Skip to end of metadata
Go to start of metadata

Available research topics for students in the Secure Systems Group 

This page lists the research topics that are currently available in the Secure Systems group or with our industry partners. Each topic can be structured either as a special assignment or as an MSc thesis depending on the interests, background and experience of the students. If you are interested in a particular topic, send e-mail to the contact person (as well as the professor responsible: either N. Asokan or Tuomas Aura) listed explaining your background and interests.

All topics have one or more of the following keywords: 

PLATSEC Platform Security

NETSEC Network Security

ML & SEC Machine learning and Security/Privacy

USABLE Usable security and stylometry

OTHER Other systems security research themes



Extending Open-TEE  PLATSEC

Hardware-based Trusted Execution Environments (TEEs)[1] are widely deployed in mobile devices. Yet their use has been limited primarily to applications developed by the device vendors. The standardization of TEE interfaces by GlobalPlatform (GP)[2] partially addressed this problem by enabling GP-compliant trusted applications to run on TEEs from different vendors.

Open-TEE [3] is a virtual, hardware-independent TEE implemented in software. Open-TEE conforms to GP specifications[2a][2b][2c]. Open-TEE addresses several significant challenges facing trusted application developers; access to hardware TEE interfaces are difficult to obtain without support from vendors, tools and software needed to develop and debug trusted applications may be expensive or non-existent.

Open-TEE allows developers to develop and debug Trusted Applications (TAs) with the same tools they use for developing software in general. Open-TEE can also be run on Android to enable end-to-end testing of TAs. Once a trusted application is fully debugged, it can be compiled for any actual hardware TEE.

We have made Open-TEE freely available as open source [4]. However, Open-TEE does not currently support current versions of Android, nor recent additions to the GP specifications [2d] which add support for Secure Elements[2e], Sockets[2f], Low-level Trusted User Interface[2g] and Biometrics APIs[2h].

The purpose of this topic is to port Open-TEE to Android 6, 7, and 8, and extend Open-TEE with support for additional GP APIs.

NOTE: Part of this topic will be performed as a special assignment, which is a pre-requisite for an eventual  thesis topic.

Required skills:

  • Basic understanding of TEEs and TA development (e.g. completed CS-E4310 - Mobile Systems Security)
  • Intermediate C programming skills (POSIX / Linux APIs, concurrency, Autotools, GDB)

Nice to have:

  • Prior experience with Android native programming (NDK / systems programming)
  • Prior experience with Open-TEE (e.g. developing and testing TAs using Open-TEE) 
  • Prior experience with OpenSSL / mbedtls (e.g. porting from OpenSSL to mbedtls [5])

References:

[1]: Asokan, N. et al. The Untapped Potential of Trusted Execution Environments on Mobile Devices in Sadeghi AR. (eds) Financial Cryptography and Data Security. FC 2013. Lecture Notes in Computer Science, vol 7859. Springer, 2013
[2]: TEE Committee Documents at GlobalPlatform Specification Library
[2a]: TEE System Architecture v1.1 | GPD_SPE_009
[2b]: TEE Client API Specification v1.0 | GPD_SPE_007
[2c]: TEE Internal Core API Specification v1.1.1 | GPD_SPE_010
[2d]: TEE Internal Core API Specification v1.1.2 | GPD_SPE_010 
[2e]: TEE Secure Element API v1.1.1 | GPD_SPE_024
[2f]: TEE Sockets API Specification v1.0.1 | GPD_SPE_100
[2g]: TEE Trusted User Interface Low-level API v1.0 | GPD_SPE_055
[2h]: GlobalPlatform Technology TEE TUI Extension: Biometrics API v1.0 | GPD_SPE_042
[3] :McGillion, B. et al. Open-TEE - An Open Virtual Trusted Execution Environment in  2015 IEEE Trustcom/BigDataSE/ISPA
[4]: Open-TEE project homepage
[5]: Mbed TLS OpenSSL Alternative

For further information: Please contact Thomas Nyman (thomas.nyman@aalto.fi) and prof. N. Asokan.



