.url?scp=85062290494&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=85062290494&partnerID=8YFLogxK

U2 - 10.1109/ICECS.2018.8618042

DO - 10.1109/ICECS.2018.8618042

M3 - Conference contribution

AN - SCOPUS:85062290494

T3 - 2018 25th IEEE International Conference on Electronics Circuits and Systems, ICECS 2018

SP - 477

EP - 480

BT - 2018 25th IEEE International Conference on Electronics Circuits and Systems, ICECS 2018

PB - Institute of Electrical and Electronics Engineers Inc.

ER -