Global ETD Search

1	Parallelizing Trusted Execution Environments for Multicore Hard Real-Time Systems Mishra, Tanmaya 05 June 2019 (has links) Real-Time systems are defined not only by their logical correctness but also timeliness. Modern real-time systems, such as those controlling industrial plants or the flight controller on UAVs, are no longer isolated. The same computing resources are shared with a variety of other systems and software. Further, these systems are increasingly being connected and made available over the internet with the rise of Internet of Things and the need for automation. Many real-time systems contain sensitive code and data, which not only need to be kept confidential but also need protection against unauthorized access and modification. With the cheap availability of hardware supported Trusted Execution Environments (TEE) in modern day microprocessors, securing sensitive information has become easier and more robust. However, when applied to real-time systems, the overheads of using TEEs make scheduling untenable. However, this issue can be mitigated by judiciously utilizing TEEs and capturing TEE operation peculiarities to create better scheduling policies. This thesis provides a new task model and scheduling approach, Split-TEE task model and a scheduling approach ST-EDF. It also presents simulation results for 2 previously proposed approaches to scheduling TEEs, T-EDF and CT-RM. / Master of Science / Real-Time systems are computing systems that not only maintain the traditional purpose of any computer, i.e, to be logically correct, but also timeliness, i.e, guaranteeing an output in a given amount of time. While, traditionally, real-time systems were isolated to reduce interference which could affect the timeliness, modern real-time systems are being increasingly connected to the internet. Many real-time systems, especially those used for critical applications like industrial control or military equipment, contain sensitive code or data that must not be divulged to a third party or open to modification. In such cases, it is necessary to use methods to safeguard this information, regardless of the extra processing time/resource consumption (overheads) that it may add to the system. Modern hardware support Trusted Execution Environments (TEEs), a cheap, easy and robust mechanism to secure arbitrary pieces of code and data. To effectively use TEEs in a real-time system, the scheduling policy which decides which task to run at a given time instant, must be made aware of TEEs and must be modified to take as much advantage of TEE execution while mitigating the effect of its overheads on the timeliness guarantees of the system. This thesis presents an approach to schedule TEE augmented code and simulation results of two previously proposed approaches. Trusted Execution Hard real-time systems Scheduling
2	Power-Performance-Predictability: Managing the Three Cornerstones of Resource Constrained Real-Time System Design Mukherjee, Anway 08 November 2019 (has links) This dissertation explores several challenges that plague the hardware-software co-design of popular resource constrained real-time embedded systems. We specifically tackle existing real-world problems, and address them through our design solutions which are highly scalable, and have practical feasibility as verified through our solution implementation on real-world hardware. We address the problem of poor battery life in mobile embedded devices caused due to side-by-side execution of multiple applications in split-screen mode. Existing industry solutions either restricts the number of applications that can run simultaneously, limit their functionality, and/or increase the hardware capacity of the battery associated with the system. We exploit the gap in research on performance and power trade-off in smartphones to propose an integrated energy management solution, that judiciously minimizes the system-wide energy consumption with negligible effect on its quality of service (QoS). Another important real-world requirement in today's interconnected world is the need for security. In the domain of real-time computing, it is not only necessary to secure the system but also maintain its timeliness. Some example security mechanisms that may be used in a hard real-time system include, but are not limited to, security keys, protection of intellectual property (IP) of firmware and application software, one time password (OTP) for software certification on-the-fly, and authenticated computational off-loading. Existing design solutions require expensive, custom-built hardware with long time-to-market or time-to-deployment cycle. A readily available alternative is the use of trusted execution environment (TEE) on commercial off-the-shelf (COTS) embedded processors. However, utilizing TEE creates multiple