Servicing a Connected Car Service

Svensson, Benjamin, Varnai, Kristian

January 2015

Increased wireless connectivity to vehicles invites both existing and new digital methods of attack, requiring the high prioritisation of security throughout the development of not just the vehicle, but also the services provided for it. This report examines such a connected car service used by thousands of customers every day and evaluates it from a security standpoint. The methods used for this evaluation include both direct testing of vulnerabilities, as well as the examination of design choices made which more broadly affect the system as a whole. With the results are included suggestions for solutions where necessary, and in the conclusion, design pitfalls and general considerations for system development are discussed.

Systems security

Network security

Distributed systems security

Penetration testing

Computer Sciences

Datavetenskap (datalogi)

Improving Cryptocurrency Blockchain Security and Availability Adaptive Security and Partitioning

Hood, Kendric A.

27 July 2020

No description available.

Computer Science

partitionable

partition

Distributed systems security

blockchain

Cryptocurrency

Protocols

Throughput

Bitcoin

Scalability

transaction processing

decentralized ledger

secure permissionless distributed ledger

sharding

Byzantine Fault Tolerant

Enhancing security in distributed systems with trusted computing hardware

Reid, Jason Frederick

January 2007

The need to increase the hostile attack resilience of distributed and internet-worked computer systems is critical and pressing. This thesis contributes to concrete improvements in distributed systems trustworthiness through an enhanced understanding of a technical approach known as trusted computing hardware. Because of its physical and logical protection features, trusted computing hardware can reliably enforce a security policy in a threat model where the authorised user is untrusted or when the device is placed in a hostile environment. We present a critical analysis of vulnerabilities in current systems, and argue that current industry-driven trusted computing initiatives will fail in efforts to retrofit security into inherently flawed operating system designs, since there is no substitute for a sound protection architecture grounded in hardware-enforced domain isolation. In doing so we identify the limitations of hardware-based approaches. We argue that the current emphasis of these programs does not give sufficient weight to the role that operating system security plays in overall system security. New processor features that provide hardware support for virtualisation will contribute more to practical security improvement because they will allow multiple operating systems to concurrently share the same processor. New operating systems that implement a sound protection architecture will thus be able to be introduced to support applications with stringent security requirements. These can coexist alongside inherently less secure mainstream operating systems, allowing a gradual migration to less vulnerable alternatives. We examine the effectiveness of the ITSEC and Common Criteria evaluation and certification schemes as a basis for establishing assurance in trusted computing hardware. Based on a survey of smart card certifications, we contend that the practice of artificially limiting the scope of an evaluation in order to gain a higher assurance rating is quite common. Due to a general lack of understanding in the marketplace as to how the schemes work, high evaluation assurance levels are confused with a general notion of 'high security strength'. Vendors invest little effort in correcting the misconception since they benefit from it and this has arguably undermined the value of the whole certification process. We contribute practical techniques for securing personal trusted hardware devices against a type of attack known as a relay attack. Our method is based on a novel application of a phenomenon known as side channel leakage, heretofore considered exclusively as a security vulnerability. We exploit the low latency of side channel information transfer to deliver a communication channel with timing resolution that is fine enough to detect sophisticated relay attacks. We avoid the cost and complexity associated with alternative communication techniques suggested in previous proposals. We also propose the first terrorist attack resistant distance bounding protocol that is efficient enough to be implemented on resource constrained devices. We propose a design for a privacy sensitive electronic cash scheme that leverages the confidentiality and integrity protection features of trusted computing hardware. We specify the command set and message structures and implement these in a prototype that uses Dallas Semiconductor iButtons. We consider the access control requirements for a national scale electronic health records system of the type that Australia is currently developing. We argue that an access control model capable of supporting explicit denial of privileges is required to ensure that consumers maintain their right to grant or withhold consent to disclosure of their sensitive health information in an electronic system. Finding this feature absent in standard role-based access control models, we propose a modification to role-based access control that supports policy constructs of this type. Explicit denial is difficult to enforce in a large scale system without an active central authority but centralisation impacts negatively on system scalability. We show how the unique properties of trusted computing hardware can address this problem. We outline a conceptual architecture for an electronic health records access control system that leverages hardware level CPU virtualisation, trusted platform modules, personal cryptographic tokens and secure coprocessors to implement role based cryptographic access control. We argue that the design delivers important scalability benefits because it enables access control decisions to be made and enforced locally on a user's computing platform in a reliable way.

trusted computing

trusted computing hardware

trusted systems

operating system security

distributed systems security

smart card

security evaluation

tamper resistance

distance bounding protocol

side channel leakage

electronic cash

electronic health records

role-based access control

Types for Access and Memory Control / Типски системи за контролу меморије и права приступа / Tipski sistemi za kontrolu memorije i prava pristupa

Jakšić Svetlana

16 November 2016

<p>Three issues will be elaborated and disussed in the proposed thesis. The first is<br />administration and control of data access rights in networks with XML data, with<br />emphasis on data security. The second is the administration and control of<br />access rights to data in computer networks with RDF data, with emphasis on<br />data privacy. The third is prevention of errors and memory leaks, as well as<br />communication errors, generated by programs written in Sing # language in the<br />presence of exceptions. For all three issues, there will be presented formal<br />models with corresponding type systems and showed the absence of undesired<br />behavior i.e. errors in networks or programs.</p> / <p>У тези су разматрана три проблема. Први је администрација и контрола<br />права приступа података у рачунарској мрежи са XML подацима, са<br />нагласком на безбедости посматраних података. Други је администрација и<br />котрола права приступа подацима у рачунарској мрежи са RDF подацима,<br />са нагласком на приватности посматраних података. Трећи је превенција<br />грешака и цурења меморије, као и грешака у комуникацији генерисаним<br />програмима написаних на језику Sing# у којима су присутни изузеци. За сва<br />три проблема биће предложени формални модели и одговарајући типски<br />системи помоћу којих се показује одсуство неповољних понашања тј.<br />грешака у мрежама односно програмима.</p> / <p>U tezi su razmatrana tri problema. Prvi je administracija i kontrola<br />prava pristupa podataka u računarskoj mreži sa XML podacima, sa<br />naglaskom na bezbedosti posmatranih podataka. Drugi je administracija i<br />kotrola prava pristupa podacima u računarskoj mreži sa RDF podacima,<br />sa naglaskom na privatnosti posmatranih podataka. Treći je prevencija<br />grešaka i curenja memorije, kao i grešaka u komunikaciji generisanim<br />programima napisanih na jeziku Sing# u kojima su prisutni izuzeci. Za sva<br />tri problema biće predloženi formalni modeli i odgovarajući tipski<br />sistemi pomoću kojih se pokazuje odsustvo nepovoljnih ponašanja tj.<br />grešaka u mrežama odnosno programima.</p>