姓名 |
劉哲豪(Che-Hao Liu)
查詢紙本館藏 |
畢業系所 |
資訊工程學系 |
論文名稱 |
SMACK-based application whitelisting on AGL (SMACK-based application whitelisting on AGL)
|
相關論文 | |
檔案 |
[Endnote RIS 格式]
[Bibtex 格式]
[相關文章] [文章引用] [完整記錄] [館藏目錄] 至系統瀏覽論文 (2025-1-1以後開放)
|
摘要(中) |
隨著科技的日新月異,車用電腦也發展得越來越完全。而近幾年自駕車、車用資訊娛樂系統也變得越來越成熟,許多產品也實際的被應用在真實世界裡。也因此車用資訊娛樂系統的安全性便受到了重視。而Automotive Grade Linux (AGL)是Linux Foundation的開源專案項目之一,此一開源專案主要目的在於提供一個可供各大車廠使用的車用資訊娛樂系統。由於AGL可以直接存取車上的ECU,因此若是遭到惡意攻擊者的攻擊,則攻擊者便可能得到整台車的控制權,進而影響駕駛人的生命安全。
本篇論文將透過Linux security module — SMACK 搭配Access Control List (ACL),對AGL上的程式進行權限控管,進而實做出應用程式白名單機制,此機制能夠在不更動原有AGL的系統架構及不影響AGL原有系統程式的執行狀況下,有效地加強AGL的安全防護。
為了證明此機制的可行性,我們實際應用在AGL的系統上,並透過遠端攻擊的方式測試是否能夠攻擊成功。實驗結果顯示這樣的機制確實能夠有效的防止惡意攻擊者的遠端攻擊。
|
摘要(英) |
In recent years, self-driving and in-vehicle systems have become more and more mature, and many products have actually been applied in the real world. Therefore, the security of the in-vehicle system has received attention. Automotive Grade Linux (AGL) is one of the Linux Foundation′s open source project. The main purpose of this open source project is to provide a car infotainment system that can be used by major car manufacturers. Since AGL can directly access the Electronic Control Unit (ECU), if it is attacked by a malicious attacker, the attacker may gain control of the entire car, thereby affecting the life of the driver.
This paper will use Linux security module – SMACK and Access Control List (ACL) to control the access permission of program on AGL, and then implement the application whitelist mechanism. This mechanism could enhance the security on AGL, and it would not change the original AGL system architecture.
In order to prove the feasibility of this mechanism, we apply it to the real AGL system and test whether it can be successfully attacked by remote attacker. Experimental results show that such a mechanism can effectively prevent remote attacks by malicious attackers.
|
關鍵字(中) |
★ 白名單 ★ 資訊安全 |
關鍵字(英) |
★ whitelisting ★ security |
論文目次 |
摘要 i
Abstract ii
誌謝 iii
圖目錄 v
表目錄 vi
第一章 緒論 1
1.1 動機 1
1.2 貢獻 2
1.3 論文架構 3
第二章 背景介紹 4
2.1 Automotive Grade Linux 4
2.2 AGL系統架構 6
2.3 Simplified Mandatory Access Control Kernel 7
2.4 Access Control List 12
第三章 相關研究 15
第四章 SMACK-based Application Whitelisting 16
4.1 威脅模型分析 17
4.2 系統總覽 18
4.3 分辨歸類程式及資源 21
4.4 設定SMACK Label 22
4.5 設定SMACK Rule 25
4.6 設定ACL 27
第五章 系統評估 29
5.1 阻擋惡意程式執行 30
5.2 阻擋惡意Script執行 33
第六章 討論及未來研究 35
第七章 結論 36
參考文獻 38 |
參考文獻 |
[1] S. N. Y. D. Ling Liu, ”FREE-FALL: HACKING TESLA FROM WIRELESS TO CAN BUS,” in Black Hat, USA, 2017.
[2] “About Automotive Grade Linux,” [線上]. Available: https://www.automotivelinux.org/.
[3] C. Schaufler, “Smack in Embedded Computing,” OLS, pp. 179-186, 2008.
[4] “The Linux kernel,” [線上]. Available: https://www.kernel.org/doc/html/v4.15/admin-guide/LSM/Smack.html.
[5] “Access-control list - WIKI,” [線上]. Available: https://en.wikipedia.org/wiki/Access-control_list.
[6] J. Turla, “Car Infotainment Hacking Methodology and Attack Surface Scenarios,” 於 HITCON, 2018.
[7] “AGL-WIKI,” [線上]. Available: https://wiki.automotivelinux.org/agl-distro/release-notes#grumpy_guppy.
[8] “AGL Grumpy Guppy 7.0.4 Image,” [線上]. Available: https://download.automotivelinux.org/AGL/release/guppy/7.0.4/raspberrypi3/deploy/images/raspberrypi3/.
[9] “Raspberrypi,” [線上]. Available: https://www.raspberrypi.org/products/raspberry-pi-3-model-b-plus/.
[10] “IMA/EVM WIKI,” [線上]. Available: https://sourceforge.net/p/linux-ima/wiki/Home/.
|
指導教授 |
許富皓(Fu-Hau Hsu)
|
審核日期 |
2020-1-14 |
推文 |
facebook plurk twitter funp google live udn HD myshare reddit netvibes friend youpush delicious baidu
|
網路書籤 |
Google bookmarks del.icio.us hemidemi myshare
|