challenges from a real-time perspective, which includes additional time overhead resulting in possible deadline misses. Second, trusted execution may adversely affect the deterministic execution of the system, as tasks running inside a TEE may need to communicate with other tasks that are executing on the native real-time operating system. We propose three different solutions to address the need for a new task model that can capture the complex relationship between performance and predictability for real-time tasks that require secure execution inside TEE. We also present novel task assignment and scheduling frameworks for real-time trusted execution on COTS processors to improve task set schedulability. We extensively assess the pros and cons of our proposed approaches in comparison to the state-of-the-art techniques in custom-built real-world hardware for feasibility, and simulated environments to test our solutions' scalability. / Doctor of Philosophy / Today's real-world problems demand real-time solutions. These solutions need to be practically feasible, and scale well with increasing end user demands. They also need to maintain a balance between system performance and predictability, while achieving minimum energy consumption. A recent example of technological design problem involves ways to improve the battery lifetime of mobile embedded devices, for example, smartphones, while still achieving the required performance objectives. For instance, smartphones that run Android OS has the capability to run multiple applications concurrently using a newly introduced split-screen mode of execution, where applications can run side-by-side at the same time on screen while using the same shared resources (e.g., CPU, memory bandwidth, peripheral devices etc.). While this can improve the overall performance of the system, it can also lead to increased energy consumption, thereby directly affecting the battery life. Another technological design problem involves ways to protect confidential proprietary information from being siphoned out of devices by external attackers. Let us consider a surveillance unmanned aerial vehicle (UAV) as an example. The UAV must perform sensitive tasks, such as obtaining coordinates of interest for surveillance, within a given time duration, also known as task deadline. However, an attacker may learn how the UAV communicates with ground control, and take control of the UAV, along with the sensitive information it carries. Therefore, it is crucial to protect such sensitive information from access by an unauthorized party, while maintaining the system's task deadlines. In this dissertation, we explore these two real-world design problems in depth, observe the challenges associated with them, while presenting several solutions to tackle the issues. We extensively assess the pros and cons of our proposed approaches in comparison to the state-of- the-art techniques in custom-built real-world hardware, and simulated environments to test our solutions' scalability. Real-Time Systems Trusted Execution Voltage-Frequency Scaling Android
3	Attack and Defense with Hardware-Aided Security Zhang, Ning 26 August 2016 (has links) Riding on recent advances in computing and networking, our society is now experiencing the evolution into the age of information. While the development of these technologies brings great value to our daily life, the lucrative reward from cyber-crimes has also attracted criminals. As computing continues to play an increasing role in the society, security has become a pressing issue. Failures in computing systems could result in loss of infrastructure or human life, as demonstrated in both academic research and production environment. With the continuing widespread of malicious software and new vulnerabilities revealing every day, protecting the heterogeneous computing systems across the Internet has become a daunting task. Our approach to this challenge consists of two directions. The first direction aims to gain a better understanding of the inner working of both attacks and defenses in the cyber environment. Meanwhile, our other direction is designing secure systems in adversarial environment. / Ph. D. Trusted Execution Environment Hardware-Assisted Security Secure Execution Cache Rootkit
