Global ETD Search

1	Secure key management in a trusted domain on mobile devices Solsjö, Oskar January 2015 (has links) As mobile devices manage more and more sensitive information they have become a more targeted platform to exploit. To maintain system integrity while providing a highly responsive product, platform developers have developed hardware as well as software solutions to improve security. Until recently however, it was only possible to devise hardware solutions to achieve the security requirements of EU’s Restricted VoIP protocol. This thesis investigates whether a software solution can provide the necessary levels of assurance to protect EU Restricted Voice over Internet Protocol (VoIP) communications. The thesis covers a literature study over possible approaches to protect sensitive information, which was used in the risk analysis to derive five tests to evaluate the trusted execution environment. The tests show that the trusted execution environment does provide good protection but that the implementation and design greatly influence the robustness and level of assurance that can be expected from the trusted execution environment. TPM TEE Common Criteria Evaluation
2	Analyzing Common Criteria Shortcomings to Improve its Efficacy / Analysera gemensamma Kriterier Brister att förbättra sin effektivitet Ashfaq, Rana Aamir Raza, Khan, Mohammad Qasim January 2009 (has links) Information security has become a key concern for organizations conducting business in the current electronic era. Rapid technological development continuously creates novel security threats, making IT an uncertain infrastructure. So the security is an important factor for the vendors as well as for the consumers. To fulfill the security needs, IT companies have to adopt some standards to assure some levels that concern with the security in their product. Common Criteria (CC) is one of the standards that maintains and controls the security of IT products. Many other standards are also available to assure the security in products but like these standards CC has its own pros and cons. It does not impose predefined security rules that a product should exhibit but a language for security evaluation. CC has certain advantages due to its ability to address all the three dimensions: a) it provides opportunity for users to specify their security requirements, b) an implementation guide for the developers and c) provides comprehensive criteria to evaluate the security requirements. On the downside, it requires considerable amount of resources and is quite time consuming. Another is security requirements that it evaluates and must be defined before the project start which is in direct conflict with the rapidly changing security threat environment. In this research thesis we will analyze the core issues and find the major causes for the criticism. Many IT users in USA and UK have reservations with CC evaluation because of its limitations. We will analyze the CC shortcomings and document them that will be useful for researchers to have an idea of shortcomings associated with CC. This study will potentially be able to strengthen the CC usage with a more effective and responsive evaluation methodology for IT community. / Rana Aamir Raza Ashfaq (0046-76-2473148) CC Common Criteria Evaluation of Common Criteria Analyzing Common Criteria Common Criteria Shortcomings Information Technology Computer Sciences Datavetenskap (datalogi)
3	Testing TLS 1.3 Implementations Against Common Criteria for Information Technology Security Evaluation : Using TLS-Attacker to automate collaborative Protection Profile tests Tacchi Mondaca, Antonello January 2024 (has links) In today’s digital society where all daily actions are performed over the internet, there is an ever increasing need to ensure security when dealing with sensitive information. The default standard for securing communications over the internet,the Transport Layer Security (TLS) protocol, was used for over 90 % of all traffic communication in 2020. TLS has also in recent years received an upgrade, with the new version being 1.3, which introduced substantial changes in its communication protocol. As such, it is of vital importance to ensure that its current standard manages to ensure continued security when using encrypted communications over the internet in accordance with international standards, such as the Common Criteria (CC) standard. This leads us to the problem of how to ensure that evaluation of TLS implementations are done efficiently while ensuring the quality of the evaluation. More, specifically we aim to see how we can automate parts of the evaluation process by creating tests according to the requirements of the Supporting Document (SD) of the CC standard. In this paper we create various tests according to the CC standard for TLS 1.3 implementations that can be automatically run in order. We then use the OpenSSL command line tool as an implementation and run it against our created tests. This was done by using the TLS-Attacker testing framework to not only establish TLS handshakes as either