Godkända
Robust säkerhetsuppdatering för uppkopplade enheter
Jonathan Karlsson (2009) och Jonathan Sönnerup (2010)
Start
2015-09-07
Presentation
2016-03-04 11:15
Plats:
Avslutat:
2016-03-10
Examensrapport:
Sammanfattning
The Internet of Things (IoT) era has just begun, with billions of devices connected to "the cloud", targeting wearables, cars, smart homes, healthcare and even cities. As more personal information is being stored and processed by the IoT devices, security is of uttermost importance. Due to the competitive market, manufacturers want to optimize the Time to Market and minimize the price. This often results in security being neglected, since it's costly and doesn't add new features. Manufacturers doesn't prioritize older versions as much as new ones. Having older devices still connected to the Internet will be more exposed to attackers when vulnerabilities are found.<br /><br /> Our contribution in this Master's project is: <ul> <li> To investigate current methods for software management - Currently, software management and updating is often done manually, identifying which patches should be applied and then configuring the software update in a non-automated way. Knowledge about current practices will allow us to better identify the needs in an automated update service.</li> <li> To analyze and compare different technologies for software management in general and updating and patching in particular.</li> <li> Investigate which open-source software is used by Axis products and the need to apply security patches to this.</li> <li> Investigate the different approaches taken by a subset of Axis customers for maintaining up-to-date software in the products.</li> <li> Determine what support is needed by the chip in order to support remote security updates?</li> <li> Implement a proof-of-concept for applying security patches to Axis products.</li> <li> Suggest a technical framework for applying security patches through a third party and determine its strengths and weaknesses.</li> <li> We will look into principles of secure SW upgrade using embedded virtualization technologies. We also consider robust failure recovery mechanisms through cooperation with the upgrading agent on the device side and the upgrade/back- end system.</li> </ul>
Handledare: Fredrik Larsson (Axis Communications) och Martin Hell (EIT)
Examinator: Thomas Johansson (EIT)