Improving Security of Edge Devices by Offloading Computations to Remote, Trusted Execution EnvironmentsBilbao Munoz, Carlos 11 January 2022 (has links)
In this thesis we aim to push forward the state-of-the-art security on instruction set architecture (ISA) heterogeneous systems by adopting an edge-computing approach. As the embedded devices market grows, such systems remain affected by a wide range of attacks and are particularly vulnerable to techniques that render the operating system or hypervisor untrusted. The usage of Trusted Execution Environments (TEEs) can help mitigate such threat model(s) immensely, but embedded devices rarely count with the hardware support required. To address this situation and enhance security on embedded devices, we present the RemoteTrust framework, which allows modest devices to offload secure computations on a remote server with hardware-level TEEs. To ease portability, we develop the framework on top of the open-source hardware-agnostic Open Enclave SDK. We evaluate the framework from a security and performance perspectives on a realistic infrastructure. In terms of security, we provide a list of CVEs that could potentially be mitigated by RemoteTrust, and we prevent the Heartbleed attack on a vulnerable server. From a performance perspective, we port C/C++ benchmarks of SPEC CPU 2017, two overhead microbenchmarks and five open-source applications, demonstrating small communication overhead (averaging less than 1 second per 100 remote single-parameter enclave calls). / Master of Science / We develop software that can be leveraged to secure an embedded device (reduced-size computer) using features only present in more powerful systems such as a server. This requires developing and extending source code for ISA-heterogeneous (different instruction sets) systems. Our thesis is then evaluated on a realistic setup, using the type of device (a Raspberry Pi v4) that the framework is intended for. We demonstrate our framework can help secure devices without paying a high price in performance.
Ho, Sze-lok., 何思樂.
Confidentiality has always been a concern in secret operation. In this thesis, we consider the situation of legitimate data request and transfer between investigator and database owner who provides intelligence, where the identity of the investigation subject and the records in the database are both confidential. Current practice of secret investigation solely relies on the integrity and carefulness of the involved individuals to resist data leakage, but regulations, policy, agreement, such human means cannot give a promising solution, thus a technical means is needed. As appropriate solution for this confidential data request and transfer problem cannot be found from related research, our goal is to offer a means that can help keeping the investigation secret and protecting irrelevant data at the same time. We present a technical solution for preserving two-way confidentiality between the investigator (legitimate data requester) and the database owner (legitimate data holder), which can accommodate the concerns of both sides during the specific information request and transfer. Two schemes, Sender-Based Scheme and Receiver-Based Scheme, have been proposed to solve the problem under different conditions, and illustration of executing our schemes is given through an example situation “Investigator and Private hospital” which is an ordinary scenario during investigation. Furthermore, a practical cost reduction methodology on the schemes and sensible proposals for extensions are suggested and discussed. The direction of future work is also considered. / published_or_final_version / Computer Science / Master / Master of Philosophy
Teo, Hock Weng.
Thesis (PhDBusinessandManagement)--University of South Australia, 2002.
Scudder, Kathleen A.
(has links) (PDF)
Thesis (M.S. in Security Studies (Homeland Security and Defense))--Naval Postgraduate School, December 2009. / Thesis Advisor(s): Bach, Robert ; Morag, Nadav. "December 2009." Description based on title screen as viewed on February 1, 2010. Author(s) subject terms: Doctrine, Learning Organization, Collaboration, Merger, Trust, Customs And Border Protection, CBP. Includes bibliographical references (p. 63-65). Also available in print.
An inquiry into some of the reasons for the necessity and delays in the implementation of a contributory social security scheme in Hong Kong /Tso, Yeung, Arthur. January 1982 (has links)
Thesis (M.S.W.)--University of Hong Kong, 1982.
Abu Mahfouz, Adnan Mohammed I.
Thesis (M.Sc.)(Computer Science)--University of Pretoria, 2004. / Summaries in English and Afrikaans. Includes bibliographical references.
Legal problems of secured transactions in Nigeria a comparison with Canada and a proposal for reform /Nwabuzor, Emmanuel O. January 1993 (has links)
Thesis (LL.M.) -- University of Manitoba, November 1993. / Bibliography: p. 232-245.
30 September 2014
M.Com. (Informatics) / Please refer to full text to view abstract
Van der Merwe, Isak Pieter
15 September 2014
M.Com. (Informatics) / The aim of this study is to introduce a model that can be used to manage the security profiles by using a role oriented approach. In chapter 1 the addressed problem and the aim of the study, are introduced. In chapter 2 the different approaches used in the management of security profiles and the security profiles in Computer Associates's TOP SECRET and IBM's RACF, are discussed, In chapter 3 the Model for Role Profiles (MoRP) is introduced and discussed. Chapter 4 consists of a consideration of the possible problems of MoRP and an extension of MoRP is discussed.' The extended model is called ExMoRP. Chapter 5 consists of an analysis of the Path Context Model (pCM) for security and the principles of the PCM are added to ExMoRP to enhance security. In chapter 6 ExMoRP, with the principles of the PCM, are applied on a case study: In chapter 7 a methodology for the implementation of ExMoRP in an environment, is introduced. In chapter 8 it is shown how the principles of ExMoRP can be applied in UNIX, In chapter 9 it is shown how the principles of ExMoRP can be applied in Windows NT. In chapter 10 it is shown how the principles of ExMoRP can be applied in ORACLE. Chapter 11 consists of a review of the management of security and the present trends.
Chow, Wing-sun, Nelson,
Thesis (Ph. D.)--University of Hong Kong, 1978. / Typewritten.
Page generated in 0.0558 seconds