Titulo Estágio
Development of a fuzzing framework for ARM virtualization
Áreas de especialidade
Engenharia de Software
Local do Estágio
CISUC
Enquadramento
The growing computational demands of software in critical systems, such as railway, automotive, avionics and IIoT, carry the need for increasingly more powerful hardware. To maximize resource usage, these systems use virtualization to consolidate multiple tasks on the same platform, while ensuring isolation between the domains.
Consolidation, however, requires the virtualization of peripheral devices, such as Network Interface Controllers (NICs), cameras, and GPUs, which is implemented through specialized software. This software represents an attack surface that can be exploited to conduct denial-of-service and privilege escalation attacks.
Several testing techniques have been proposed to assess implementations of software for virtualization of peripheral devices, however almost all of them target the x86 platform and are not tailored for embedded use cases.
Objetivo
The objectives of this proposal are:
- Preparation and configuration of setup using ARM and virtualization
- Development of framework to support fuzzing in virtualized ARM systems
- Execution of experiments for evaluating framework
Plano de Trabalhos - Semestre 1
T1 (M1-M3): Review of the state-of-the-art in testing, fuzzing and virtualization, highlighting the differences and new challenges when targeting embedded solutions.
Output:
(1) Threat modeling: description of common use cases of virtualization in embedded scenarios and qualitative evaluation of the threats,
(2) SOA: mapping of the related work solutions to the identified threats (i.e., table), highlighting the gap and the potential incremental contribution.
T2 (M4): Preparing setup using ARM platform (or equivalent) and containing a hypervisor.
Output:
(1) Setup of the target scenarios: create an environment in which the target scenarios identified in T1.1 are operational.
T3 (M5): Writing the intermediate report
Plano de Trabalhos - Semestre 2
T4 (M6-M7): Reproduce at least one tool of the related work.
Output:
(1) Baseline: reproduce and show the results of at least one tool of the related works. The student has to identify, adopt and implement an evaluation methodology.
(2) Practice: learning the testing techniques and tools that the student classified as “interesting” to achieve the goal identified in T1.2. The student shows with practical and synthetic examples that he is able to use and modify existing techniques.
T5 (M6-M8): Development of framework
T6 (M9): Conducting evaluation of framework using existing setup
T7 (M10-M11): Writing the final report
Condições
This dissertation is a collaboration with Università degli Studi di Napoli Federico II (UNINA) and will be co-supervised by Dr. Giorgio Farina and colleagues.
There is the possibility to fund a research scholarship (~990€/month), during the 2nd semester, depending on performance.
Orientador
Frederico Cerveira
fmduarte@dei.uc.pt 📩