Tesis sobre el tema "Sécurité systèmes embarqués"
Crea una cita precisa en los estilos APA, MLA, Chicago, Harvard y otros
Consulte los 50 mejores tesis para su investigación sobre el tema "Sécurité systèmes embarqués".
Junto a cada fuente en la lista de referencias hay un botón "Agregar a la bibliografía". Pulsa este botón, y generaremos automáticamente la referencia bibliográfica para la obra elegida en el estilo de cita que necesites: APA, MLA, Harvard, Vancouver, Chicago, etc.
También puede descargar el texto completo de la publicación académica en formato pdf y leer en línea su resumen siempre que esté disponible en los metadatos.
Explore tesis sobre una amplia variedad de disciplinas y organice su bibliografía correctamente.
Buret, Pierrick. "Sécurité temps réel dans les systèmes embarqués critiques". Thesis, Limoges, 2015. http://www.theses.fr/2015LIMO0140/document.
Texto completoSatellites are real-time embedded systems and will be used more and more in the world. Become essential for the geo-location, meteorology or communications across the planet, these systems are increasingly in demand. Due to the influx of requests, the designers of these products are designing a more and more complex hardware and software part. Thanks to the evolution of terrestrial equipment, the aero-space field is turning to new technologies such as caches, multi-core, and hypervisor. The integration of these new technologies bring new technical challenges. In effect, it is necessary to improve the performance of these systems by reducing the cost of manufacturing and the production time. One of the major advantages of these technologies is the possibility of reducing the overall number of satellites in space while increasing the number of operators. Multiple clients softwares may be together today in a same satellite. The ability to integrate multiple customers on the same satellite, with the increasing complexity of the system, makes a number of malicious acts possible. These acts were once considered as hypothetical. Become a priority today, the study of the vulnerability of such systems become major. In this paper, we present first work a quick exploration of the field of malicious acts on onboard system and more specifically those carried out on satellite system. Once the risk presentation we will develop some particular points, such as the problematic real-time. In this thesis we are particularly interested in the security of space hypervisors. We will develop precisely 2 lines of research. The first axis is focused on the development of production technics and implementing a control system of a satellite temporal characteristics. The objective is to adapt an existing system to the constraints of the new highly complex systems. We confront the difficulty of measuring the temporal characteristics running on a satellite system. For this we use an optimization method called dynamic analysis and genetic algorithm. Based on trends, it can automatically search for the worst execution time of a given function. The second axis improves the technical knowledge on a satellite in operation and enables decision making in case of malicious act. We propose specifically a physical solution to detect anomalies in the management of internal memory to the satellite. Indeed, memory is an essential component of system operation, and these common properties between all clients makes them particularly vulnerable to malicious acts. Also, know the number of memory access enables better scheduling and better predictability of a real time system. Our component allows the detection and interpretation of a potential attack or dependability problem. The work put in evidence the complementarity of the two proposed work. Indeed, the measure of the number of memory access that can be measured via a genetic algorithm whose shape is similar to the program seeking the worst execution time. So we can expand our work of the first part with the second
Clavier, Christophe. "De la sécurité physique des crypto-systèmes embarqués". Versailles-St Quentin en Yvelines, 2007. http://www.theses.fr/2007VERS0028.
Texto completoIn a world full of threats, the development of widespread digital applications has led to the need for a practical device containing cryptographic functions that provide the everyday needs for secure transactions, confidentiality of communications, identification of the subject or authentication for access to a particular service. Among the cryptographic embedded devices ensuring these functionalities, smart cards are certainly the most widely used. Their portability (a wallet may easily contain a dozen) and their ability to protect its data and programs against intruders, make it as the ideal ``bunker'' for key storage and the execution of cryptographic functions during mobile usage requiring a high level of security. Whilst the design of mathematically robust (or even proven secure in some models) cryptographic schemes is an obvious requirement, it is apparently insufficient in the light of the first physical attacks that were published in 1996. Taking advantage of weaknesses related to the basic implementation of security routines, these threats include side-channel analysis which obtains information about the internal state of the process, and the exploitation of induced faults allowing certain cryptanalysis to be performed which otherwise would not have been possible. This thesis presents a series of research works covering the physical security of embedded cryptosystems. Two parts of this document are dedicated to the description of some attacks and to a study of the efficiency of conceivable countermeasures. A third part deals with that particular and still mainly unexplored area which considers the applicability of physical attacks when the cryptographic function is, partly or totally, unknown by the adversary
Davidson, Tremblay Patrick. "Protection et intégrité des systèmes embarqués réseautés". Mémoire, Université de Sherbrooke, 2014. http://hdl.handle.net/11143/5896.
Texto completoPerito, Daniele. "Exécution sécurisée de code sur systèmes embarqués". Phd thesis, Université de Grenoble, 2011. http://tel.archives-ouvertes.fr/tel-00639053.
Texto completoSchweppe, Hendrik. "Sécurité et protection de la vie privée dans les systèmes embarqués automobiles". Thesis, Paris, ENST, 2012. http://www.theses.fr/2012ENST0062/document.
Texto completoElectronic equipment has become an integral part of a vehicle's network architecture, which consists of multiple buses and microcontrollers called Electronic Control Units (ECUs). These ECUs recently also connect to the outside world. Navigation and entertainment system, consumer devices, and Car2X functions are examples for this. Recent security analyses have shown severe vulnerabilities of exposed ECUs and protocols, which may make it possible for attackers to gain control over a vehicle. Given that car safety-critical systems can no longer be fully isolated from such third party devices and infotainment services, we propose a new approach to securing vehicular on-board systems that combines mechanisms at different layers of the communication stack and of the execution platforms. We describe our secure communication protocols, which are designed to provide strong cryptographic assurances together with an efficient implementation fitting the prevalent vehicular communication paradigms. They rely on hardware security modules providing secure storage and acting as root of trust. A distributed data flow tracking based approach is employed for checking code execution against a security policy describing authorized communication patterns. Binary instrumentation is used to track data flows throughout execution (taint engine) and also between control units (middleware), thus making it applicable to industrial applications. We evaluate the feasibility of our mechanisms to secure communication on the CAN bus, which is ubiquitously implemented in cars today. A proof of concept demonstrator also shows the feasibility of integrating security features into real vehicles
Crenne, Jérémie. "Sécurité Haut-débit pour les Systèmes Embarqués à base de FPGAs". Phd thesis, Université de Bretagne Sud, 2011. http://tel.archives-ouvertes.fr/tel-00655959.
Texto completoFeix, Benoît. "Implémentations Efficaces de Crypto-systèmes Embarqués et Analyse de leur Sécurité". Limoges, 2013. https://aurore.unilim.fr/theses/nxfile/default/19ba2f73-2b7f-42ed-8afc-794a4b0c7604/blobholder:0/2013LIMO4062.pdf.