server or client, but also edit which parameters are accepted and the created data packets themselves to test how the implementation handles specific changes in the handshake. The result of the experiment are a series of tests which evaluates whether or not a TLS 1.3 implementation fulfills the requirements set by the CC standard. Our subset of tests covers client and server tests and evaluates an implementation’s use of ciphersuites, named groups, curves, and session resumption. Our results provide a base for creating the remaining tests for TLS 1.3 which is readily extendable through the use of the testing framework, TLS-Attacker. Remaining tests include the use of certificates, as well as Datagram Transport Layer Security (DTLS) for server and client, which could be the focus for future work. / I dagens samhälle där mer och mer handlingar och transaktioner sker digitalt finns det ett stigande behov av att säkerställa säkerheten när känslig information hanteras. Den vanligaste standarden för att säkra kommunikation över internet, TLS, användes i över 90% av all trafikkommunikation år 20202. TLS har också under de senaste åren uppgraderats till version 1.3, vilket introducerade betydande ändringar i dess kommunikationsprotokoll. Det är därför av avgörande vikt att säkerställa att den nuvarande standarden klarar att säkerställa säkra krypterade kommunikationer över internet enligt internationella standarder, såsom CC standarden. Detta leder oss till problemet med hur vi ska säkerställa att utvärderingar av TLS utförs på ett effektivt och smidigt sätt och samtidigt upprätthåller kvaliteten på utvärderingen. Mer specifikt ämnar vi att se hur vi kan automatisera delar av utvärderingsprocessen genom att skapa tester enligt kraven i SD för CC standarden. I denna avhandling skapar vi olika tester enligt CC standarden för TLS 1.3 implementationer som kan köras automatiskt i ordning. Vi använder sedan OpenSSL kommandotolken som en TLS implementation och kör den mot våra skapade tester. Detta utfördes med hjälp av TLS-Attackers testramverk för att inte endast etablera TLS-handskakningar som antingen server eller klient, utan även redigera vilka parametrar som accepteras samt vilka datapaket som sänds, och hur implementationen hanterar ändringar under handskakningen. Resultatet av experimentet är en serie tester som utvärderar huruvida en TLS 1.3 implementation uppfyller kraven som ställs av CC standarden. Vår delmängd av tester täcker klient- och servertester, och utvärderar en implementations användning av chiffersviter, grupper, kurvor och återupptagande av sessioner. Våra resultat ger en bas för att skapa återstående tester för TLS 1.3 vilka kan utökas genom användning av testramverket, TLS-Attacker. Återstående tester inkluderar användning av certifikat, samt DTLS för server och klient, vilket kan vara fokus för framtida arbete. Common Criteria Transport Layer Security 1.3 Security Target Target of Evaluation Common Criteria Transportlagersäkerhet 1.3 Säkerhetsmål Mål för Utvärdering Computer and Information Sciences Data- och informationsvetenskap
4	Virtualization Security Issues in Telemetry Post-Processing Environments Kalibjian, Jeff 10 1900 (has links) ITC/USA 2009 Conference Proceedings / The Forty-Fifth Annual International Telemetering Conference and Technical Exhibition / October 26-29, 2009 / Riviera Hotel & Convention Center, Las Vegas, Nevada / Virtualization technologies have the potential to transform the telemetry post-processing environment. Significant efficiencies can be gained by migrating telemetry post processing activities to virtual computing platforms. However, while facilitating better server utilization, virtualization also presents several challenges; one of the most difficult of those challenges being security. In virtualization, server environments are replicated in software; unfortunately, the security individual servers provide is not replicated in a software stack implementation of a server environment. After reviewing virtualization fundamentals, security issues and their impact on telemetry post processing will be discussed. Partitioning hypervisor virtualization hardware assist para-virtualization coordinating virtualization software FIPS 140-2 Common Criteria
5	Evaluation of the Security of Components in Distributed Information Systems / Värdering av komponenters säkerhet i distribuerade informations system Andersson, Richard January 2003 (has links) <p>This thesis suggests a security evaluation framework for distributed information systems, responsible for generating a system modelling technique and an evaluation method. The framework is flexible and divides the problem space into smaller, more accomplishable subtasks with the means to focus on specific problems, aspects or system scopes. The information system is modelled by dividing it into increasingly smaller parts, evaluate the separate parts and then build up the system “bottom up” by combining the components. Evaluated components are stored as reusable instances in a component library. The evaluation method is focusing on technological components and is based on the Security Functional Requirements (SFR) of the Common Criteria. The method consists of the following steps: (1) define several security values with different aspects, to get variable evaluations (2) change and establish the set of SFR to fit the thesis, (3) interpret evaluated security functions, and possibly translate them to CIA or PDR, (4) map characteristics from system components to SFR and (5) combine evaluated components into an evaluated subsystem. An ontology is used to, in a versatile and dynamic way, structure the taxonomy and relations of the system components, the security functions, the security values and the risk handling. It is also a step towards defining a common terminology for IT security.