Special Assignment / M.Sc. thesis: EAP-TLS with TLS 1.3 NETSEC

EAP is an authentication framework that supports several authentication methods and it is often used for enterprise wireless security. Many enterprises rely on EAP-TLS with certificates on both the peer and server for mutual authentication. EAP-TLS was originally specified in RFC 5216 [1].

Since then, a new version of TLS has been developed and is specified in RFC 8446 [2]. TLS 1.3 provides significantly improved security, privacy, and reduced latency when compared to earlier versions of TLS. Many popular open-source libraries such as OpenSSL and popular websites such as Facebook already support TLS 1.3.

There is now ongoing standards work to update the original EAP-TLS specification to work with TLS 1.3 [3]. Features such as session tickets for resumption are now handled differently. wpa_supplicant [4] is used on all linux distributions for wireless authentication. It is currently being updated to support EAP-TLS 1.3 [5].

In this assignment, the student is expected to finish the implementation by adding the remaining features:

  • Handling the Post-Handshake messages described in section 2.5 "EAP State machines" of [3]
  • Making OCSP stapling mandatory

Requirements:

  • A person who has completed most of his/her M.Sc. courses (CS/E.Eng).
  • This assignment requires strong C programming skills for working with wpa_supplicant.
  • The student could also contribute to an important open source project by creating pull requests to the wpa_supplicant project.
  • This implementation can also be done in Java for the freeradius [6] project.
  • This assignment can be turned into a master thesis project. For example the student could measure the performance of EAP-TLS with TLS 1.3 and compare it against EAP-TLS with TLS 1.2.

References:

  1. RFC 5216: https://tools.ietf.org/html/rfc5216
  2. RFC 8446: https://tools.ietf.org/html/rfc8446
  3. https://tools.ietf.org/html/draft-ietf-emu-eap-tls13-03
  4. https://w1.fi/wpa_supplicant/
  5. https://w1.fi/cgit/hostap/log/?qt=grep&q=tls13
  6. https://github.com/FreeRADIUS/freeradius-server

For further information: Please contact Mohit Sethi (mohit.sethi@aalto.fi) and Prof. Tuomas Aura (tuomas.aura@aalto.fi)



Automated detection of web-based scareware  ML & SEC

Scareware is a form of malware which uses social engineering to cause shock, anxiety, or the perception of a threat in order to manipulate users into buying unwanted software. Scareware is part of a class of malicious software that includes rogue security software, ransomware and other scam software that tricks users into believing their computer is infected with a virus, then suggests that they download and pay for fake antivirus software to remove it. Usually the virus is fictional and the software is non-functional or malware itself. Now scareware has evolved to be increasingly web based in the form of ads. Users will be directed to some web pages or have an ad in a webpage presenting that they are infected with some virus or their laptop is slow and proposed to buy a software to fix the issue.

The goal of this assignment is to study the existing literature and methods for detecting web-based scareware. Potentially the student will identify gaps in existing methods and starting to work on a novel method for scareware detection. This method is likely to be machine learning based. Methods for extracting scareware content from ads / webpages will have to be developed in order to define features useful to the detection method.

Requirements:

  • Programming skill in Python and Javascript
  • Knowledge of web development and how different web contents can be rendered in webpages.
  • Basic machine learning knowledge is a plus.

References:

For further information: Please contact Samuel Marchal (samuel.marchal@aalto.fi)


Byzantine fault tolerance with rich fault models  OTHER

Byzantine fault tolerance (BFT) has seen a resurgence due to the popularity of permissioned blockchains.  Unlike with Bitcoin-style proof-of-work-based consensus, BFT provides immediate confirmation of requests/transactions.  Existing BFT protocols can generally tolerate a third of participants being faulty, unlike Bitcoin, which can tolerate attackers controlling up to a third of hash rate.

We are working to build a BFT system that can tolerate a richer variety of failure modes, for example:

  • Up to f nodes are malicious (this is the classical BFT)
  • Nodes with CPU power at most are malicious (this is like Bitcoin)
  • All nodes running software X are malicious (e.g. a zero-day vulnerability is found in some piece of software)
  • All nodes owned by company X become malicious (e.g. someone steals administrator credentials)
  • ...Several of the above with different thresholds...