Texto completoCryptography has become a very common term in our daily life even for those that are not practising this science. It can represent today an efficient shield that prevent us from hackers' or other non-respectable entities' intrusions in our privacy. Cryptography can protect the personal data we store on many physical numerical supports or even cloudy ones for the most intrepid people. However a secure usage cryptography is also necessary. Cryptographic algorithms must be implemented such that they contain the right protections to defeat the category of physical attacks. Since the first article has been presented on this subject in 1996, different attack improvements, new attack paths and countermeasures have been published and patented. We present the results we have obtained during the PhD. New physical attacks are presented with practical results. We are detailing innovative side-channel attacks that take advantage of all the leakage information present in a single execution trace of the cryptographic algorithm. We also present two new CoCo (Collision Correlation) attacks that target first order protected implementations of AES and RSA algorithms. We are in the next sections using fault-injection techniques to design new combined attacks on different state of the art secure implementation of AES and RSA. Later we present new probable prime number generation method well suited to embedded products. We show these new methods can lead to faster implementations than the probabilistic ones commonly used in standard products. Finally we conclude this report with the secure exponentiation method we named Square Always
Schweppe, Hendrik. "Sécurité et protection de la vie privée dans les systèmes embarqués automobiles". Electronic Thesis or Diss., Paris, ENST, 2012. http://www.theses.fr/2012ENST0062.
Texto completoElectronic equipment has become an integral part of a vehicle's network architecture, which consists of multiple buses and microcontrollers called Electronic Control Units (ECUs). These ECUs recently also connect to the outside world. Navigation and entertainment system, consumer devices, and Car2X functions are examples for this. Recent security analyses have shown severe vulnerabilities of exposed ECUs and protocols, which may make it possible for attackers to gain control over a vehicle. Given that car safety-critical systems can no longer be fully isolated from such third party devices and infotainment services, we propose a new approach to securing vehicular on-board systems that combines mechanisms at different layers of the communication stack and of the execution platforms. We describe our secure communication protocols, which are designed to provide strong cryptographic assurances together with an efficient implementation fitting the prevalent vehicular communication paradigms. They rely on hardware security modules providing secure storage and acting as root of trust. A distributed data flow tracking based approach is employed for checking code execution against a security policy describing authorized communication patterns. Binary instrumentation is used to track data flows throughout execution (taint engine) and also between control units (middleware), thus making it applicable to industrial applications. We evaluate the feasibility of our mechanisms to secure communication on the CAN bus, which is ubiquitously implemented in cars today. A proof of concept demonstrator also shows the feasibility of integrating security features into real vehicles
Li, Letitia. "Approche orientée modèles pour la sûreté et la sécurité des systèmes embarqués". Thesis, Université Paris-Saclay (ComUE), 2018. http://www.theses.fr/2018SACLT002/document.
Texto completoThe presence of communicating embedded systems/IoTs in our daily lives have brought a myriad of benefits, from adding conveniences and entertainment, to improving the safety of our commutes and health care. However, the flaws and vulnerabilities in these devices expose their users to risks of property damage, monetary losses, and personal injury. For example, consumer vehicles, both connected and conventional, have succumbed to a variety of design flaws resulting in injuries and death. At the same time, as vehicles are increasingly connected (and in the near future, autonomous), researchers have demonstrated possible hacks on their sensors or internal control systems, including direct injection of messages on the CAN bus.Ensuring the safety of users or bystanders involves considering multiple factors. Conventional safety suggests that a system should not contain software and hardware flaws which can prevent it from correct function. `Safety of the Intended Function' involves avoiding the situations which the system or its components cannot handle, such as adverse extreme environmental conditions. Timing can be critical for certain real-time systems, as the system will need to respond to certain events, such as obstacle avoidance, within a set period to avoid dangerous situations. Finally, the safety of a system depends on its security. An attacker who can send custom commands or modify the software of the system may change its behavior and send it into various unsafe situations. Various safety and security countermeasures for embedded systems, especially connected vehicles, have been proposed. To place these countermeasures correctly requires methods of analyzing and verifying that the system meets all safety, security, and performance requirements, preferably at the early design phases to minimize costly re-work after production. This thesis discusses the safety and security considerations for embedded systems, in the context of Institut Vedecom's autonomous vehicle. Among the proposed approaches to ensure safety and security in embedded systems, Model-Driven Engineering is one such approach that covers the full design process, from elicitation of requirements, design of hardware and software, simulation/formal verification, and final code generation. This thesis proposes a modeling-based methodology for safe and secure design, based on the SysML-Sec Methodology, which involve new modeling and verification methods. Security modeling is generally performed in the last phases of design. However, security impacts the early architecture/mapping and HW/SW partitioning decisions should be made based on the ability of the architecture to satisfy security requirements. This thesis proposes how to model the security mechanisms and the impact of an attacker as relevant to the HW/SW Partitioning phase. As security protocols negatively impact performance, it becomes important to measure both the usage of hardware components and response times of the system. Overcharged components can result in unpredictable performance and undesired delays. This thesis also discusses latency measurements of safety-critical events, focusing on one critical to autonomous vehicles: braking as after obstacle detection. Together, these additions support the safe and secure design of embedded systems
Idrees, Muhammad Sabir. "Ingénierie des exigences pour la conception d'architectures de sécurité de systèmes embarqués distribués". Thesis, Paris, ENST, 2012. http://www.theses.fr/2012ENST0045/document.
Texto completoDuring the last ten years, the impact of security concerns on the development and exploration of distributed embedded systems never ceased to grow. This is mainly related to the fact that these systems are increasingly interconnected and thus vulnerable to attacks, and that the economic interest in attacking them has simultane- ously increased. In such a context, requirement engineering methodologies and tools have become necessary to take appropriate decisions regarding security early on. Security requirements engineering should thus strongly support the elicitation and specifica- tion of software security issues and solutions well before designers and developers are committed to a particular implementation. However, and that is especially true in embedded systems, security requirements should not be considered only as the abstract expression of a set of properties independently from the system architecture or from the threats and attacks that may occur. We believe this consideration is of utmost importance for security requirements engineering to be the driving force behind the design and implementation of a secure system. We thus describe in this thesis a security engineering requirement methodology depending upon a constant dialog between the design of system functions, the requirements that are attached to them, the design and development of the system architecture, and the assessment of the threats to system assets. Our approach in particular relies on a knowledge-centric approach to security requirement engineering, applicable from the early phases of system conceptualization to the enforcement of security requirements
Idrees, Muhammad Sabir. "Ingénierie des exigences pour la conception d'architectures de sécurité de systèmes embarqués distribués". Electronic Thesis or Diss., Paris, ENST, 2012. http://www.theses.fr/2012ENST0045.
Texto completoDuring the last ten years, the impact of security concerns on the development and exploration of distributed embedded systems never ceased to grow. This is mainly related to the fact that these systems are increasingly interconnected and thus vulnerable to attacks, and that the economic interest in attacking them has simultane- ously increased. In such a context, requirement engineering methodologies and tools have become necessary to take appropriate decisions regarding security early on. Security requirements engineering should thus strongly support the elicitation and specifica- tion of software security issues and solutions well before designers and developers are committed to a particular implementation. However, and that is especially true in embedded systems, security requirements should not be considered only as the abstract expression of a set of properties independently from the system architecture or from the threats and attacks that may occur. We believe this consideration is of utmost importance for security requirements engineering to be the driving force behind the design and implementation of a secure system. We thus describe in this thesis a security engineering requirement methodology depending upon a constant dialog between the design of system functions, the requirements that are attached to them, the design and development of the system architecture, and the assessment of the threats to system assets. Our approach in particular relies on a knowledge-centric approach to security requirement engineering, applicable from the early phases of system conceptualization to the enforcement of security requirements
Salem, Fatma. "Fiabilité et sécurité des systèmes embarqués communicants pour les transports : modélisation et optimisation". Thesis, Valenciennes, 2018. http://www.theses.fr/2018VALE0034.