4	Defending Real-Time Systems through Timing-Aware Designs Mishra, Tanmaya 04 May 2022 (has links) Real-time computing systems are those that are designed to achieve computing goals by certain deadlines. Real-time computing systems are present in everything from cars to airplanes, pacemakers to industrial-control systems, and other pieces of critical infrastructure. With the increasing interconnectivity of these systems, system security issues and the constant threat of manipulation by malicious external attackers that have plagued general computing systems, now threaten the integrity and safety of real-time systems. This dissertation discusses three different defense techniques that focuses on the role that real-time scheduling theory can play to reduce runtime cost, and guarantee correctness when applying these defense strategies to real-time systems. The first work introduces a novel timing aware defense strategy for the CAN bus that utilizes TrustZone on state-of-the-art ARMv8-M microcontrollers. The second reduces the runtime cost of control-flow integrity (CFI), a popular system security defense technique, by correctly modeling when a real-time system performs I/O, and exploiting the model to schedule CFI procedures efficiently. Finally, the third studies and provides a lightweight mitigation strategy for a recently discovered vulnerability within mixed criticality real-time systems. / Doctor of Philosophy / Real-time computing systems are those that are designed to achieve computing goals within certain timing constraints. Real-time computing systems are present in everything from cars to airplanes, pacemakers to industrial-control systems, and other pieces of critical infrastructure. With the increasing interconnectivity of these systems, system security issues and the constant threat of manipulation by malicious external attackers that have plagued general computing systems, now threaten the integrity and safety of real-time systems. This dissertation discusses three different defense techniques that focuses on the role that real-time scheduling theory can play to reduce runtime cost, and guarantee correctness when applying these defense strategies to real-time systems. The first work introduces a novel timing aware defense strategy for the Controller Area Network (CAN). CAN is a popular communication system that is at the heart of every modern passenger vehicle and is indispensable for the safe operation of various components such as the engine and transmission systems, and due to its simplicity, may be vulnerable to a variety of attacks. We leverage security advancements in modern processor design to provide a lightweight and predictable (in terms of time taken to perform the operation) defense technique for some of these vulnerabilities. The second work applies a technique called Control-Flow Integrity (CFI) to real-time systems. CFI is a general-purpose defense technique to prevent attackers from modifying software execution, and applying such techniques to real-time systems, particularly those with limited hardware capabilities, may be infeasible. By applying real-time scheduling theory, we propose a strategy to apply CFI to such systems, while reducing its overhead, or cost, without compromising the security guarantees CFI inherently provides. Finally, safety-critical systems may consist of a mix of operations, each having a different level of importance (criticality) with respect to the safe operation of the system. However, due to the complexity of modeling such systems, the models themselves may be vulnerable to attacks. Through simulations we study one such vulnerability and propose a modification to mitigate it. Real-time systems Security Trusted Execution CAN CFI Mixed Criticality
5	Secure Communication Networks for Connected Vehicles Mahadevegowda, Spandan 17 January 2023 (has links) With the advent of electric vehicles (EVs) and the proliferation of vehicle technologies like drive-by-wire and autonomous driving, advanced communication protocols to connect vehicles and the infrastructure have been proposed. However, practical large-scale deployments have been hindered due to caveats such as hardware, and infrastructure demands — including the security of vehicles, given their ubiquitous nature and direct correlation to human safety. As part of this thesis, we look at deploying a practical solution to adopt a secure large-scale vehicle-to-everything (V2X) communication architecture. Then, we also try to analyze and detect vulnerabilities in vehicle-to-grid communication for electric vehicles. In the first work, we analyze, build a proof of concept and evaluate the use of commercial off-the-shelf (COTS) smartphones as secure cellular-vehicle-to-everything (CV2X) radios. Here, we study the various possible network topologies considering the long-term evolution (LTE) technology with necessary latency requirements considering security and the associated overhead. We further simulate the proposed method by considering real-world scalability for practical deployment. In the second work, we analyze the ISO15118 standard for EV-to-electric grid communication involving high levels of energy exchange. We develop a grammatical fuzzing architecture to assess and evaluate the implementation of the standard on a road-deployed vehicle to detect security vulnerabilities and shortcomings. / Master of Science / The technology