In this project, you will develop BFT protocols using our C++-based consensus platform that can tolerate more "real-world" types of fault like these, and gain experience in the development of distributed systems.

Requirements:

  • Basic knowledge of C++

Nice to have:

  • Experience with network programming
  • Theoretical distributed systems knowledge

References:

1: M Castrov, B Liskov, "Practical Byzantine fault tolerance", Proceedings of OSDI'99.
2: D Malkhi, M Reiter, "Byzantine quorum systems", Proceedings of STOC'97.

For further information: Please contact Lachlan Gunn (lachlan.gunn@aalto.fi) and Prof. N. Asokan.


Tor hidden service geolocation  OTHER

Tor is the most well-known and most-used anonymity system, based on onion routing: data is relayed through several nodes with multiple layers of encryption. Each node strips a layer of encryption and routes the message to the next node in the chain until it reaches its destination.

Most users use Tor to provide client anonymity, but it can also provide server anonymity using a feature known as hidden services. This allows anyone to connect to a server using an onion address like abcdef123456789.onion. The address gives no information on the location of the server, but the time that it takes to communicate with it does.

In this project, you will build tools to measure the round-trip-times to hidden services, as well as within the Tor network. You will then build a statistical model of transit times through the network, which you will then use to estimate and visualise hidden service locations.

Requirements: Basic knowledge of probability and statistics.

Nice to have:

  • C programming skills.

  • Familiarity with some cloud computing platform.

  • Familiarity with network programming.

Resources:

[1]: Lachlan J. Gunn, Heiki Pikker, Olaf Maennel, Andrew Allison, Derek Abbott (2017). " Geolocation of Tor hidden services: Initial results".  3rd Interdisciplinary Cyber Research Workshop, Tallinn, Estonia, pp.   67 69.
[2]: Nicholas Hopper, Eugene Y. Vasserman, and Eric Chan-Tin (2010). "How Much Anonymity does Network Latency Leak?". ACM Transactions on Information and System Security, 13(2), pp. 13:1–13:28.
[3]: Frank Cangialosi Dave Levin Neil Spring (2015). "Ting: Measuring and Exploiting Latencies Between All Tor Nodes". Proceedings of the 2015 Internet Measurement Conference, pp. 289–302.

For further information: Please contact Lachlan Gunn (lachlan.gunn@aalto.fi) and Prof. N. Asokan.


Are we CVE yet?  An automated approach for prioritisation of potential software vulnerabilities ML & SEC

Developers are getting better at creating more secure software, however it is reported that the same proportion of programs are vulnerable as a decade ago. Software developers writing code are often unaware of software security practices. A developers main aim is to write correct and fast code, and when a bug is encountered which causes a crash or produces garbage output, the developer fixes it and continues to the next bug. However, such program behaviour could be exploited by hackers to spread malware and developers fail to notice this. This is an issue as users of the software remain vulnerable to these vulnerabilities. All encountered bugs should be reported and tracked on an Issue Tracking System.

An issue tracking system is a software application that tracks reported software bugs in development projects. On these systems end-users and developers can report bugs directly and record facts about the bug. Facts about a bug may include the erroneous program behaviour, details of how to reproduce the bug; and information about the persons identity who reported the bug as well as any programmers who may be fixing the bug. These bugs could later then be identified as a security vulnerability. When vulnerabilities are discovered the correct way to handle these security issues is to perform responsible disclosure to the relevant parties. When the vulnerability is confirmed the owner should then report it in the Common Vulnerabilities and Exposures (CVE) database. There are several online resources that publish discovered vulnerabilities and can be accessed freely, e.g., Bugtraq Mailing List by SecurityFocus, NIST National Vulnerabilities Database (NVD), ExploitDB, Twitter, etc.

Natural language processing (NLP) can be used to analyse text for classification and prediction purposes. Recent research has demonstrated the power of NLP in detecting online text related to vulnerabilities [1]. The purpose of this topic is to study whether Natural Language Processing can be used to analyse whether reported issues on open-source projects can be applied to determine if the possibility of a software security vulnerability exists. 

Requirements:

  • M.Sc. student.
  • Basic understanding of computer security.
  • Python programming skills.