Texto completoVehicle-to-anything (V2X) refers to an Intelligent Transportation System (ITS) where the vehicles and infrastructure systems are all interconnected with each other. This connectivity provides precise knowledge of the traffic situations across the entire road network which in turn helps to enhance traffic safety, reduce congestion time, avoid economic losses, in addition to enable a variety of novel ITS applications for road safety and passenger infotainment. V2X communications is based on two technologies; Dedicated Short-Range Communications (DSRC) which is an essential technology for realizing V2X and cellular networks which provide an o_-the-shelf potential solution for V2X communications. Although the research community has achieved much great progress on V2X study, there are still some challenges that need to be overcome and some key issues that need to be further investigated. This thesis considers two of the most prominent issues; reliability and security of V2X communications. From the reliability perspective, we first propose User Model-based Method to evaluate the capacity of IEEE 802.11p-based DSRC standard to meet the Quality-of-Service (QoS) requirements of safety messages dissemination. The novelty of the method lies in its application which avoids the problem of defining a Markovian model by determining the steady state moments of the induced delay process. This applicability feature provides important insights about IEEE 802.11p design parameters and its functionality leading to proposed reconfigurations for enhanced performance. Moreover, we propose Regenerative model, that we believe to be the first to address the problem of interconnected-traffic process characterization in large-scale hybrid V2X networks. The latter is a primary concern in achieving efficient and adequate operability for large-scale vehicular networks. From the security perspective, we introduce a new optimization methodology which ties the QoS requirements of different application classes with the basic design parameters of the contention resolution mechanism in IEEE 802.11p MAC protocol. In addition, a novel detection algorithm for jamming attacks in the vehicular environment is proposed. The algorithm utilizes the developed optimization methodology to de_ne a detection threshold. By integrating the sequential detection of change method it traces and detects jamming attacks whenever the threshold value is crossed. Analytical and simulation experimentations have been performed for each contribution to show the validity of the proposed methods/models and to prove their efficiency
Souissi, Youssef. "Méthodes optimisant l'analyse des cryptoprocesseurs sur les canaux cachés". Phd thesis, Télécom ParisTech, 2011. http://pastel.archives-ouvertes.fr/pastel-00681665.
Texto completoSouissi, Youssef. "Méthodes optimisant l'analyse des cryptoprocesseurs sur les canaux cachés". Phd thesis, Paris, Télécom ParisTech, 2011. https://pastel.hal.science/pastel-00681665.
Texto completoThe security of modern embedded systems has been the subject of intensive research in engineering areas. Recent threats called Side-Channel Analysis (SCA) have attracted much attention in embedded security areas. SCAs are passive attacks, in that the device under attack is not aware of its leaks being recorded. Therefore, the need of securing and evaluating the robustness of embedded systems against SCAs becomes obvious. Basically, four aspects of security evaluation analysis should be taken into consideration: the acquisition of Side-channel traces, the preprocessing of traces acquired, the detection and extraction of cryptographic patterns from the preprocessed traces, and finally the recovery of sensitive information, referred to as the secret key. This thesis investigates new techniques in the analysis of systems for Side-channel attacks. It considers how evaluation targets are characterized, how their behaviour may be simulated -- in order to hone targets for empirical analysis and then how data can be collected and analysed. The overall goal is the establishment of a methodological basis for this work. The first part of this thesis focuses on physical cryptanalysis. Several solutions and generic Side-channel attacks are addressed. The second part of this thesis is devoted to the pre-processing of the Side-channel leaked information. We propose new techniques and efficient pre-processing algorithms to get rid off the issues related principally to the noise and de-synchronisation problems. In the last part of this thesis, we establish a methodological framework, which aims at best organizing the task of the evaluator. We also highlight common pitfalls made by evaluators
Alloum, Ahmed. "Modélisation et commande dynamique d'une automobile pour la sécurité de conduite". Compiègne, 1994. http://www.theses.fr/1994COMP7045.
Texto completoMathieu-Mahias, Axel. "Sécurisation des implémentations d'algorithmes cryptographiques pour les systèmes embarqués". Electronic Thesis or Diss., université Paris-Saclay, 2021. http://www.theses.fr/2021UPASG095.
Texto completoEmbedded systems are ubiquitous and they have more and more applications. Most actual industrial fields rely on embedded systems for accomplishing specific tasks, sometimes highly sensitive. Currently, the deployment of embedded systems is even more increasing by the birth of the "Internet of Things", which is expected to revolutionize our digital world.An embedded system is an electronic and informatic system in control of a specific part of a larger system. Numerous constraints, in particular regarding its size, must be taken into account during its conception. Consequently, an embedded system is usually low cost, consume low power and has limited computational resources.For accomplishing its specific tasks, an embedded system collect, manipulate and exchange data that are usually sensitive. Moreover, such a system can often be directly accessible physically. This particularity can then be exploited by an unauthorized entity in order to control, extract or alter sensitive data manipulated by such systems.In this context, it is mandatory to develop well-suited security mechanisms. In particular, it is crucial to prevent direct physical access to the device but also to protect sensitive data manipulated or stored by the device.Cryptography is the science of secrets and offers numerous ways to mitigate the risks that face electronic devices. However, in such a context, some physical characteristics of the electronics of embedded systems vary during the execution of the implementations of cryptographic algorithms guaranteeing the security of information. In particular, the power consumption of a device or its electromagnetic radiations depend on the manipulated data as well as of the choices made for implementing the cryptographic algorithms. These physical characteristics can also be measured if physical access to the device is possible. The exploitation of these measurements has led to devastating attacks called "Side-Channel attacks". Mounting this kind of attacks enables to extract sensitive data stored or manipulated by an electronic device, usually without much effort.Special countermeasures have to be implemented to mitigate the security risks that face the implementations of cryptographic algorithms without deteriorating too much their performances in practice. Masking is a well-known solution, but its correct implementation requires a thorough analysis of algorithmic solutions it provides, especially in the context just described where devices have limited resources
Lugou, Florian. "Environnement pour l'analyse de sécurité d'objets communicants". Thesis, Université Côte d'Azur (ComUE), 2018. http://www.theses.fr/2018AZUR4005/document.
Texto completoAs embedded systems become more complex, more connected and more involved in critical tasks, the question of how strict security analysis can be performed during embedded system design needs to be thoroughly addressed. In this thesis, we study how automated formal verification can help embedded system designers in evaluating the impact of hardware and software modifications on the security of the whole system. One of the specificities of embedded system design-which is of particular interest for formal verification-is that the system under design is described as interacting hardware and software components. Formally verifying these systems requires taking both types of components into account. To illustrate this fact, we propose an example of a hardware/software co-design (based on Intel SGX) that provides a secure channel between a peripheral and an application. Formal verification can be performed on this system at different levels: from a high-level view (without describing the implementations) or from a low-level implementation. These two cases differ in terms of how tightly coupled the hardware and software components are. In the first case, we propose a model-based approach-for both the partitioning and software design phases- which enables us to describe software and hardware with high-level models and enables a transformation of these models into a formal specification which can be formally analyzed by the ProVerif tool. In the second case, we consider a software implementation and a more concrete
Dessiatnikoff, Anthony. "Analyse de vulnérabilités de systèmes avioniques embarqués : classification et expérimentation". Phd thesis, INSA de Toulouse, 2014. http://tel.archives-ouvertes.fr/tel-01032444.
