The student Maialen Eceiza Olaizola obtained an OUTSTANDING qualification with 'CUM LAUDE’ and 'INDUSTRIAL DOCTORATE’ mentions
The student Maialen Eceiza Olaizola obtained an OUTSTANDING qualification with 'CUM LAUDE’ and 'INDUSTRIAL DOCTORATE’ mentions
The student Maialen Eceiza Olaizola obtained an OUTSTANDING qualification with 'CUM LAUDE’ and 'INDUSTRIAL DOCTORATE’ mentions
Thesis title: Novel approaches for IoT and Embedded Device Fuzzing and its Evaluation
Court:
- Chairmanship: José Manuel Estévez Tapiador (Universidad Carlos III de Madrid)
- Vocal: Ricardo Julio Rodríguez Fernández (Universidad de Zaragoza)
- Vocal: Rafael Alejandro Rodríguez Gómez (Universidad de Granada)
- Vocal: Imanol Mugarza Inchausti (Ikerlan S. Coop.)
- Secretary: Urko Zurutuza Ortega (Mondragon Unibertsitatea)
Abstract:
Embedded systems are devices capable of creating, transforming, and sending data autonomously. In recent years their presence has increased significantly, and today they can be found in several areas such as transport, energy, or industry. As a result, each of these areas has its security requirements. Additionally, the resources of the individual devices also influence how they can be secured, making this process very challenging in the case of systems with fewer resources. Hence, it is crucial to find vulnerabilities before the end of the development phase.
One testing technique that allows vulnerabilities to be detected automatically is fuzzing. This technique makes it possible to introduce various inputs generated with different methods into the system and find vulnerabilities by monitoring the system outputs.
The contributions of the thesis are as follows. First, an analysis of the state of the art of fuzzing has been carried out, and the different embedded systems that can be found have been analyzed and classified. The features that a fuzzer should fulfill to work correctly with embedded systems have been detected. Then, the second contribution of the thesis has been to design and develop an experimentation bench that includes embedded systems of different types. The following contribution is an evaluation methodology that allows for objectively evaluating fuzzing algorithms, knowing the metrics to be measured, to know which fuzzer gives the best results. After this, a proof of concept was conducted to see the feasibility of using physical signals in the fuzzing field. Finally, as current and future work, this technique is being implemented to detect vulnerabilities in embedded systems.