Open Platform Systems Under Scrutiny: A Cybersecurity Analysis Of The Device Tree

Embedded systems are deployed in systems ranging from personal devices to systems deployed in critical infrastructure. Due to the advent of Industry 4.0 and the rising need for platform transparency and uniformity, developers opt for open source modular system software that replace the conventional monolithic firmware approach. A common part of the modern embedded system is the Device Tree, a hardware description structure leveraged by the OS kernel. This modular approach and its malleability, however, can be exposed as a vulnerability and enable an array of attacks that would disrupt and destabilize the system. In this paper, we consider the Device Tree from a cybersecurity perspective. We identify scenarios that would enable covert attacks on a target system as well as propose countermeasures from the state-of-the-art.