MORA: Hunting Space Bugs in your Sleep

None, None

MORA: Hunting Space Bugs in your Sleep

Master Thesis (2025)

Author(s)

V. Moutafis (TU Delft - Electrical Engineering, Mathematics and Computer Science)

Contributor(s)

Georgios Smaragdakis – Mentor (TU Delft - Cyber Security)

Alexios Voulimeneas – Mentor (TU Delft - Cyber Security)

Faculty

Electrical Engineering, Mathematics and Computer Science

Fuzzing Space Bug Triaging CVSS Satellites RTOS AFL++

To reference this document use:

https://resolver.tudelft.nl/uuid:0a8ebae7-d6c0-4c19-acb1-22937316b033

More Info

expand_more

Publication Year

2025

Language

English

Graduation Date

25-04-2025

Awarding Institution

Delft University of Technology

Programme

['Computer Science | Cyber Security']

Faculty

Electrical Engineering, Mathematics and Computer Science

Reuse Rights

Other than for strictly personal use, it is not permitted to download, forward or distribute the text or part of it, without the consent of the author(s) and/or copyright holder(s), unless the work is under an open content license such as Creative Commons.

Abstract

This thesis explores the security of On-Board Software (OBSW) within mixed-criticality space applications, emphasizing post-exploitation threats and the need for a structured and standardized vulnerability discovery and assessment framework.

To address these challenges, we develop a threat model tailored to RTOS-based space systems, identifying key attack surfaces and adversary capabilities. Our methodology leverages fuzzing methods to systematically uncover vulnerabilities in FreeRTOS, a widely adopted RTOS in space applications, and automates the false-positive/duplicates elimination procedure to minimize the manual work needed during crash triage. The results highlight weaknesses in task isolation and privilege management, demonstrating the feasibility of horizontal lateral movement within on-board software systems.

To evaluate the severity of identified vulnerabilities we integrate an adaptation of the Common Vulnerability Scoring System (CVSS) tailored to space software security with focus on the temporal and environmental metrics. Additionally, we validate our findings through a Cube-FlatSAT experimental setup, demonstrating real-world applicability and reinforcing the need for improved isolation mechanisms in space-grade RTOS.

This research also contributes to the SPACE-SHIELD framework by refining post-exploitation analysis techniques. Our work underscores the necessity of standardized security assessments for on-board space systems, making the first step for robust development of space software against emerging cyber threats in the space domain.

Files

Thesis-vissarion-moutafis.pdf

(pdf | 5.56 Mb)

License info not available