Resources:

 [1]: Shi Zong, Alan Ritter, Graham Mueller, Evan Wright (2019). "Analyzing the Perceived Severity of Cybersecurity Threats Reported on Social Media". Annual Conference of the North American Chapter of the Association for Computational Linguistics (NACCL) 2019

For further information: Please contact Jorden Whitefield (jorden.whitefield@aalto.fi), Tommi Gröndahl (tommi.grondahl@aalto.fi) and Prof. N. Asokan


Research Topics with our Industry Partners


Bitwards: State-dependent access control in physical access (lock) system PLATSEC

Bitwards Oy (bitwards.fi) hereby opens a summer internship or master’s thesis position in the spring / summer of 2019. In this work, the student will participate in an R&D project where Bitwards will enhance its access sharing solution with dynamic functionality. As a result. an access token (a key) not only authorizes physical access – based on the holder of the access token – we aim for a solution where the access token carries logic and constraints that can, at the resource (the lock), make a dynamic access control decision that can account for inputs such as the recent history of accesses (and who has made them), the environmental state of the resource is at the present moment in time or combinations of the two.

You will work with our in-house experts with the intent to explore, implement and test this approach in a mobile phone-based access control and access sharing system which is already in commercial use today. We will work as one team with the intent to produce both publishable results as well as prototypes and demonstrators. Being a start-up, we value flexibility, eagerness and a self-driven, results-oriented mindset in our workforce.

In this work the demonstrator work will include either endpoint (resource, lock) modifications, or the redesign of the controlling cloud service to accommodate the generation and deployment of the dynamic tokens. This work topic will involve either embedded programming on a MCU (likely expressif / esp32) and/or cloud service development. Therefore we do ideally expect, from the applicants, a basic level of familiarity with both embedded programming and networked systems development, but are willing to consider experience in only one of these. As the context of the work is a security solution, we believe this internship, especially if formulated as M.Sc. work can produce results that will satisfy the thesis requirements in the domains of Computer Science / Security Engineering.

We offer:
- An internship in a dynamic, small company with a strong growth curve, and possible future opportunities
- A challenging and timely topic, which borders on research and the generation of truly new operational models for access control

We are looking for:
- A B.Sc. or equivalent level (CS/E.Eng).
- System / embedded coding experience in C
- Network / back-end programming
- Sufficient skills to work and interact in English.
- Good teamwork skills

The following we count as advantage
- Interaction skills in Finnish
- Prior internship / work experience
- M.Sc. thesis application
- An interest to do research and explore new challenges.

For further information: Please contact Niklas Kaustinen, CTO, Co-Founder (Mobile +358408343688, email: niklas.kaustinen@bitwards.fi)

Bitwards develops digital access solutions and technologies that allow companies, communities and individual people leverage the digital transformation. We believe our Access Sharing Service is a unique and an excellent solution for businesses to take their products and services into the digital era.

We like to challenge the status-quo and continuously pursue new disruptive methods to improve established and customary habits that impact our everyday lives and businesses in today’s global environment. From experience, we also understand that this leap requires passion, guts, commitment and skills. This is why we also offer our skilled staff help our customers in the design and implementation of their digital service and product concepts.



Huawei: Pointer Authentication in the Linux kernel PLATSEC NOTE: not available before Autumn 2019

This M.Sc. topic is in collaboration with the Mobile Security Laboratory, Huawei, Finland and is a part of a larger research project where the target is to use the recent ARMv8-A Pointer Authentication (PA) additions for memory safety. In this work, our aim is to prevent attacks that violate the integrity of in-kernel memory pointers. PA allows the embedding Pointer Authentication Codes into pointers, thereby providing a method to detect corrupted pointers and prevent their use. We will leverage current work which already implements a research prototype that uses PA, but is limited to user-space processes [1]. This MSc thesis work will focus on applying this protection to kernel-space and adapting the kernel to accommodate PA.

The work will allow the candidate to get a deep insight into modifications to the mobile kernel boot process and module loading. Existing PA kernel patches must also be modified to support PA management in the hypervisor or secure monitor. Finally, our existing research prototype will likely require modifications due to the difference between an OS kernel and how applications are structured and run. We are looking for a candidate with an interest in embedded platform security, with C programming skills and some familiarity with the kernel and/or LLVM.