around vehicles and the transportation infrastructure has immensely advanced in the last few decades. Today we have advanced technologies like driver assistance, automated driving, and access to multimedia within our vehicles. And deploying such technologies has only been possible due to advancements in the electronics embedded in the vehicles and surrounding infrastructure. Opportunely, we can further improve the technologies to include numerous safety features by connecting vehicles and infrastructure via communication networks. However, this poses immense challenges regarding the scaling of communication infrastructure for the timely exchange of data and its security. But, given the proliferation of cellular technology, the ubiquitous nature of smartphones, and their capabilities, we propose and evaluate the idea of using commercial off-the-shelf (COTS) smartphones to connect vehicles and the infrastructure to exchange data securely. The first work of this thesis details the analysis and evaluation of the system and the network for a secure COTS-based cellular-vehicle-to-everything architecture, including a proof of concept hardware implementation and additional simulations. Additionally, in light of climate policies and cleaner transportation alternatives, we are moving from gasoline-based internal combustion engines to electric vehicles, requiring the transfer of extended amounts of electric energy from the electric grid to the batteries in the vehicles. In light of the same, ISO 15118 standard was developed to reduce repetitive efforts and standardize the communication and exchange of this energy. But as with any new technology, especially involving communication, new attack vectors for malicious entities open up. Therefore, we study this new standard and develop a novel fuzzing architecture to test the implementation of the standard on deployed real-world vehicles for security vulnerabilities and robustness. Again, as this is a nascent technology and standard, a fuzzing approach would accelerate the detection of edge cases and threats before these are exploited to cause harm to human life and property. CV2X V2G Connected Vehicles Secure Networks Trusted Execution
6	TLS Library for Isolated Enclaves : Optimizing the performance of TLS libraries for SGX Li, Jiatong January 2019 (has links) Nowadays cloud computing systems handle large amounts of data and process this data across different systems. It is essential to considering data security vulnerabilities and data protection. One means of decreasing security vulnerabilities is to partition the code into distinct modules and then isolate the execution of the code together with its data. Intel’s Software Guard Extension (SGX) provides security critical code isolation in an enclave. By isolating the code’s execution from an untrusted zone (an unprotected user platform), code integrity and confidentiality are ensured. Transport Layer Security (TLS) is responsible for providing integrity and confidentiality for communication between two entities. Several TLS libraries support cryptographic functions both for an untrusted zone and an enclave. Different TLS libraries have different performance when used with Intel’s SGX. It is desirable to use the best performance TLS library for specific cryptographic functions. This thesis describes a performance evaluation several popular TLS libraries performance on Intel SGX. Using the evaluation results and combining several different TLS libraries together, the thesis proposes a new solution to improve the performance of TLS libraries on Intel SGX. The performance is best when invoking the best specific TLS library based upon the data size – as there is a crossover in performance between the two best libraries. This solution also maintains the versatility of the existing cryptographic functions. / Numera hanterar molnberäkningssystem stora mängder data och bearbetar dessa data över olika system. Det är viktigt att ta itu med datasäkerhetsproblem och dataskydd. Ett sätt att minska säkerhetsproblem är att partitionera koden i olika moduler och sedan isolera kodens exekvering tillsammans med dess data. Intel’s Software Guard Extension (SGX) tillhandahåller säkerhetskritisk kodisolering i en enklav. Genom att isolera kodens körning från en otillförlitlig zon (en oskyddad användarplattform) säkerställs kodintegritet och sekretess. Transport Layer Security (TLS) ansvarar för att ge integritet och konfidentialitet för kommunikation mellan två enheter. Flera TLS-bibliotek stödjer kryptografiska funktioner både för en osäker zon och en enklav. Olika TLS-bibliotek har olika prestanda när de används med Intel’s SGX. Det är önskvärt att använda TLS-bibliotekets bästa prestanda för specifika kryptografiska funktioner. Denna avhandling beskriver en prestationsutvärdering av flera populära TLS-bibliotekens prestanda på Intel SGX. Genom att använda utvärderingsresultaten och kombinera flera olika TLS-bibliotek tillsammans, presenterar avhandlingen en ny design och lösning för att förbättra prestanda för TLS-bibliotek på Intel SGX. Den resulterande prestanda åberopar TLS-bibliotekets bästa prestanda inom en viss datastorlek samtidigt som krypteringsfunktionerna är mångsidiga. Intel SGX Trusted Execution Environment TLS libraries Intel SGX Trusted Execution Environment TLS-bibliotek Communication Systems Kommunikationssystem
