Securing Multiprocessor Systems-on-Chip

Biswas, Arnab Kumar

16 August 2016

MHRD PhD scholarship / With Multiprocessor Systems-on-Chips (MPSoCs) pervading our lives, security issues are emerging as a serious problem and attacks against these systems are becoming more critical and sophisticated. We have designed and implemented different hardware based solutions to ensure security of an MPSoC. Security assisting modules can be implemented at different abstraction levels of an MPSoC design. We propose solutions both at circuit level and system level of abstractions. At the VLSI circuit level abstraction, we consider the problem of presence of noise voltage in input signal coming from outside world. This noise voltage disturbs the normal circuit operation inside a chip causing false logic reception. If the disturbance is caused intentionally the security of a chip may be compromised causing glitch/transient attack. We propose an input receiver with hysteresis characteristic that can work at voltage levels between 0.9V and 5V. The circuit can protect the MPSoC from glitch/transient attack. At the system level, we propose solutions targeting Network-on-Chip (NoC) as the on-chip communication medium. We survey the possible attack scenarios on present-day MPSoCs and investigate a new attack scenario, i.e., router attack targeted toward NoC enabled MPSoC. We propose different monitoring-based countermeasures against routing table-based router attack in an MPSoC having multiple Trusted Execution Environments (TEEs). Software attacks, the most common type of attacks, mainly exploit vulnerabilities like buffer overflow. This is possible if proper access control to memory is absent in the system. We propose four hardware based mechanisms to implement Role Based Access Control (RBAC) model in NoC based MPSoC.

Network-on-Chip (NoC)

Computer Security

Multiprocessor Systems-on-Chips (MPSoCs)

MP-SoC

Role Based Access Control (RBAC)

Role Based Shared Memory Access Control

MPSoC

Electronics Engineering

Prevention of Privilege Abuse on NoSQL Databases : Analysis on MongoDB access control / Förebyggande av Privilegier Missbruk på NoSQL-databaser : Analys på MongoDB-åtkomstkontroll

Ishak, Marwah

January 2021

Database security is vital to retain confidentiality and integrity of data as well as prevent security threats such as privilege abuse. The most common form of privilege abuse is excessive privilege abuse, which entails assigning users with excessive privileges beyond their job function, which can be abused deliberately or inadvertently. The thesis’s objective is to determine how to prevent privilege abuse in the NoSQL database MongoDB. Prior studies have noted the importance of access control to secure databases from privilege abuse. Access control is essential to manage and protect the accessibility of the data stored and restrict unauthorised access. Therefore, the study analyses MongoDB’s embedded access control through experimental testing to test various built-in and advanced privileges roles in preventing privilege abuse. The results indicate that privilege abuse can be prevented if users are granted roles composed of the least privileges. Additionally, the results indicate that assigning users with excessive privileges exposes the system to privilege abuse. The study also underlines that an inaccurate allocation of privileges or permissions to users of databases may have profound consequences for the system and organisation, such as data breach and data manipulation. Hence, organisations that utilise information technology should be obliged to protect their interests and databases from others and their members through access control policies. / Datasäkerhet är avgörande för att bevara datats konfidentialitet och integritet samt för att förhindra säkerhetshot som missbruk av privilegier. Missbruk av överflödig privilegier, är den vanligaste formen av privilegier missbruk. Detta innebär att en användare tilldelas obegränsad behörighet utöver det som behövs för deras arbete, vilket kan missbrukas medvetet eller av misstag. Examensarbetets mål är att avgöra hur man kan förhindra missbruk av privilegier i NoSQL-databasen MongoDB. Tidigare studier har noterat vikten av åtkomstkontroll för att säkra databaser från missbruk av privilegier. Åtkomstkontroll är viktigt för att hantera och skydda åtkomlighet för de lagrade data samt begränsa obegränsad åtkomst. Därför analyserar arbetet MongoDBs inbäddade åtkomstkontroll genom experimentell testning för att testa olika inbyggda och avancerade priviligierade roller för att förhindra missbruk av privilegier. Resultaten indikerar att missbruk av privilegier kan förhindras om användare får roller som har färre privilegier. Dessutom visar resultaten att tilldelning av användare med obegränsade privilegier utsätter systemet för missbruk av privilegier. Studien understryker också att en felaktig tilldelning av privilegier eller behörigheter för databasanvändare kan få allvarliga konsekvenser för systemet och organisationen, såsom dataintrång och datamanipulation. Därför bör organisationer som använder informationsteknologi ha som plikt att skydda sina tillgångar och databaser från obehöriga men även företagets medarbetare som inte är beroende av datat genom policys för åtkomstkontroll.