You will work with our in-house experts as well as with collaborating industrial and academic partners on the subject, but the topic is selected to be a M.Sc. thesis, i.e. we will adapt the scope and timeframe to suit a thesis work, and possibly an academic publication.

Requirements:

- A M.Sc. student close to finishing (CS/E.Eng).
- System / embedded coding experience in C/C++
- Sufficient skills to work and interact in English
- Good team-working skills

Advantage:

- Background (courses) in systems programming, platform security, or equivalent
- An interest to do research and explore new challenges.

References:

[1]: Liljestrand et al. "PAC it up: Towards Pointer Integrity using ARM Pointer Authentication", arXiv, 2018. https://arxiv.org/abs/1811.09189

For further information: Please contact Hans Liljestrand (hans.liljestrand@aalto.fi) and Jan-Erik Ekberg (jan.erik.ekberg@huawei.com)

The Mobile Security Laboratory in Huawei, Helsinki drives renewal and mastery in the field of platform / device related security technologies for the mobile device. Our topical expertise is in hardware-assisted isolation and system protection (hypervisor, TEE, kernel hardening) as well as functions like device key management, attestation and integrity.


Huawei: Application Memory-Space Isolation for Execution  PLATSEC NOTE: not available before Autumn 2019

In this internship with the Mobile Security Laboratory, Huawei, Finland you will participate in a research project where the target is to prototype isolation contexts in mobile phones within an application memory space. This is already available in servers using the intel SGX, but the ARM architecture provides a set of features (MMU management, execute-only memory) and company internal solutions where the ARM EL2 hypervisor mode is used as enforcement for memory protection ibn the kernel and applications) that we believe can be combined to achieve a similar, in-place isolation model inside the application for security-critical functionality.

You will work with Huawei in-house experts as well as with collaborating industrial and academic partners to explore these ideas with the goal to build a proof-of-concept of the architecture. This will contain a PoC on a mobile phone, but may also touch on development tools to achieve code separation needed for running the solution.

This work topic will involve exploring processors and the code execution fabric at a high level of detail. Therefore we do expect, from the applicants, a basic level of familiarity with the operation of a modern CPU (e.g. memory management, interrupt handling, privilege levels, as well as how the firmware and OS operates in their support for the application ecosystem.

We believe that this internship, although formulated as a M.Sc. thesis work, can produce results that, if properly published and refined, later could be published and be counted towards graduate studies.

Requirements:

- A candidate with most courses towards his/her M.Sc. completed (CS/E.Eng).
- System / embedded coding experience in C, ARM/X86 assembler
- Experience in bare-metal programming / processor design or equivalent
- Sufficient skills to work and interact in English
- Good teamwork skills
The following we count as advantage
- Background (courses) in platform security, cryptography or equivalent
- An interest to do research and explore new challenges.

For further information: Please contact Jan-Erik Ekberg (jan.erik.ekberg@huawei.com) and Hans Liljestrand (hans.liljestrand@aalto.fi)

The Mobile Security Laboratory in Huawei, Helsinki drives renewal and mastery in the field of platform / device related security technologies for the mobile device. Our topical expertise is in hardware-assisted isolation and system protection (hypervisor, TEE, kernel hardening) as well as functions like device key management, attestation and integrity.



Huawei: Hardware-assisted application attestation and authentication in Android  PLATSEC NOTE: not available before Autumn 2019

This M.Sc. topic in the Huawei Mobile Security Laboratory Finland consists of participation in a research project where the target is to apply DICE (Device Identifier Composition Engine) to a mobile phone use case. DICE is an emerging standard for “a family of hardware and software techniques for hardware-based cryptographic device identity, attestation, and data encryption”, especially targeted for IoT but also applicable to mobile phone ecosystems. This topic focuses on leveraging DICE in an application attestation scenario in a mobile phone, where we aim to build a proof-of-concept in which a networked service can attest its phone application counterpart in a straight-forward, easy manner.