7	Enclave Host Interface for Security Sinha, Anmol January 2022 (has links) Secure enclave technology has during the last decade emerged as an important hardware security primitive in server computer cores, and increasingly also in chips intended for consumer devices like mobile phones and PCs. The Linux Confidential Compute Consortium has taken a leading role in defining the host APIs for enclave access (e.g. OpenEnclave APIs). Earlier solutions for security isolation in mobile phones relied on so called Trusted Execution Environments, which are similar in hardware isolation, but serve primarily OEM device security use-cases, and the environments are access controlled by remote trust roots (code signatures). This thesis examines the security requirements for enclaves, visible through APIs and SDKs. An augmented IDE / SDK interface that accounts for security, including legacy considerations present with TEEs is also proposed. This thesis also attempts to improve developer experience related to development of trusted application by providing a tight integration with IDE and an expressive way to select methods which can be carved out of an existing rust application into a seperate trusted application. Furthermore, this thesis also discusses some common pitfalls while developing code for trusted applications and attempts to mitigate several of the discussed risks. The work plan includes a background study on existing TEE and enclave SDKs, a novel SDK augmentation that accounts for the features listed above, and a prototype implementation that highlights the enclave security needs beyond mere isolated execution. An IDE plugin is also implemented, that exemplifies how software engineers (with potentially limited security knowledge) can implement a trusted application service with enclave support such that the end result (enclave code) will run without information leakage or interface security problems. / Säker enklavteknologi har under S senaste decenniet framstått som en viktig hårdvarusäkerhets primitiv i serverdatorkärnor och i allt högre grad även i chips avsedda för konsumentenheter som mobiltelefoner och datorer. Linux Confidential Compute Consortium har tagit en ledande roll i att definiera värdAPI:erna för enklavåtkomst (t.ex. OpenEnclave APIs). Tidigare lösningar för säkerhetsisolering i mobiltelefoner förlitade sig på så kallade Trusted Execution Environments, som liknar hårdvaruisolering, men som i första hand tjänar OEMenhetssäkerhetsanvändning, och miljöerna är åtkomstkontrollerade av fjärrstyrda förtroenderötter (kodsignaturer). Denna avhandling undersöker säkerhetskraven för enklaver, synliga genom API:er och SDK:er. Ett utökat IDE/SDK-gränssnitt som står för säkerhet, inklusive äldre överväganden som finns med TEE, föreslås också. Detta examensarbete försöker också förbättra utvecklarupplevelsen relaterad till utveckling av betrodda applikationer genom att tillhandahålla en tät integration med IDE och ett uttrycksfullt sätt att välja metoder som kan skäras ut ur en befintlig rostapplikation till en separat betrodd applikation. Dessutom diskuterar denna avhandling också några vanliga fallgropar samtidigt som man utvecklar kod för betrodda applikationer och försöker mildra flera av de diskuterade riskerna. Arbetsplanen inkluderar en bakgrundsstudie av befintliga TEE- och enklav-SDK:er, en ny SDK-förstärkning som står för funktionerna som anges ovan, och en prototypimplementering som belyser enklavens säkerhetsbehov utöver enbart isolerad exekvering. En IDE-plugin är också implementerad, som exemplifierar hur mjukvaruingenjörer (med potentiellt begränsad säkerhetskunskap) kan implementera en betrodd applikationstjänst med enklavstöd så att slutresultatet (enklavkoden) kommer att köras utan informationsläckage eller gränssnittssäkerhetsproblem. Trusted Execution Environment Enclave Trusted Applications SDK Visual Studio Code Trusted Execution Environment Enclave Trusted Applications SDK Visual Studio Code Computer and Information Sciences Data- och informationsvetenskap