Texto completoDelange, Julien. "Intégration de la sécurité et de la sûreté de fonctionnement dans la construction d'intergiciels critiques". Phd thesis, Paris, Télécom ParisTech, 2010. https://pastel.hal.science/pastel-00006301.
Texto completoSafety-critical software (used in avionics, military or aerospace domains) must preserve their integrity, ensure a continuous operational state and enforce security of their data. There requirements are met through a dedicated development process that analyzes and detects errors before system release. However, these methods are not sufficient and safety or security still occurs in such systems (e. G. Explosion of Ariane 5, mission failure of Mars Climate Orbiter, etc). In addition, meeting safety and security becomes more and more difficult due to an increasing number of functionalities. This thesis introduces a new method to build safety-critical systems and ensure their safety and security requirements. The approach proposes patterns for the specification of safe and secure systems. Then, a dedicated development process relies on them to (i) validate, (ii) automatically implement and (iii) certify the system, enforcing its requirements from the specifications to the code. System validation (i) detects specification errors, ensuring its correctness and feasibility prior any development effort. The automatic implementation process (ii) translates system specification into code and ensures their requirements enforcement. The certification (iii) aspect verifies that specification requirements are met in the implementation by analyzing the system during its execution. It also evaluates its compliance against certification standards (such as DO178B)
Schoenig, Raphaël. "Définition d'une méthodologie de conception des systèmes mécatroniques sûrs de fonctionnement". Vandoeuvre-les-Nancy, INPL, 2004. http://www.theses.fr/2004INPL085N.
Texto completoThe introduction of embedded electronic in car industry induced a technological revolution that will last for years. Embedded electronic systems are more and more complex and their features involve the adaptation and structuring of the whole design activities. Verification, validation, design, and of course safety analysis should be integrated in a same process. First, we identify a class of formalism able to represent the functional and behavioral aspects of the system, and suited for hybrid and real time features. This model is the support of the methodology. Then, we propose an exploitation of formal methods, such as model-checking, to validate and check properties of the model and complement usual methods like tests and simulations. Finally, we particularly emphasize the dependability aspects. A method, based on the construction of an aggregated Markov graph, is developed. The advantage of this approach is to be able to model and assess the reliability of a dynamic hybrid system. The main steps consist in spliting up the dynamic of the system and the dynamic of the failure process by the mean of the singular perturbation method. Then, we identify and we evaluate variables of the system which interact with the failure dynamic. Simulation is used to estimate these variables, because of its ability to handle complex systems. The variables are then integrated in the aggregated Markov graph
Bukasa, Sébanjila Kevin. "Analyse de vulnérabilité des systèmes embarqués face aux attaques physiques". Thesis, Rennes 1, 2019. http://www.theses.fr/2019REN1S042/document.
Texto completoDuring this thesis, we focused on the security of mobile devices. To do this, we explored physical attacks by perturbation (fault injections) as well as by observation, both based on electromagnetic emissions. We selected two types of targets representing two categories of mobile devices. On the one hand, the microcontrollers that equip IoT devices. And on the other hand the System-on-Chip (SoC) that can be found on smartphones. We focused on the chips designed by ARM. Through physical attacks we wanted to show that it was possible to affect the microarchitecture on which the entire functioning of these systems is based. All the protections that can be implemented later at the software level are based on the microarchitecture and therefore become ineffective when it is attacked. For IoT devices, we have highlighted the possibility of obtaining information or total control of the device by means of a fault injection. In this case, fault injections are used as software attack triggers. They also allow software protection to be bypassed. For smartphone devices, we were initially able to extract information contained within a SoC, using electromagnetic listening and characterization of its behavior. In a second step, we were able to show that in the event of a fault, random behaviours can occur, we characterized and proposed explanations for these behaviours. Demonstrating and on systems more advanced than IoT, it is still possible to use physical attacks. Finally, we proposed possible improvements in relation to our various findings during this work
Delange, Julien. "Intégration de la sécurité et de la sûreté de fonctionnement dans la construction d'intergiciels critiques". Phd thesis, Télécom ParisTech, 2010. http://pastel.archives-ouvertes.fr/pastel-00006301.
Texto completoDomingues, Antonio. "Système embarqué multi-capteurs pour la détection d'obstacles routiers : développement du prototype et réglage automatique de la chaîne de traitements d'images". Orléans, 2004. http://www.theses.fr/2004ORLE2026.
Texto completoBréjon, Jean-Baptiste. "Quantification de la sécurité des applications en présence d'attaques physiques et détection de chemins d'attaques". Electronic Thesis or Diss., Sorbonne université, 2020. http://www.theses.fr/2020SORUS275.
Texto completoEmbedded systems are processing and handling more and more sensitive data. The security of these systems is now a prime concern for those who designs them. Fault attacks are indented to disrupt the execution of programs through the manipulation of physical quantities in the system environment and enable an attacker to bypass security mechanisms or achieve privilege escalation. Software counter-measures are deployed to address this threat. Various analyses are now being used to assess the efficiency of the counter-measures once deployed but they are little or not automated, costly and limited in terms of code coverage of the possible behaviour and of faults types that can be analysed. We propose a method to analyse the robustness of binary code combining formal methods and symbolic execution. Performing the analysis at the binary positions the analysis after compilation which can affect the counter-measures and allows it to take into account information which is only visible at the binary level and which can be exploited to perform an attack. Formal methods are capable of exhaustiveness and thus allow the analysis to consider all possible configurations of inputs. The proposed analysis is nevertheless carried out with respect to a symbolic context, extracted by symbolic execution, which confines it to a realistic set of inputs and thus limits false positives. We have implemented this method in a tool called \texttt{RobustB}. It is automated from the source code. We propose three metrics synthesising the analysis results and helping the designer of counter-measures to assess the sensitivity of the code as a whole and at the granularity of an instruction
Ouaarab, Salaheddine. "Protection du contenu des mémoires externes dans les systèmes embarqués, aspect matériel". Thesis, Paris, ENST, 2016. http://www.theses.fr/2016ENST0046/document.
Texto completoDuring the past few years, computer systems (Cloud Computing, embedded systems...) have become ubiquitous. Most of these systems use unreliable or untrusted storage (flash, RAM...)to store code or data. The confidentiality and integrity of these data can be threaten by hardware (spying on the communication bus between the processing component and the storage component) or software attacks. These attacks can disclose sensitive information to the adversary or disturb the behavior of the system. In this thesis, in the context of embedded systems, we focused on the attacks that threaten the confidentiality and integrity of data that are transmittedover the memory bus or that are stored inside the memory. Several primitives used to protect the confidentiality and integrity of data have been proposed in the literature, including Merkle trees, a data structure that can protect the integrity of data including against replay attacks. However, these trees have a large impact on the performances and the memory footprint of the system. In this thesis, we propose a solution based on variants of Merkle trees (hollow trees) and a modified cache management mechanism to greatly reduce the impact of the verification of the integrity. The performances of this solution have been evaluated both theoretically and in practice using simulations. In addition, a proof a security equivalence with regular Merkle treesis given. Finally, this solution has been implemented in the SecBus architecture which aims at protecting the integrity and confidentiality of the content of external memories in an embedded system. A prototype of this architecture has been developed and the results of its evaluation are given
Asselin, Eric. "Système de détection d'intrusion adapté au système de communication aéronautique ACARS". Thesis, Toulouse, INPT, 2017. http://www.theses.fr/2017INPT0058.