The thesis subject touches on mobile phone (Android) system security, including the Android framework and Linux kernel, but also includes a service (networked) aspect. We are looking for a candidate with an interest in embedded / phone platform security, with both programming skills and a background in security / cryptography.

You will work with our in-house experts as well as with collaborating industrial and academic partners on the subject, but the topic is selected to be a M.Sc. thesis, i.e. we will adapt the scope and timeframe to suit a thesis work, and possibly an academic publication.

Requirements:

- A M.Sc. student close to finishing (CS/E.Eng).
- System / embedded coding experience in C, Java (Android)
- Sufficient skills to work and interact in English
- Good team-working skills

Advantage:

- Background (courses) in platform security, cryptography or equivalent
- An interest to do research and explore new challenges.

For further information: Please contact Jan-Erik Ekberg (jan.erik.ekberg@huawei.com) and Hans Liljestrand (hans.liljestrand@aalto.fi)

The Mobile Security Laboratory in Huawei, Helsinki drives renewal and mastery in the field of platform / device related security technologies for the mobile device. Our topical expertise is in hardware-assisted isolation and system protection (hypervisor, TEE, kernel hardening) as well as functions like device key management, attestation and integrity.



Huawei: Write-once memory subsystem for microcontrollers  PLATSEC NOTE: not available before Autumn 2019

This thesis work with the Huawei Mobile Security Laboratory extends an ongoing research project for write protection in Linux and mobile device kernels into microcontrollers and you will work with our in-house experts on this topic. The fundamental issue that we are solving in this work is that (data) write-protection provided by e.g. MPUs and MMUs is reversible, and can be undone in the case of a kernel attack. This is a likely avenue for the next generation of kernel attacks, when many other avenues of attack has been hindered by recent advances in memory protection. The use case is to ascertain that we can keep also IoT devices, such as sensors, functional and operating within parameters during their operational lifecycle.

This M.Sc. work implies making a proof of concept for write-only memory subsystems in microcontrollers. Depending on the targeted hardware platforms, it consists of a minimal hardware block change that implements the write-filtering of memory for a suitable microcontroller, and implementing the software framework (i.e., the write-once memory allocator) for the selected operating system.

Requirements:

- A M.Sc. student close to finishing (CS/E.Eng)
- System / embedded kernel coding experience in C/C++
- Sufficient skills to work and interact in English
- Good team-working skills

Advantage:

- Background (courses) in systems programming, platform security, or equivalent
- Linux kernel coding experience, course-work on RTOS, or equivalent
- Experience or interest in FPGA work

For further information: Please contact Jan-Erik Ekberg (jan.erik.ekberg@huawei.com) and Hans Liljestrand (hans.liljestrand@aalto.fi)

The Mobile Security Laboratory in Huawei, Helsinki drives renewal and mastery in the field of platform / device related security technologies for the mobile device. Our topical expertise is in hardware-assisted isolation and system protection (hypervisor, TEE, kernel hardening) as well as functions like device key management, attestation and integrity.



Huawei: First reference of the GP TPS security standard  PLATSEC NOTE: not available before Autumn 2019

In this internship with Mobile Security Laboratory, Huawei, Finland you will participate in a research project where the target is to prototype a new security API (under standardization) for Mobile phone and IoT use. The Global Platform (GP) has provided multiple specifications on about Secure Components (SC), such as Trusted Execution Environments (TEE), or Secure Element (SE). There exists also other types of non-GP SCs like TPM and HSMs. Adoption of these technologies, especially in consumer devices, has been surprisingly slow. One of the biggest reason for slow adoption is that application developers do not have consistent ways to use SCs. One exception is Google’s Android KeyStore, which provides wide range of SC functionality to REE (Android) developers via Java Cryptography Architecture (JCA), but unfortunately only for Android phones. As a consequence, the TPS Committee in GP is developing a new keystore solution, with emphasis on that the new key store will be

1) based on industrial standard not on a specification from a single vendor
2) lightweight and therefore applicable also for IoT endpoint devices

The Mobile Security Laboratory in Huawei is one of the driving forces in this new standardization activity, and we propose a thesis work with the intent to make a world-first prototype implementation of the TPS specification on a mobile phone. As master thesis writer you will work in a small team with local experts to design and implement TPS KeyStore API. The implementation work consists of one or several of the individual tasks:

