Computing systems are widespread in modern society, ranging from everyday personal devices to critical infrastructures such as embedded systems, industrial control systems, cloud servers, and IoT devices. Given this widespread integration, it is essential to check the state of these software systems to promptly detect malicious activities or failures that could undermine their security and functionality. Equally important is the ability to change the state of software systems through timely software updates, to enhance their operational integrity. Remote mechanisms for system state verification, update deployment, and risk analysis are vital in managing software systems. These mechanisms can potentially reduce the risks of data breaches, service disruptions, and system failures.

For checking (verifying) the state of systems, remote attestation has emerged as a key mechanism by enabling an external verifier to assess a systems integrity remotely. However, existing remote attestation mechanisms face challenges, particularly in their integration with Trusted Execution Environments (TEEs). While TEEs provide hardware-backed security guarantees that can enhance attestation reliability, not all TEEs support remote attestation by default. Additionally, while software updates can serve as a means for changing system state, particularly when combined with remote attestation to ensure integrity, there remains a notable absence of standardized methodologies for their secure integration with attestation mechanisms.

This licentiate thesis addresses these challenges by investigating the security requirements, assurance arguments, and integration challenges of remote attestation within TEEs. Furthermore, the thesis designs a standards-compliant secure software update framework that can be deployed in computing systems, including embedded systems, and investigates update-related vulnerabilities of software and firmware that occur during the update or upgrade process for the sake of enhancing the software state.

Specifically, the thesis focuses on three core objectives: (i) developing a structured security assurance framework that catalogs the end-to-end requirements of a remote attestation protocol and provides a synthesized assurance argument, showing how the security properties are met relying on the provided capabilities of TEEs; (ii) designing a framework for remote attestation and software updates that adhere to an attestation standard. The framework, entitled Remote Attestation with Software Updates in Embedded Systems (RASUES), is developed as an extension of the Remote ATtestation procedureS (RATS) Architecture (RFC-9334) to support secure software updates. It has been evaluated through a proof-of-concept implementation with a comparative analysis against state-of-the-art solutions, and a detailed security analysis; (iii) conducting a fine-grained analysis of software and firmware update vulnerabilities, leading to the development of a recommendation matrix that pairs each identified weakness and attack surface with tailored mitigation strategies.

The findings of this thesis have long-term potential to enhance the trustworthiness of infield software states through remote attestation, contribute to the standardization of secure software update practices, provide an actionable mitigation roadmap to harden update processes against cyber threats, and improve update security mechanisms.