Texto completoModern civil aviation is increasingly dependent on the interconnection of all players, be it aircraft manufacturers, air traffic controllers, pilots, crew members or airlines. In recent years, much work has been done to propose methods to simplify the task of pilots, to better control and optimize airspace, to facilitate the management of flights by airlines and to optimize the maintenance tasks between flights. In addition, airlines are seeking not only to provide more demanding passengers with entertainment, messaging and web browsing services, but also Internet connection services for their own devices. This omnipresence of connectivity in the aeronautical field has paved the way for a new set of cyber threats. The industry must therefore be able to deploy security mechanisms inline with safety requirements while allowing the many functional needs of all actors. Despite this, there are few solutions for intrusion detection and analysis on avionics systems. The complexity of updates on such a system makes it difficult to use strictly signature-based mechanisms, so it is desirable that more "smart" mechanisms, threats evolution proof, be developed and deployed. This thesis is part of an approach to put in place security mechanisms for communications between the ground and the airplane, and more particularly an intrusion detection system for the aeronautical communication system ACARS to protect the Air Traffic Control (ATC) and Aeronautical Operational Control (AOC) functions. Based on anomaly detection technique, a first proposed model makes it possible to discriminate the abnormal ACARS messages using a technique borrowed from the text classification, n-grams. A second proposed model, also based on anomaly detection technique, allows to model a sequence of messages, using Markov chains, exchanged between the ground and the airplane during a flight, allowing to detect messages not taking part of a normal communication. The last contribution consists of an alternative to the ROC curve to evaluate the performance of an intrusion detection system when the available data set contains only normal instances
Ouaarab, Salaheddine. "Protection du contenu des mémoires externes dans les systèmes embarqués, aspect matériel". Electronic Thesis or Diss., Paris, ENST, 2016. http://www.theses.fr/2016ENST0046.
Texto completoDuring the past few years, computer systems (Cloud Computing, embedded systems...) have become ubiquitous. Most of these systems use unreliable or untrusted storage (flash, RAM...)to store code or data. The confidentiality and integrity of these data can be threaten by hardware (spying on the communication bus between the processing component and the storage component) or software attacks. These attacks can disclose sensitive information to the adversary or disturb the behavior of the system. In this thesis, in the context of embedded systems, we focused on the attacks that threaten the confidentiality and integrity of data that are transmittedover the memory bus or that are stored inside the memory. Several primitives used to protect the confidentiality and integrity of data have been proposed in the literature, including Merkle trees, a data structure that can protect the integrity of data including against replay attacks. However, these trees have a large impact on the performances and the memory footprint of the system. In this thesis, we propose a solution based on variants of Merkle trees (hollow trees) and a modified cache management mechanism to greatly reduce the impact of the verification of the integrity. The performances of this solution have been evaluated both theoretically and in practice using simulations. In addition, a proof a security equivalence with regular Merkle treesis given. Finally, this solution has been implemented in the SecBus architecture which aims at protecting the integrity and confidentiality of the content of external memories in an embedded system. A prototype of this architecture has been developed and the results of its evaluation are given
Elbaz, Reouven. "Mécanismes Matériels pour des TransfertsProcesseur Mémoire Sécurisés dans lesSystèmes Embarqués". Phd thesis, Université Montpellier II - Sciences et Techniques du Languedoc, 2006. http://tel.archives-ouvertes.fr/tel-00142209.
Texto completocomme des hôtes de confiance car toute personne y ayant accès, sont des attaquants potentiels. Les données
contenues dans ces systèmes peuvent être sensibles (données privées du propriétaire, mot de passe, code d'un
logiciel...) et sont généralement échangées en clair entre le Système sur Puces (SoC – System on Chip) et la
mémoire dans laquelle elles sont stockées. Le bus qui relie ces deux entités constitue donc un point faible : un
attaquant peut observer ce bus et récupérer le contenu de la mémoire, ou bien a la possibilité d'insérer du code
afin d'altérer le fonctionnement d'une application s'exécutant sur le système. Afin de prévenir ce type d'attaque,
des mécanismes matériels doivent être mis en place afin d'assurer la confidentialité et l'intégrité des données.
L'approche conventionnelle pour atteindre cet objectif est de concevoir un mécanisme matériel pour chaque
service de sécurité (confidentialité et intégrité). Cette approche peut être implantée de manière sécurisée mais
empêche toute parallélisation des calculs sous-jacents.
Les travaux menés au cours de cette thèse ont dans un premier temps, consisté à faire une étude des
techniques existantes permettant d'assurer la confidentialité et l'intégrité des données. Dans un deuxième temps,
nous avons proposé deux mécanismes matériels destinés à la sécurisation des transactions entre un processeur et
sa mémoire. Un moteur de chiffrement et de contrôle d'intégrité parallélisé, PE-ICE (Parallelized Encryption and
Integrity Checking Engine) a été conçu. PE-ICE permet une parallélisation totale des opérations relatives à la
sécurité aussi bien en écriture qu'en lecture de données en mémoire. Par ailleurs, une technique basée sur une
structure d'arbre (PRV-Tree – PE-ICE protected Reference Values) comportant la même propriété de
parallélisation totale, a été spécifiée afin de réduire le surcoût en mémoire interne impliqué par les mécanismes de sécurité
Dumortier, Yann. "Perception monoculaire de l'environnement pour les systèmes de transport intelligents". Phd thesis, École Nationale Supérieure des Mines de Paris, 2009. http://pastel.archives-ouvertes.fr/pastel-00005607.
Texto completoBresch, Cyril. "Approches, Stratégies, et Implémentations de Protections Mémoire dans les Systèmes Embarqués Critiques et Contraints". Thesis, Université Grenoble Alpes, 2020. http://www.theses.fr/2020GRALT043.
Texto completoThis thesis deals with the memory safety issue in life-critical medical devices. Over the last few years, several vulnerabilities such as memory exploits have been identified in various Internet of Medical Things (IoMT) devices. In the worst case, such vulnerabilities allow an attacker to remotely force an application to execute malicious actions. While many countermeasures against software exploits have beenproposed so far, only a few of them seem to be suitable for medical devices. Indeed,these devices are constrained by their size, real-time performances, and safety requirements making the integration of security challenging. To address this issue,the thesis proposes two approaches. Both address the memory safety issue fromthe software design-time to its run-time on the hardware. A first approach assumesthat memory defenses can be implemented both in hardware and software. Thisapproach results in TrustFlow, a framework composed of a compiler able to generatesecure code for an extended processor that can prevent, detect, log, andself-heal critical applications from memory attacks. The second approach considersthat hardware is immutable. Following this constraint, defenses only rely uponsoftware. This second approach results in BackGuard a modified compiler that efficiently hardens embedded applications while ensuring control-flow integrity
Harb, Naim. "Dynamically and Partially Reconfigurable Embedded System Architecture for Automotive and Multimedia Applications". Valenciennes, 2011. http://ged.univ-valenciennes.fr/nuxeo/site/esupversions/1810c575-b28e-4817-a3be-f0527631eabd.
