Dynamic updates of mobile apps using JavaScript

Spetz-Nyström, Simon

January 2015

Updates are a natural part of the life cycle of an application. The traditional way of updating an application by stopping it, replacing it with the new version and restarting it is lacking in many ways. There have been previous research in the field of dynamic software updates (DSU) that attempt to salvage this problem by updating the app while running. Most of the previous research have focused on static languages like C and Java, research with dynamic languages have been lacking. This thesis takes advantage of the dynamic features of JavaScript in order to allow for dynamic updates of applications for mobile devices. The solution is implemented and used to answer questions about how correctness can be ensured and what state transfer needs to be manually written by a programmer. The conclusion is that most failures that occur as the result of an update and is in need of a manually written state transfer can be put into one of three categories. To verify correctness of an update tests for these types of failures should be performed.

Dynamic software updates

DSU

JavaScript

Mobile applications

Mobile apps

Dynamic programming language

Computer Sciences

Datavetenskap (datalogi)

Applying Dynamic Software Updates to Computationally-Intensive Applications

Kim, Dong Kwan

22 July 2009

Dynamic software updates change the code of a computer program while it runs, thus saving the programmer's time and using computing resources more productively. This dissertation establishes the value of and recommends practices for applying dynamic software updates to computationally-intensive applications—a computing domain characterized by long-running computations, expensive computing resources, and a tedious deployment process. This dissertation argues that updating computationally-intensive applications dynamically can reduce their time-to-discovery metrics—the total time it takes from posing a problem to arriving at a solution—and, as such, should become an intrinsic part of their software lifecycle. To support this claim, this dissertation presents the following technical contributions: (1) a distributed consistency algorithm for synchronizing dynamic software updates in a parallel HPC application, (2) an implementation of the Proxy design pattern that is more efficient than the existing implementations, and (3) a dynamic update approach for Java Virtual Machine (JVM)-based applications using the Proxy pattern to offer flexibility and efficiency advantages, making it suitable for computationally-intensive applications. The contributions of this dissertation are validated through performance benchmarks and case studies involving computationally-intensive applications from the bioinformatics and molecular dynamics simulation domains. / Ph. D.

Proxy Pattern

Java Virtual Machine

Binary Rewriting

HPC

Dynamic Software Updates

Computationally-Intensive Applications

Trusted Software Updates for Secure Enclaves in Industrial Control Systems

Gunjal, Abhinav Shivram

18 September 2017

Industrial Control Systems (ICSs) manage critical infrastructures such as water treatment facilities, petroleum refineries, and power plants. ICSs are networked through Information Technology (IT) infrastructure for remote monitoring and control of physical processes. As ICSs integrate with IT infrastructure, IT vulnerabilities are carried over to the ICS environment. Previously proposed process controller security architectures maintain safe and stable plant operation even in the presence of attacks that exploit ICS vulnerabilities. Security architectures are process control system-level solutions that leverage isolated and trusted hardware (secure enclaves) for ICS security. Upon detecting an intrusion, the secure enclave switches control of the physical process to a high assurance controller, making a fail-safe plant operation. The process control loop components have an average lifespan of several decades. During this time, electromechanical components of process control loop may undergo aging that alters their characteristics and affects control loop performance. To deal with component aging and to improve control algorithm flexibility, updates to control loop parameters are required. Plant model, process control loop system specifications, and control algorithm-based security mechanisms at the secure enclave require parameter updates. ICSs have hundreds of process control components that may need be installed in hazardous environments and distributed across hundreds of square kilometers. Updating each component physically may lead to accidents, expensive travel, and increased downtime. Some ICS have allowable downtime of only 5 minutes per year. Hence, remote updates are desirable. A proposed dedicated and isolated hardware module at the secure enclave provides authentication of the update and ensures safe storage in a non-volatile memory. A protocol designed for update transmission through an untrusted ICS network provides resilience against network integrity attacks such as replay attacks. Encryption and authentication of the updates maintain integrity and confidentiality. During the normal plant operation, the hardware module is invisible to the other modules of the process control loop. The proposed solution is implemented on Xilinx Zynq-7000 programmable System-on-Chip to provide secure enclave updates. / Master of Science

Industrial control systems

programmable logic controller

industrial control systems security

secure enclaves

software updates

configurable system-on-chip

An Internet of Things Software and Firmware Update Architecture Based on the SUIT Specification

Carlson, Simon

January 2019

As society becomes more digitalized, cyberattacks are increasingly common and severe. Security in the Internet of Things (IoT) is essential, and IoT devices must be updated to patch vulnerabilities. The thesis aims to investigate the question "How can the Software Updates for Internet of Things (SUIT) specification be applied to develop a technology-agnostic and interoperable update architecture for heterogeneous networks of Internet of Things devices?" The thesis project studied the SUIT specifications to gain an understanding of what such an architecture must provide. Five high-level domains were identified and further discussed:1) roles of devices, servers, and operators, 2) key management, 3) device profiles, 4) authorization, and 5) update handling. The architecture was shown to fulfill the requirements SUIT imposes on the architecture and information model, while being flexible and extensible. A prototype was developed in the Contiki-NG operating system to evaluate the feasibility of the architecture. The thesis found that applying the proposed architecture to constrained systems is feasible and would enable updates in heterogeneous IoT networks. / I takt med att samhället blir digitaliserat blir digitala attacker vanligare och får ökade konsekvenser. Säkerhet inom Internet of Things (IoT) är kritiskt och IoT-enheter måste kunna uppdateras för att laga sårbarheter. Denna uppsats ämnar att undersöka frågan "Hur kan Software Updates for Internet of Things (SUIT)-specifikationen appliceras för att utveckla en teknologiskt agnostisk och kompatibel uppdateringsarkitektur för heterogena nätverk av Internet of Things-enheter?"Uppsatsen studerade SUIT-specifikationen för att förstå vad en sådan arkitektur måste erbjuda. Fem abstrakta domänområden identifierades och diskuterades: 1) roller för enheter, uppdateringsservrar, och operatörer, 2) nyckelhantering, 3) enhetsprofiler, 4) auktorisering, och 5) lokal uppdateringshantering. Arkitekturen visades uppfylla de krav SUIT ställer på en arkitektur och informationsmodell samt var flexibel och kunde utökas. En prototyp utvecklades i Contiki-NG operativsystemet för att utvärdera genomförbarheten hos arkitekturen. Uppsatsen fann att det är rimligt att applicera den föreslagna arkitekturen på resursbegränsade enheter, vilket skulle möjliggöra uppdateringar för heterogena IoT-nätverk.

IoT

industrial IoT

security

Contiki-NG

embedded systems

software updates

IoT

industriell IoT

säkerhet

Contiki-NG

inbyggda system

mjukvaruuppdateringar

Computer and Information Sciences

Data- och informationsvetenskap