CISPA
Browse
cispa_all_3934.pdf (862.81 kB)

Space Odyssey: An Experimental Software Security Analysis of Satellites

Download (862.81 kB)
conference contribution
posted on 2023-11-29, 18:24 authored by Johannes Willbold, Moritz SchloegelMoritz Schloegel, Manuel Vögele, Maximilian Gerhardt, Thorsten HolzThorsten Holz, Ali AbbasiAli Abbasi
Satellites are an essential aspect of our modern society and have contributed significantly to the way we live today, most notable through modern telecommunications, global positioning, and Earth observation. In recent years, and especially in the wake of the New Space Era, the number of satellite deployments has seen explosive growth. Despite its critical importance, little academic research has been con- ducted on satellite security and, in particular, on the security of onboard firmware. This lack likely stems from by now outdated assumptions on achieving security by obscurity, effectively preventing meaningful research on satellite firmware. In this paper, we first provide a taxonomy of threats against satellite firmware. We then conduct an experimental security analysis of three real-world satellite firmware images. We base our analysis on a set of real-world attacker models and find several security-critical vulnerabilities in all analyzed firmware images. The results of our experimental security assessment show that modern in-orbit satellites suffer from different software security vulnerabilities and often a lack of proper access protection mechanisms. They also underline the need to overcome prevailing but obsolete assumptions. To substantiate our observations, we also performed a survey of 19 professional satellite developers to obtain a comprehensive picture of the satellite security landscape.

History

Preferred Citation

Johannes Willbold, Moritz Schloegel, Manuel Vögele, Maximilian Gerhardt, Thorsten Holz and Ali Abbasi. Space Odyssey: An Experimental Software Security Analysis of Satellites. In: IEEE Symposium on Security and Privacy (S&P). 2023.

Primary Research Area

  • Threat Detection and Defenses

Name of Conference

IEEE Symposium on Security and Privacy (S&P)

Legacy Posted Date

2023-04-28

Open Access Type

  • Unknown

BibTeX

@inproceedings{cispa_all_3934, title = "Space Odyssey: An Experimental Software Security Analysis of Satellites", author = "Willbold, Johannes and Schloegel, Moritz and Vögele, Manuel and Gerhardt, Maximilian and Holz, Thorsten and Abbasi, Ali", booktitle="{IEEE Symposium on Security and Privacy (S&P)}", year="2023", }

Usage metrics

    Categories

    No categories selected

    Exports

    RefWorks
    BibTeX
    Ref. manager
    Endnote
    DataCite
    NLM
    DC