Texto completoShort time-to-market windows, high design and fabricationcosts, and fast changing standards of application-specificprocessors, make them a costly and risky investment for embedded system designers. To overcome these problems, embedded system designersare increasingly relying on Field Programmable Gate Arrays(FPGAs) as target design platforms. FPGAs are generally slower and consumemore power than application-specific integrated circuits(ASICs), and this can restrict their use to limited applicationdomains. However, recent advances in FPGA architectures,such as dynamic partial reconfiguration (DPR), are helpingbridge this gap. DPR reduces area and enables mutually exclusive subsystemsto share the same physical space on a chip. It also reducescomplexity, which usually results in faster circuits and lowerpower consumption. The work in this PhD targets first a Driver Assistant System (DAS) system based on a Multiple Target Tracking (MTT) algorithm as our automotive base system. We present a dynamically reconfigurable filtering hardwareblock for MTT applications in DAS. Our system shows thatthere will be no reconfiguration overhead because the systemwill still be functioning with the original configuration until thesystem reconfigures itself. The free reconfigurable regions canbe implemented as improvement blocks for other DAS systemfunctionalities. Two approaches were used to design the filtering block according to driving conditions. We then target another application on the basis of DPR, the H. 264 encoder as a multimedia system. Regarding the H. 264 multimedia system, we propose a reconfigurable H. 264 Motion Estimation (ME) unit whose architecture can be modified to meet specific energy and image quality constraints. By using DPR, we were able to support multiple configurations each with different levels of accuracy and energy consumption. Image accuracy levels were controlled via application demands, user demands or support demands
Studnia, Ivan. "Détection d'intrusion pour des réseaux embarqués automobiles : une approche orientée langage". Thesis, Toulouse, INSA, 2015. http://www.theses.fr/2015ISAT0048/document.
Texto completoIn today’s automobiles, embedded computers, or ECUs (Electronic Control Units) are responsible for an increasing number of features in a vehicle. In order to coordinate their actions, these computers are able to exchange data over communication buses, effectively constituting an embedded network. While this network could previously be considered a closed system, the addition of means of communication in automobiles has opened this network to the outside world, thus raising many security issues.Our research work focuses on these issues and aims at proposing efficient architectural security mechanisms for protecting embedded automotive networks. The security of embedded automotive systems being a relatively recent topic, we first put a strong focus on defining the context. For that purpose, we describe the threats that can target a car’s embedded systems, provide a classification of the possible attack scenarios and present a survey of protection mechanisms in embedded automotive networks.Then, in order to complement the preventive security means that aim at stopping an attacker from entering the embedded network, we introduce an Intrusion Detection System (IDS) fit for vehicular networks. Leveraging the high predictability of embedded automotive systems, we use language theory to elaborate a set of attack signatures derived from behavioral models of the automotive calculators in order to detect a malicious sequence of messages transiting through the internal network. After a formal description of our IDS, we present a first batch of experiments aimed at validating our approach and assessing its performances
Gherbi, Elies. "Apprentissage automatique pour la détection d'intrusion dans les systèmes du transport intelligent". Electronic Thesis or Diss., université Paris-Saclay, 2021. http://www.theses.fr/2021UPASG037.
Texto completoDespite all the different technological innovations and advances in the automotive field, autonomous vehicles are still in the testing phase. Many actors are working on several improvements in many domains to make autonomous cars the safest option. One of the important dimensions is cybersecurity. Autonomous vehicles will be prone to cyberattacks, and criminals might be motivated to hack into the vehicles' operating systems, steal essential passenger data, or disrupt its operation and jeopardize the passenger's safety. Thus, cybersecurity remains one of the biggest obstacles to overcome to ensure vehicles safety and the contribution that this technology can bring to society. Indeed, the actual and future design and implementation of Autonomous Vehicles imply many communication interfaces, In-vehicle communication of the embedded system, Vehicle-to-X (V2X) communications between the vehicle and other connected vehicles and structures on the roads. Even though the cybersecurity aspect is incorporated by design, meaning that the system needs to satisfy security standards (anti-virus, firewall, etc.), we cannot ensure that all possible breaches are covered. The Intrusion Detection System (IDS) has been introduced in the IT world to assess the state of the network and detect if a violation occurs. Many experiences and the history of IT have inspired the cybersecurity for autonomous vehicles. Nevertheless, autonomous vehicles exhibit their own needs and constraints. The current state of vehicles evolution has been made possible through successive innovations in many industrial and research fields. Artificial Intelligence (AI) is one of them. It enables learning and implementing the most fundamental self-driving tasks. This thesis aims to develop an intelligent invehicle Intrusion detection system (IDS) using machine learning (ml) from an automotive perspective, to assess and evaluate the impact of machine learning on enhancing the security of future vehicle intrusion detection system that fits in-vehicle computational constraints. Future In-vehicle network architecture is composed of different subsystems formed of other ECUs (Electronic Controller Units). Each subsystem is vehicles. Our primary focus is on In-vehicle communication security. We conduct an empirical investigation to determine the underlying needs and constraints that in-vehicle systems require. First, we review the deep learning literature for anomaly detection and studies on autonomous vehicle intrusion detection systems using deep learning. We notice many works on in-vehicle intrusion detection systems, but not all of them consider the constraints of autonomous vehicle systems. We conduct an empirical investigation to determine the underlying needs and constraints that in-vehicle systems require. We review the deep learning literature for anomaly detection, and there is a lack of tailored study on autonomous vehicle intrusion detection systems using Deep Learning (DL). In such applications, the data is unbalanced: the rate of normal examples is much higher than the anomalous examples. The emergence of generative adversarial networks (GANs) has recently brought new algorithms for anomaly detection. We develop an adversarial approach for anomaly detection based on an Encoding adversarial network (EAN). Considering the behaviour and the lightweight nature of in-vehicle networks, we show that EAN remains robust to the increase of normal examples modalities, and only a sub-part of the neural network is used for the detection phase. Controller Area Network (CAN) is one of the mostused vehicle bus standards designed to allow microcontrollers and devices to communicate. We propose a Deep CAN intrusion detection system framework. We introduce a Multi-Variate Time Series representation for asynchronous CAN data. We show that this representation enhances the temporal modelling of deep learning architectures for anomaly detection
Filipiak, Alicia. "Conception et analyse formelle de protocoles de sécurité, une application au vote électronique et au paiement mobile". Thesis, Université de Lorraine, 2018. http://www.theses.fr/2018LORR0039/document.