1) To implement the Android Java TPS API binding, supporting all necessary algorithms and cryptographic modes, but also a design that is extendable and maintainable over time. 
2) Development of a System translation library, that converts cryptographic Java calls to native (serialized) TPS KeyStore calls for different SCs. This library is linked to the application code.
3) Implementation of a TPS KeyStore Trusted Application inside the Huawei TEE

Requirements:

- Almost completed coursework for a M.Sc. (CS / E.Eng).
- System / embedded coding experience in C, Android programming background counted as a plus.
- Sufficient skills to work and interact in English
- Good teamwork skills

Advantages:

- Background (courses) in platform security, cryptography or equivalent
- Experience with smart cards or trusted execution environments 
- An interest to do research and explore new challenges.

For further information: Please contact Jan-Erik Ekberg (jan.erik.ekberg@huawei.com) and Hans Liljestrand (hans.liljestrand@aalto.fi)

The Mobile Security Laboratory in Huawei, Helsinki drives renewal and mastery in the field of platform / device related security technologies for the mobile device. Our topical expertise is in hardware-assisted isolation and system protection (hypervisor, TEE, kernel hardening) as well as functions like device key management, attestation and integrity.




Huawei: M.Sc. thesis: ARM TrustZone-M support in RTOS  PLATSEC NOTE: not available before Autumn 2019


The intern to Mobile Security Laboratory, Huawei, Finland will participate in a research project where the target is to secure Internet of Things (IoT) devices. One of the leading technologies in IoT security is Arm TrustZone for Cortex-M [1]. The Arm TrustZone divides the microcontroller into two modes, according to memory address, called Secure (Trusted) and Non-Secure (Non-trusted) worlds. The secure world isolates its resources such as memories and peripherals to protect code and data loaded inside it to protect against Non-secure world. Code running inside secure world can access both secure and non-secure memories and peripherals. However, code running at Non-secure world is limited to access only non-secure memory and peripherals.

In this project, the student shall use Huawei LiteOS [2] as the real time operating system (RTOS) for IoT devices. Huawei LiteOS is an open-source lightweight OS for designed for IoT devices with Arm Cortex-M microcontrollers. At present, LiteOS does not include support for TrustZone Cortex-M technology. Therefore, the primary task of this project is to enhance the security of LiteOS by adding TrustZone support for which the student will be involved in:

  • Exploring Arm TrustZone for Cortex-M technology at high level of detail. Therefore we expect from the applicants, a basic familiarity with the operation of a modern microcontrollers.
  • Designing and implementation of
    • Boot sequence that initializes both the Secure and Non-secure world for LiteOS on Arm TrustZone based Cortex-M device.
    • An application that runs within a Secure world.
    • APIs for accessing Secure world functionality from a Non-secure world application.
  • Demonstrating how a Non-secure world application can call Secure world functionality.

This internship can constitute a Master’s thesis work. Therefore, we especially look for students who have completed the bulk of their MSc courses and are searching for an MSc thesis topic.

Requirements:

  • A person who has completed most of his/her M.Sc. courses (CS/E.Eng).

  • Coding experience for embedded systems in C, ARM assembler

  • Experience in bare-metal programming or equivalent

  • Sufficient skills to work and interact in English

  • Good teamwork skills

Advantage:

  • Background (courses) in platform security, cryptography or equivalent

  • An interest to do research and explore new challenges.

References:

[1]: Arm TrustZone  https://developer.arm.com/technologies/trustzone 
[2]: 
Huawei LiteOS  https://www.huawei.com/minisite/liteos/en/

For further information: Please contact Jan-Erik Ekberg (jan.erik.ekberg@huawei.com) and Hans Liljestrand (hans.liljestrand@aalto.fi)

The Mobile Security Laboratory in Huawei, Helsinki drives renewal and mastery in the field of platform / device related security technologies for the mobile device. Our topical expertise is in hardware-assisted isolation and system protection (hypervisor, TEE, kernel hardening) as well as functions like device key management, attestation and integrity.



Reserved Research Topics





  • No labels