KEYWORD |
Secure File System Development for the Advanced Open-source Security Platform SEcube™
keywords DIGITAL SYSTEM DESIGN, EMBEDDED SOFTWARE, EMBEDDED SYSTEMS, FILE SYSTEMS, INTERNET-OF-THINGS, OPEN-SOURCE, OPERATING SYSTEMS, SECURE DATA MANAGEMENT, SECURE FILE SYSTEMS, SECURITY, SYSTEM LEVEL DESIGN & TEST
Reference persons PAOLO ERNESTO PRINETTO
External reference persons Pascal TROTTA (PhD student), Giuseppe AIRO´ FARULLA (PhD Student), Tiziana MARGARIA (Lero, Limerick, Ireland)
Research Groups TESTGROUP - TESTGROUP
Thesis type EXPERIMENTAL
Description Motivations:
Nowadays, many services and applications need to be secured in order to guarantee the users’ privacy as well as the commercial and legal issues related to security threats and to safeguard the business stakeholders.
A concrete example is given by modern Operating Systems. File systems are easily the most evident component of an operating system, from the point of view of users. Through file systems it is possible to organize data in a wide variety of ways, and access resources through a common interface. Users can nowadays not only store and retrieve documents, but also find information on running processes and system settings (through ProcFS), access and manipulate e-mail (for example with GmailFS), or perform several other operations.
In several circumstances and scenarios it is desirable to protect stored files and directories from manipulation by unknown or malicious users: financial or health-related data, confidential documents, or any kind of personal or sensitive data may need to be stored securely, in such a way that it can not be examined or modified freely by third parties. Most file systems do not take action in this sense, and external cryptographic utilities are sometimes employed to secure data before storage. While this can be a perfectly secure solution, it is not transparent for users.
While several standards, protocols and algorithms exist for handling the basic primitives for security (i.e., confidentiality, authentication, privacy), their implementation in real systems may require very high expertise and efforts.
The development of the Advanced Open-source Security Platform SEcube™ (Secure Environment Cube) tries to fill this gap providing heterogeneous security-oriented hardware coupled with an open-source modular software architecture where all the functional blocks are isolated and well documented in order to deliver to developers an easy-way to build, understand, modify and rewrite the whole system if wanted.
The SEcube™ hardware consists of a single System-on-Chip (SoC) composed of three main blocks: (i) a low-power ARM Cortex-M4 processor, (ii) a flexible and fast Field-Programmable-Gate-Array (FPGA), and (iii) an EAL5+ certified embedded SmartCard.
All these features make the SEcube™ platform perfectly suitable for a wide range of applications where security is a major concern. In particular, in those applications involving the usage of an operating system, the development of a secure file system, or the integration of security features to an existing file system, is therefore desirable.
Goal of the thesis:
• Software stack and requirements definition for a File System to be integrated in the Operating System running on SEcube™ hardware, as well as the definition of the capabilities and possibilities offered by the platform.
• Definition and implementation of the necessary set of primitives and operations.
• Selection and setup of a reference use case (e.g., secure remote data exchange to and from an industrial machine equipped with a microcontroller and connected to the network).
• Implementation and demonstration of the considered test case to test the file system (and possibly a SDK to offer programmers with high level APIs).
Learning outcomes:
The candidate will acquire the abilities to develop and deploy applications for next-generation embedded systems, with particular emphasis on security aspects and associated software requirements.
External/Industrial cooperations:
The thesis will be carried out in collaboration with:
• Blu5 View Pte. Ltd. (Singapore)
• CINI CyberSecurity National Lab, Nodo di Torino (Torino, Italy)
• Lero, the Irish Software Research Centre (Limerick, Ireland)
• LIRMM (Montpellier, France).
See also 6 - secure file system.pdf
Required skills Programming Languages: C / C++
Operating Systems, Computer Architecture, Distributed Programming, Software Engineering.
Notes External/Industrial cooperations:
The thesis will be carried out in collaboration with:
• Blu5 View Pte. Ltd. (Singapore)
• CINI CyberSecurity National Lab, Nodo di Torino (Torino, Italy)
• Lero, the Irish Software Research Centre (Limerick, Ireland)
• LIRMM (Montpellier, France).
Deadline 17/08/2016
PROPONI LA TUA CANDIDATURA