Texto completoThe last decade has seen the massive democratization of smart devices such as phones, tablets, even watches. In the wealthiest societies of the world, not only do people have their personal computer at home, they now carry one in their pocket or around their wrist on a day to day basis. And those devices are no more used simply for communication through messaging or phone calls, they are now used to store personal photos or critical payment data, manage contacts and finances, connect to an e-mail box or a merchant website... Recent examples call for more complex tasks we ask to such devices: Estonia voting policy allows the use of smart ID cards and smartphones to participate to national elections. In 2017, Transport for London launched the TfL Oyster app to allow tube users to top up and manage their Oyster card from their smartphone. As services grow with more complexity, so do the trust users and businesses put in them. We focus our interest into cryptographic protocols which define the exchanges between devices and entities so that such interaction ensure some security guarantees such as authentication, integrity of messages, secrecy… Their design is known to be an error prone task. Thankfully, years of research gave us some tools to improve the design of security protocols, among them are the formal methods: we can model a cryptographic protocol as an abstract process that manipulates data and cryptographic function, also modeled as abstract terms and functions. The protocol is tested against an active adversary and the guarantees we would like a protocol to satisfy are modeled as security properties. The security of the protocol can then be mathematically proven. Such proofs can be automated with tools like ProVerif or Tamarin. One of the big challenge when it comes to designing and formally proving the security an “industrial- level” protocol lies in the fact that such protocols are usually heavier than academic protocols and that they aim at more complex security properties than the classical ones. With this thesis, we wanted to focus on two use cases: electronic voting and mobile payment. We designed two protocols, one for each respective use case and proved their security using automated prover tools. The first one, Belenios VS, is a variant of an existing voting scheme, Belenios RF. It specifies a voting ecosystem allowing a user to cast a ballot from a voting sheet by flashing a code. The protocol’s security has been proven using the ProVerif tool. It guarantees that the vote confidentiality cannot be broken and that the user is capable of verifying their vote is part of the final result by performing a simple task that requires no technical skills all of this even if the user’s device is compromised – by a malware for instance. The second protocol is a payment one that has been conceived in order to be fully scalable with the existing payment ecosystem while improving the security management and cost on the smartphone. Its security has been proven using the Tamarin prover and holds even if the user’s device is under an attacker’s control
Cotret, Pascal. "Protection des architectures hétérogènes multiprocesseurs dans les systèmes embarqués : Une approche décentralisée basée sur des pare-feux matériels". Phd thesis, Université de Bretagne Sud, 2012. http://tel.archives-ouvertes.fr/tel-00789541.
Texto completoIdrissa, Abdourhamane. "Traçabilité sécurisée embarquée : authentification autonome d'objets et de systèmes embarqués". Phd thesis, Université Jean Monnet - Saint-Etienne, 2012. http://tel.archives-ouvertes.fr/tel-00961384.
Texto completoBouteldja, Mohamed. "Modélisation des interactions dynamiques poids lourds / infrastructures pour la sécurité et les alertes". Versailles-St Quentin en Yvelines, 2005. http://www.theses.fr/2005VERS0043.
Texto completoChaudemar, Jean-Charles. "Étude des architectures de sécurité de systèmes autonomes : formalisation et évaluation en Event B". Thesis, Toulouse, ISAE, 2012. http://www.theses.fr/2012ESAE0003/document.
Texto completoThe study of complex system safety requires a rigorous design process. The context of this work is the formal modeling of fault tolerant autonomous control systems. The first objective has been to provide a formal specification of a generic layered architecture that covers all the main activities of control system and implement safety mechanisms. The second objective has been to provide tools and a method to qualitatively assess safety requirements. The formal framework of modeling and assessment relies on Event-B formalism. The proposed Event-B modeling is original because it takes into account exchanges and relations betweenarchitecture layers by means of refinement. Safety requirements are first specified with invariants and theorems. The meeting of these requirements depends on intrinsic properties described with axioms. The proofs that the concept of the proposed architecture meets the specified safety requirements were discharged with the proof tools of the Rodin platform. All the functional properties and the properties relating to fault tolerant mechanisms improve the relevance of the adopted Event-B modeling for safety analysis. Then, this approach isimplemented on a study case of ONERA UAV
Sahli, Nabil. "Contribution au problème de la sécurité sémantique des systèmes : approche basée sur l'ingénierie dirigée par les modèles". Electronic Thesis or Diss., Aix-Marseille, 2019. http://www.theses.fr/2019AIXM0699.
Texto completoCritical, modern, current, and even future industrial infrastructures will be equipped with several intelligent embedded equipment. They exploit complex, embedded, intelligent and semantic systems for their operations, locally and remotely, in a context of development, smart cities and the web of things. They are using more and more SCADA and DCS control systems to monitor critical industrial platforms in real time. Critical infrastructures will be more and more communicating in the framework of the exchanges of allarmes and the establishment of Euro-Mediterranean markets of the életcricité and also more and more vulnerable, to classic and even semantic attacks, to viruses, to Trojan horses. The cybernetics of critical platforms is growing, day by day, mainly with the use of complex embedded intelligent semantic systems, web services, ontologies, and format files (XML, OWL, RDF, etc.). They are all embedded in intelligent instruments, making up semantic SCADA systems. Intelligent telecommunication networks, wired and wireless, called hybrids, are developing. They represent a great challenge for the security of future communicating systems. In a context of development of the web of things and smart cities, our research aims to strengthen the bases of security and semantic cybernetics, for communicating systems. In our global solution for semantic security, critical infrastructures, we have proposed several sub-solutions, such as metamodels and models, as well as an end-to-end security strategy, with operation on a global cloud network, hybrid and secure
Khlif, Manel. "Analyse de diagnosticabilité d'architecture de fonctions embarquées - Application aux architectures automobiles". Phd thesis, Université de Technologie de Compiègne, 2010. http://tel.archives-ouvertes.fr/tel-00801608.
Texto completoChikhi, Fouzi. "Système prédictif et préventif d'aide à la conduite". Versailles-St Quentin en Yvelines, 2006. http://www.theses.fr/2006VERS0044.
Texto completoOur work of thesis concerns the systems of assistance to the drivers. In the objective to increase safety, we propose to the driver a contribution of an anticipated knowledge of the road by a system of cartography embarked but also of models of prediction of dynamics vehicle for the anticipation of a situation of danger. The system of assistance to driving is based on the evaluation in real time of the dynamic situation of the vehicle. The original introduction of a virtual vehicle (Avatar), projected in front of the real vehicle, indeed makes it possible to pre-empt the adequacy of the dynamic state of the vehicle compared to the road, in order to avoid the situations of accidents. The evaluation of the adequacy of the dynamics of the vehicle with its environment requires the development of models of vehicles sufficiently reduced to be used in line (observer, estimator, calculation of criteria). We thus analyzed the situations of conduits and defined a whole of relevant situations, whose association makes it possible to reproduce a real route of the vehicle. For that we developed an observer multimodèle by sliding modes in particular for the estimate of the adherence and the attributes of the road. The system presented offers an active help to the driver, within this framework of the assistance to braking, we proposed a strategy of order for the regulation of the slip in the case of a braking by system ABS. The goal is to maximize braking by ensuring a maximum of adherence, and thus to reinforce the actions of the driver, in the first additive phases (progressive actions of the RCC). In the event of evolution of criticality, the system takes completely charges braking of it by fixing the instruction
Pintard, Ludovic. "From safety analysis to experimental validation by fault injection - Case of automotive embedded systems". Phd thesis, Toulouse, INPT, 2015. http://oatao.univ-toulouse.fr/14459/1/Pintard.pdf.
Texto completoMuench, Marius. "Dynamic binary firmware analysis : challenges & solutions". Electronic Thesis or Diss., Sorbonne université, 2019. http://www.theses.fr/2019SORUS265.