8	Trusted Execution Environment deployment through cloud Virtualization : Aproject on scalable deployment of virtual machines / Implementering av Trusted Execution Environment genom Cloud Virtualization : Ett projekt om skalbar distribution av virtuella maskiner Staboli, Luca January 2022 (has links) In the context of cloud computing, Trusted Execution Environments (TEE) are isolated areas of application software that can be executed with better security, building a trusted and secure environment that is detached from the rest of the memory. Trusted Execution Environment is a technology that become available only in the last few years, and it is not widespread yet. This thesis investigates the most popular approaches to build a TEE, namely the process-based and the virtualization-based, and will abstract them as much as possible to design a common infrastructure that can deploy TEEs on an external cloud provider, no matter which technology approach is used. The thesis is relevant and novel because the project will give the possibility to use different technologies for the deployment, such as Intel SGX and AMD SEV, which are the two main solutions, but without being reliant on any particular one. If in the future new technologies or vendors’ solutions will become popular, they can be simply added to the list of options. The same can be said for the cloud provider choice. The results show that it is possible to abstract the common features of different TEE’s technologies and to use a unique Application Programming Interface (API) to deploy different TEE´s technologies. We will also ran a performance and quality evaluation, and the results show that the API is performant and respect the common standard quality. This tool is useful for the problem owner and future works on the topic of cloud security. / I samband med cloud computing är Trusted Execution Environments (TEE) isolerade områden av applikationsprogramvara som kan köras med bättre säkerhet, bygga en pålitlig och säker miljö som är frikopplad från resten av minnet. Trusted Execution Environment är en teknik som blivit tillgänglig först under de senaste åren, och den är inte utbredd ännu. Denna avhandling undersöker de mest populära metoderna för att bygga en TEE, nämligen den processbaserade och den virtualiseringsbaserade, och kommer att abstrahera dem så mycket som möjligt för att designa en gemensam infrastruktur som kan distribuera TEEs på en extern molnleverantör, oavsett vilken teknik tillvägagångssätt används. Avhandlingen är relevant och ny eftersom projektet kommer att ge möjligheten att använda olika teknologier för implementeringen, såsom Intel SGX och AMD SEV, som är de två huvudlösningarna, men utan att vara beroende av någon speciell. Om i framtiden nya teknologier eller leverantörers lösningar kommer att bli populära kan de helt enkelt läggas till i listan över alternativ. Detsamma kan sägas om valet av molnleverantör. Resultaten visar att det är möjligt att abstrahera de gemensamma egenskaperna hos olika TEE:s teknologier och att använda ett unikt Application Programming Interface (API) för att distribuera olika TEE:s teknologier. Vi kommer också att göra en prestanda- och kvalitetsutvärdering, och resultaten visar att API:et är prestanda och respekterar den gemensamma standardkvaliteten. Det här verktyget är användbart för problemägaren och framtida arbeten på ämnet molnsäkerhet. Trusted Execution Environment Cloud Computing Virtual Machine Application Programming Interface Trusted Execution Environment Cloud Computing Virtual Machine Application Programming Interface Computer and Information Sciences Data- och informationsvetenskap
9	Using ARM TrustZone for Secure Resource Monitoring of IoT Devices Running Contiki-NG / Använda ARM TrustZone för säker resursövervakning av IoT-enheter som kör Contiki-NG Georgiou, Nikolaos January 2023 (has links) The rapid development of Internet of Things (IoT) devices has brought unparalleled convenience and efficiency to our daily lives. However, with this exponential growth comes the pressing need to address the critical security challenges posed by these interconnected devices. IoT devices are typically resource-constrained, lacking the robust computing power and memory capacity of traditional computing systems, which often leads to a lack of adequate security mechanisms and leaves them vulnerable to various attacks. This master’s thesis contributes by investigating a secure mechanism that utilizes the hardware isolation provided by the TrustZone technology found in ARM’s Cortex-M processors. TrustZone is a hardware-based security extension in ARM processors that enables a secure, isolated environment for executing sensitive code alongside a regular, non-secure operating system. This thesis uses this mechanism and implements a Trusted Execution Environment (TEE) in the secure environment of TrustZone that monitors the resource usage of applications running in the non-secure operating system. The aim of the TEE is to monitor the network communication and the CPU usage of the applications running on the IoT device, protecting its integrity