Theses and Dissertations Collection

Software running on desktop computers, laptops, and servers can be updated on a regular basis, installing security and bug fixes. However, industrial control system devices and embedded devices are often deployed and then left in operation for long periods of time with no software updates. The software running in these devices is often installed as an integral part of the system, and is typically called firmware. As these devices age, many have security vulnerabilities found that are located in their firmware or related libraries and as such need to be patched to mitigate the vulnerability, or they are otherwise vulnerable to exploitation. One issue with updating this firmware is that the original image may contain an old version of a library that they rely on for their processes and haphazardly updating may break that functionality. Also, updates may cause changes in critical real-time behavior of the systems. If the firmware is not updated, attacks that exploit discovered vulnerabilities can be successful against all of the deployed devices. This research explores diversification of deployed firmware through the use of shuffling portions of the firmware's code while retaining original functionality. This thesis examines the security impact of shuffling and then reports on a set of experiments that look at performance impact of the shuffling. Results indicate that shuffling can improve security against many modern low-level attacks, and that rearranging the code can change run-time performance of the program by a couple percentage points. With increased security and little performance impact, we recommend further study into the use of shuffling as an added security mechanism.