Texto completoEmbedded systems are a key component of modern life and their security is of utmost importance. Hence, the code running on those systems, called "firmware", has to be carefully evaluated and tested to minimize the risks accompanying the ever-growing deployment of embedded systems. One common way to evaluate the security of firmware, especially in the absence of source code, is dynamic analysis. Unfortunately, compared to analysis and testing on desktop system, dynamic analysis for firmware is lacking behind. In this thesis, we identify the main challenges preventing dynamic analysis and testing techniques from reaching their full potential on firmware. Furthermore we point out that rehosting is a promising approach to tackle these problems and develop avatar2, a multi-target orchestration framework which is capable of running firmware in both fully, and partially emulated settings. Using this framework, we adapt several dynamic analysis techniques to successfully operate on binary firmware. In detail we use its scriptability to easily replicate a previous study, we demonstrate that it allows to record and replay the execution of an embedded system, and implement heuristics for better fault detection as run-time monitors. Additionally, the framework serves as building block for an experimental evaluation of fuzz testing on embedded systems, and is used as part in a scalable concolic execution engine for firmware. Last but not least, we present Groundhogger, a novel approach for unpacking embedded devices' firmware which, unlike other unpacking tools, uses dynamic analysis to create unpackers and evaluate it against three real world devices
Razafindralambo, Tiana. "Security of micro-controllers : From smart cards to mobile devices". Thesis, Limoges, 2016. http://www.theses.fr/2016LIMO0087/document.
Texto completoNowadays, in order to provide secure, reliable and performant services (e.g: mobile payments, agenda, telecommunication, videos, games, etc.), smartphones embed three different micro-controllers. From the most secure to the most general purpose one, we have the SIM card which is a secure smart card that has to prevent anyone by any means to exfiltrate sensitive assets from its internal memories. Furthermore, we also have the baseband processor, which is the only one that directly talks with the SIM card. It essentially manages all the "phone" parts (e.g: GSM/3G/4G/LTE networks) inside a mobile device. Finally, we have the application processor which runs all the general user applications. What is interesting to note for those three micro-controllers is that they are controlled by different and independent operating systems. However, one may affect the behavior of the other(s). The security of these three platforms depend on their hardware and software implementations. This thesis is concerned with the security of these three microcontrollers that are managed by independent OSs within mobile devices. We particularly focused on understanding to what extent a smart card such as SIM cards can be resistant to software attacks in the context of a multi-application environment provided by mobile devices. We were also interested in a specific family of, so-called cache attacks, namely time-driven one, as this kind of technique essentially exploits the hardware implementation of the different cache memories and the mechanisms that enable to manage them. We decided to first study and experimentally perform so-called logical attacks on smart cards. In a second step, in order to understand the attack surface, we have studied the different means to reach the SIM card from both the baseband processor and the application processor. Then, by means of reverse engineering, we tried to understand how was implemented the SIM interface from the baseband side. Finally, we have studied the cache effects on the execution speed of a program on real mobile devices, and we experimentally studied Bernstein’s time-driven cache attack in order to understand what possible events/mechanisms exacerbate (or not) the achievement of the latter on an actual mobile device
Varet, Antoine. "Conception, mise en oeuvre et évaluation d'un routeur embarqué pour l'avionique de nouvelle génération". Phd thesis, INSA de Toulouse, 2013. http://tel.archives-ouvertes.fr/tel-00932283.
Texto completoCorteggiani, Nassim. "Towards system-wide security analysis of embedded systems". Electronic Thesis or Diss., Sorbonne université, 2020. http://www.theses.fr/2020SORUS285.
Texto completoThis thesis is dedicated to the improvement of dynamic analysis techniques allowing the verification of software designed for embedded systems, commonly called firmware. It is clear that the increasing pervasiveness and connectivity of embedded devices significantly increase their exposure to attacks. The consequences of a security issue can be dramatic not least in the economical field, but on the technical stage as well. Especially because of the difficulty to patch some devices. For instance, offline devices or code stored in a mask rom which are read only memory programmed during the chip fabrication. For all these reasons, it is important to thoughtfully test firmware program before the manufacturing process. This thesis presents analysis methods for system-wide testing of security and hardware components. In particular, we propose three impvrovements for partial emulation. First, Inception a dynamic analysis tool to test the security of firmware programs even when mixing different level of semantic (e.g., C/C++ mixed with assembly). Second, Steroids a high performance USB 3.0 probe that aims at minimizing the latency between the analyzer and the real device. Finally, HardSnap a hardware snapshotting method that offers higher visibility and control over the hardware peripherals. It enables testing concurently different execution paths without corrupting the hardware peripherals state
Beyrouthy, Taha. "Logique programmable asynchrone pour systèmes embarqués sécurisés". Grenoble INPG, 2009. http://www.theses.fr/2009INPG0137.
Texto completoThis thesis focuses on the design and the validation of an embedded FPGA dedicated to critical applications which require a high level of security and confidentiality. Nowadays FPGAs exhibit many weaknesses toward security: 1- They are not intended to efficiently support alternative styles of circuits such as asynchronous circuits. 2- The place and route flow is not completely manageable by the user in order to target our security goal. 3- They are not protected against side channel attacks such as DP A, EMA or DF A. Ln order to overcome these technological problems, the work presented in this thesis proposes an architecture that supports the programming of different styles of asynchronous circuits. Ln addition, it presents a secure programming system and a design that ensurcs a high-Ievel of security against the attacks mentioned above. Finally, the circuit prototype has been evaluated in order to validate the relevance of the proposed solutions
Selmane, Nidhal. "Attaques en fautes globales et locales sur les cryptoprocesseurs AES : mise en œuvre et contremesures". Phd thesis, Télécom ParisTech, 2010. http://pastel.archives-ouvertes.fr/pastel-00565881.
Texto completoHamdane, Hedi. "Improvement of pedestrian safety : response of detection systems to real accident scenarios". Thesis, Aix-Marseille, 2016. http://www.theses.fr/2016AIXM4091.
Texto completoThe scope of this research concerns pedestrian active safety. Several primary safety systems have been developed for vehicles in order to detect a pedestrian and to avoid an impact. These systems analyse the forward path of the vehicle through the processing of images from sensors. If a pedestrian is identified on the vehicle trajectory, these systems employ emergency braking and some systems may potentially employ emergency steering. Methods for assessing the effectiveness of these systems have been developed. But, it appears difficult to determine the relevance of these systems in terms of pedestrian protection. The general objective of this research was to test the response of these systems in many accident configurations.The methodology consisted of coupling the vehicle dynamic behaviour with a primary safety system in order to confront these systems to real accident configurations. The relevance of these systems is studied by verifying the feasibility of deploying an autonomous emergency manoeuvre during the timeline of the accident and according to the vehicle dynamic capabilities: i.e. verifying the possibilities in terms of crash avoidance. From these accident reconstructions and simulation, factors relevant to the primary safety of pedestrians were deduced
Portolan, Michele. "Conception d'un système embarqué sûr et sécurisé". Grenoble INPG, 2006. http://www.theses.fr/2006INPG0192.
Texto completoThis PhD researches a global methodology enabling to improve the dependability and security level against transient logic faults (natural or provoked) appearing inside a hardware/software integrated system, like for instance a smart cardo Results can be applied to all systems built around a synthesisable microprocessor core and a set of specialised peripherals. The protection methods operate simultaneously and in complementary manner on hardware, application software and interface layers (most noticeably, the operating system). High level modifications have been favoured for their advantages in terms of generality, configurability, portability and perpetuity. The proposed approach aims at achieving a good trade-off between robustness and overheads, from both hardware and performance point of views. It is applied on a significant system example, representative of an embedded monoprocessor system