</p> Informationsteknik Security Evaluation Modelling Distributed Information Systems Common Criteria Ontology Informationsteknik Information technology Informationsteknik
6	Security Critical Systems in Software / Mjukvarubaserade system för informationssäkerhet Frid, Jonas January 2010 (has links) Sectra Communications is today developing cryptographic products for high assurance environments with rigorous requirements on separation between encrypted and un-encrypted data. This separation has traditionally been achieved through the use of physically distinct hardware components, leading to larger products which require more power and cost more to produce compared to systems where lower assurance is required. An alternative to hardware separation has emerged thanks to a new class of operating systems based on the "separation kernel" concept, which offers verifiable separation between software components running on the same processor comparable to that of physical separation. The purpose of this thesis was to investigate the feasibility in developing a product based on a separation kernel and which possibilities and problems with security evaluation would arise. In the thesis, a literature study was performed covering publications on the separation kernel from a historical and technical perspective, and the development and current status on the subject of software evaluation. Additionally, a software crypto demonstrator was partly implemented in the separation kernel based Green Hills Integrity operating system. The thesis shows that the separation kernel concept has matured significantly and it is indeed feasible to begin using this class of operating systems within a near future. Aside from the obvious advantages with smaller amounts of hardware, it would give greater flexibility in development and potential for more fine-grained division of functions. On the other hand, it puts new demands on developers and there is also a need for additional research about some evaluation aspects, failure resistance and performance. / Sectra Communications utvecklar idag kryptoprodukter med högt ställda krav på separation mellan krypterad och okrypterad data. Traditionellt har denna separation gjorts i hårdvara med fysiskt åtskilda komponenter, vilket lett till större produkter, högre energiförbrukning och högre tillverkningskostnader än motsvarande system för lägre säkerhetsnivåer. Ett alternativ till hårdvaruseparation har framkommit tack vare en ny typ av operativsystem baserat på ett koncept kallat "separationskärna", som erbjuder verifierbar separation mellan mjukvarukomponenter på en processor likvärdig med fysisk separation. Syftet med examensarbetet var att undersöka möjligheten att basera en produkt på ett sådant system samt vilka ytterligare möjligheter och problem med säkerhetsevaluering av produkten som uppstår. I examensarbetet utfördes en litteraturstudie av publikationer om separationskärnan ur ett historiskt och tekniskt perspektiv, samt den historiska utvecklingen inom säkerhetsevaluering av mjukvara och dess nuvarande status. Dessutom implementerades delar av ett mjukvarukrypto som en demonstrationsenhet baserad på Integrity från Green Hills Software, vilket är ett realtidsoperativsystem byggt kring en separationskärna. Arbetet visade att separationskärnan som koncept har nått en hög mognadsgrad och att det är rimligt att börja använda denna typ av operativsystem till produkter med mycket högt ställda säkerhetskrav inom en snar framtid. Det skulle förutom uppenbara vinster med minskad mängd hårdvara även ge större flexibilitet vid utvecklingen och möjlighet till exaktare uppdelning av funktioner. Samtidigt ställer det andra krav på utvecklarna och det behövs ytterligare utredning om vissa aspekter av hur evalueringsförfarandet påverkas, systemens feltolerans samt prestanda. Computer Security Cryptography Separation kernel MILS Software evaluation Common Criteria Telecommunication Telekommunikation