and detecting any abnormal behavior. The implementation is done inside the Contiki-NG operating system, a well-known operating system designed for constrained IoT devices. The thesis conducts a comprehensive evaluation of the developed security solution through extensive experiments using two micro-benchmarks. It analyzes the impact of the security mechanism on various aspects of the IoT device, such as runtime overhead, energy consumption, and memory requirements, while taking into account the resource constraints. Furthermore, the effectiveness of the security solution in identifying malicious activities and abnormal behaviors is thoroughly assessed. The findings demonstrate that the TrustZone-based security mechanism introduces relatively minimal overhead to the device’s operation, making it a viable option for IoT devices that can accommodate such slight performance impacts. The research sheds light on the critical issue of IoT device security, emphasizing the need for tailored solutions that consider the resource constraints of these devices. It presents an alternative solution that utilizes TrustZone’s hardware isolation to effectively monitor the applications running in IoT devices and opens a new approach to securing such kinds of devices. / Den snabba utvecklingen av Internet of Things (IoT)-enheter har gett oöverträffad bekvämlighet och effektivitet i våra dagliga liv. Men med denna exponentiella tillväxt kommer det trängande behovet att ta itu med de kritiska säkerhetsutmaningarna som dessa sammankopplade enheter utgör. IoT-enheter är vanligtvis resursbegränsade och saknar den robusta datorkraften och minneskapaciteten hos traditionella datorsystem, vilket ofta leder till brist på adekvata säkerhetsmekanismer och gör dem sårbara för olika attacker. Denna rapport bidrar genom att undersöka en säker mekanism som använder hårdvaruisoleringen som tillhandahålls av TrustZone-teknologin som finns i ARMs Cortex-M-processorer. TrustZone är ett hårdvarubaserad säkerhetstillägg i ARM-processorer som möjliggör en säker, isolerad miljö för exekvering av känslig kod tillsammans med ett vanligt, osäkrat operativsystem. Denna rapport använder denna mekanism och implementerar ett Trusted Execution Environment (TEE) i den säkra miljön i TrustZone som övervakar resursanvändningen av applikationer som körs i det osäkra operativsystemet. Syftet med TEE är att övervaka nätverkskommunikationen och CPU-användningen för de applikationer som körs på IoT-enheten, skydda dess integritet och upptäcka eventuellt onormalt beteende. Implementeringen görs i operativsystemet Contiki-NG, ett välkänt operativsystem designat för begränsade IoT-enheter. Rapporten genomför en omfattande utvärdering av den utvecklade säkerhetslösningen genom omfattande experiment med två mikroriktmärken. Den analyserar effekten av säkerhetsmekanismen på olika aspekter av IoTenheten, såsom overhead under drift, energiförbrukning och minneskrav, samtidigt som resursbegränsningarna tas i beaktande. Dessutom utvärderas effektiviteten grundligt hos säkerhetslösningen för att identifiera skadliga aktiviteter och onormala beteenden. Resultaten visar att den TrustZonebaserade säkerhetsmekanismen introducerar relativt minimal overhead för enhetens drift, vilket gör det till ett genomförbart alternativ för IoT-enheter som kan hantera en liten prestandapåverkan. Forskningen belyser den kritiska frågan om IoT-enhetssäkerhet och betonar behovet av skräddarsydda lösningar som tar hänsyn till dessa enheters resursbegränsningar. Den presenterar en alternativ lösning som använder TrustZones hårdvaruisolering för att effektivt övervaka applikationer som körs i IoT-enheter och öppnar ett nytt tillvägagångssätt för att säkra sådana typer av enheter. ARM TrustZone Internet Of Things Trusted Execution Environment Secure monitoring Contiki-NG ARM TrustZone Internet Of Things Trusted Execution Environment Säker övervakning Contiki-NG Computer and Information Sciences Data- och informationsvetenskap
10	Semi-centralizovaná kryptoměna založená na blockchainu a trusted computing / Semi-Centralized Cryptocurrency Based on the Blockchain and Trusted Computing Handzuš, Jakub January 2021 (has links) The aim of this thesis is to create a concept of semi-centralized cryptocurrency that supports external interoperability. It is assumed that semi-centralized cryptocurrency is the future of cryptocurrencies in the banking sector, because even at the cost of partial centralization, the concept brings the benefits of a decentralized ledger. Since the simultaneous deployment of their own cryptocurrencies by various central authorities, such as central bank, it is necessary to establish a communication protocol for interbank transactions. The work is thus focused on extending the existing Aquareum solution with an interoperability protocol.

Search results