7	Evaluation of the Security of Components in Distributed Information Systems / Värdering av komponenters säkerhet i distribuerade informations system Andersson, Richard January 2003 (has links) This thesis suggests a security evaluation framework for distributed information systems, responsible for generating a system modelling technique and an evaluation method. The framework is flexible and divides the problem space into smaller, more accomplishable subtasks with the means to focus on specific problems, aspects or system scopes. The information system is modelled by dividing it into increasingly smaller parts, evaluate the separate parts and then build up the system “bottom up” by combining the components. Evaluated components are stored as reusable instances in a component library. The evaluation method is focusing on technological components and is based on the Security Functional Requirements (SFR) of the Common Criteria. The method consists of the following steps: (1) define several security values with different aspects, to get variable evaluations (2) change and establish the set of SFR to fit the thesis, (3) interpret evaluated security functions, and possibly translate them to CIA or PDR, (4) map characteristics from system components to SFR and (5) combine evaluated components into an evaluated subsystem. An ontology is used to, in a versatile and dynamic way, structure the taxonomy and relations of the system components, the security functions, the security values and the risk handling. It is also a step towards defining a common terminology for IT security. Informationsteknik Security Evaluation Modelling Distributed Information Systems Common Criteria Ontology Informationsteknik Computer and Information Sciences Data- och informationsvetenskap
8	Investigations and Development in the Area of Automated Security Evaluation of Android Devices with Focus on Bluetooth Holmquist, Robin January 2023 (has links) Bluetooth is a technology that has been implemented in over 5 billion devices and therefore has a considerable impact. It is the dominant technology for shortrange wireless communication. Modern society relies heavily on information technology (IT), and this has introduced a significant threat to society and companies in the form of hackers whether they be state-sponsored, political activists, or part of organized crime. This has introduced the need for companies and organizations that strive to make devices more secure, as well as standards that can be used for evaluating how secure a device is. Common Criteria (CC) is an internationally recognized set of guidelines and standards that can be used for security evaluation. There is a growing demand for enhanced efficiency in the field of security evaluation, especially considering the move to agile methodologies in information and communication technology (ICT) product development. Historically, security evaluation has been tailored to each individual product. The current trends in the certification and global ICT evaluation industry indicate a move in the direction of a greater reliance on predefined test cases. In this thesis, I describe how I designed, developed, and evaluated a toolkit that automates the evaluation of Android devices concerning a selection of security requirements that concern Bluetooth from the Mobile Device Fundamentals Protection Profile in CC. This involved a literature study, examination of the Bluetooth Core Specification, software development, and evaluation of the toolkit. My results from evaluating the toolkit found that it only reports non-compliance with a security requirement if the target of evaluation (TOE) is non-compliant. Additionally, every time the toolkit reported compliance with a security requirement, manual evaluation verified that the TOE truly complied with the security requirement. Finally, during the development phase, I discovered a vulnerability that had not been discovered during manual evaluation. It has been confirmed by the developer to be a vulnerability and a patch is currently being developed. My evaluation indicates that the toolkit I have developed is reliable and that it could therefore be used in the security industry. By finding a vulnerability by using automation, I have shown that automation could potentially be a useful approach for vulnerability research. Similarly to fuzzing, automation can be used to expose a system to behavior that it does not expect and therefore potentially reveal vulnerabilities. / Bluetooth är en teknologi som har implementerats i över 5 miljarder enheter och har därför stor inverkan. Det är den dominerande teknologin för trädlös kommunikation med kort räckvidd. Det moderna samhället är starkt beroende av informationsteknologi (IT), och detta har introducerat ett betydande hot mot samhället och företag i form av hackare oavsett om de är statligt sponsrade, politiska aktivister, eller en del av organiserad brottslighet. Detta har introducerat ett behov av företag och organisationer som strävar efter att göra enheter säkrare, såväl som standarder som kan användas för att utvärdera hur säker en enhet är. Common Criteria (CC) är en internationellt erkänd uppsättning riktlinjer och standarder som kan användas för säkerhetsutvärdering. Det finns en växande efterfrågan på ökad effektivitet inom området för säkerhetsutvärdering, särskilt med tanke på övergången till agila metoder för produktutveckling inom information- och kommunikations-teknologi. Historiskt sett har säkerhetsutvärdering skräddarsytts för varje enskild produkt. De nuvarande trenderna i certifieringsindustrin och globala ICT-utvärderingsindustrin indikerar en förflyttning i riktning mot ett mer frekvent användande av fördefinierade testfall. I denna uppsats beskriver jag hur jag designade, utvecklade och utvärderade ett verktyg som automatiserar utvärderingen av Android-enheter gällande ett urval av säkerhetskrav som rör Bluetooth från Mobile Device Fundamentals Protection Profile i CC. Detta innebar en litteraturstudie, granskning av Bluetooth Core Specification, mjukvaruutveckling och utvärdering av verktyget. Mina resultat från utvärderingen av verktyget visade att den bara rapporterar bristande efterlevnad med ett säkerhetskrav om målet för utvärdering (TOE) inte efterlever säkerhetskravet i fråga. Dessutom, varje gång verktyget rapporterade överensstämmelse med ett säkerhetskrav, verifierade manuell utvärdering att TOE:n verkligen efterlevde säkerhetskravet i fråga. Slutligen, under utvecklingsfasen upptäckte jag en sårbarhet som inte upptäckts under manuell utvärdering. Sårbarhet har bekräftats av utvecklaren och en patch håller på att utvecklas. Min utvärdering visar att det verktyg som jag har utvecklat är tillförlitlig och att den därför skulle kunna användas i säkerhetsbranschen. Genom att hitta en sårbarhet genom automatisering har jag visat att automatisering skulle kunna vara en användbar metod för sårbarhetsforskning. På samma sätt som fuzzing kan automatisering används för att utsätta ett system för beteenden som det inte förväntar sig och därför potentiellt avslöja sårbarheter. Bluetooth Android Common Criteria Automated dynamic security evaluation Mobile device security Bluetooth Android Common Criteria S¨akerhet f¨or mobila enheter Computer and Information Sciences Data- och informationsvetenskap
9	Configuration management evaluation guidance for high robustness systems Gross, Michael E. 03 1900 (has links) Approved for public release, distribution is unlimited / Configuration Management (CM) plays a vital role in the development of trusted computing systems. The Common Criteria (CC) provides a framework for performing Information Technology (IT) security evaluations of these systems and further emphasizes CM's role in the development and evaluation process by specifying a minimum set of CM qualities for each Evaluated Assurance Level (EAL). As an evaluation guide, the Common Methodology for Information Technology Security Evaluation, Part 2: Evaluation Methodology (CEM), recommends a set of minimum CM guidelines which can be used by evaluators in the performance of a CM evaluation at the lower Evaluated Assurance Levels. Evaluators and developers will quickly note the CEM's lack of recommended CM guidelines at the higher assurance levels. Thorough study of the listed references supports the hypothesis for this work: Configuration Management guidelines are useful in the evaluation of trusted computing systems. As an assurance mechanism, complete CM guidance helps users of high assurance products obtain a degree of confidence the system security requirements operate as intended and do not contain clandestine code. Complete CM guidance provides evaluators with a "completed assurance scale" and ensures only authorized changes were made to the TOE during development. Useful CM guidelines at the higher assurance levels (EAL5, 6, and 7) will help developers and evaluators ensure products meet the minimum requirements needed for high assurance systems. / Lieutenant, United States Navy Configuration management Information theory Methodology Examinations Evaluation Configuration management Common criteria Common evaluation methodology guidelines High assurance IT product evaluation
10	Recommendations for secure initialization routines in operating systems Dodge, Catherine A. 12 1900 (has links) Approved for public release; distribution in unlimited. / While a necessity of all operating systems, the code that initializes a system can be notoriously difficult to understand. This thesis explores the most common architectures used for bringing an operating system to its initial state, once the operating system gains control from the boot loader. Specifically, the ways in which the OpenBSD and Linux operating systems handle initialization are dissected. With this understanding, a set of threats relevant to the initialization sequence was developed. A thorough study was also made to determine the degree to which initialization code adheres to widely accepted software engineering principles. Based upon this threat analysis and the observed strengths and weaknesses of existing systems, a set of recommendations for initialization sequence architecture and implementation have been developed. These recommendations can serve as a guide for future operating system development. / Civilian, Naval Postgraduate School Computer security Software engineering Operating systems (Computers) Computer Security Initialization Bootstrap Assurance Modularity Layering Coupling Cohesion Common Criteria

Search results