NoSQL databases

MongoDB

Access control

Privilege abuse

Role-based access control

NoSQL-databaser

MongoDB

Åtkomstkontroll

Missbruk av privilegier

Computer Engineering

Datorteknik

RBAC Attack Exposure Auditor. Tracking User Risk Exposure per Role-Based Access Control Permissions

Damrau, Adelaide

01 May 2023

Access control models and implementation guidelines for determining, provisioning, and de-provisioning user permissions are challenging due to the differing approaches, unique for each organization, the lack of information provided by case studies concerning the organization’s security policies, and no standard means of implementation procedures or best practices. Although there are multiple access control models, one stands out, role-based access control (RBAC). RBAC simplifies maintenance by enabling administrators to group users with similar permissions. This approach to managing user permissions supports the principle of least privilege and separation of duties, which are needed to ensure an organization maintains acceptable user access security requirements. However, if not properly maintained, RBAC produces the problem of role explosion. What happens when security administrations cannot maintain the increasing number of roles and their assigned permissions provisioned to the organization users? This paper attempts to solve this problem by implementing a scalable RBAC system and assigning each permission a risk value score determined by the severity of risk it would expose the organization to if someone had unauthorized access to that permission. Using RBAC’s role and permission design, each user will be assigned a risk value score determined by the summation of their roles’ risk based on permission values. This method allows security administrators to view the users and roles with the highest level of risk, therefore prioritizing the highest risk users and roles when maintaining user roles and permissions.

Role-Based Access Control

Principle of Least Privilege

Separation of Duties

Permission

Risk

Role Explosion

Databases and Information Systems

Information Security

Other Computer Sciences

Data Protection in Transit and at Rest with Leakage Detection

Denis A Ulybyshev (6620474)

15 May 2019

<p>In service-oriented architecture, services can communicate and share data among themselves. This thesis presents a solution that allows detecting several types of data leakages made by authorized insiders to unauthorized services. My solution provides role-based and attribute-based access control for data so that each service can access only those data subsets for which the service is authorized, considering a context and service’s attributes such as security level of the web browser and trust level of service. My approach provides data protection in transit and at rest for both centralized and peer-to-peer service architectures. The methodology ensures confidentiality and integrity of data, including data stored in untrusted cloud. In addition to protecting data against malicious or curious cloud or database administrators, the capability of running a search through encrypted data, using SQL queries, and building analytics over encrypted data is supported. My solution is implemented in the “WAXEDPRUNE” (Web-based Access to Encrypted Data Processing in Untrusted Environments) project, funded by Northrop Grumman Cybersecurity Research Consortium. WAXEDPRUNE methodology is illustrated in this thesis for two use cases, including a Hospital Information System with secure storage and exchange of Electronic Health Records and a Vehicle-to-Everything communication system with secure exchange of vehicle’s and drivers’ data, as well as data on road events and road hazards. </p><p>To help with investigating data leakage incidents in service-oriented architecture, integrity of provenance data needs to be guaranteed. For that purpose, I integrate WAXEDPRUNE with IBM Hyperledger Fabric blockchain network, so that every data access, transfer or update is recorded in a public blockchain ledger, is non-repudiatable and can be verified at any time in the future. The work on this project, called “Blockhub,” is in progress.</p>

Computer System Security

Database Management

Data Privacy

data protection mechanism

role-based access control

attribute-based encryption scheme

Leakage Detection

encrypted search queries

identity management

authentication scheme

blockchain technology application

Um modelo de autorização contextual para o controle de acesso ao prontuário eletrônico do paciente em ambientes abertos e distribuídos. / A contextual authorization model for access control of electronic patient record in open distributed environments.

Motta, Gustavo Henrique Matos Bezerra

05 February 2004

Os recentes avanços nas tecnologias de comunicação e computação viabilizaram o pronto acesso às informações do prontuário eletrônico do paciente (PEP). O potencial de difusão de informações clínicas resultante suscita preocupações acerca da priva-cidade do paciente e da confidencialidade de seus dados. As normas presentes na legislação dispõem que o conteúdo do prontuário deve ser sigiloso, não cabendo o acesso a ele sem a prévia autorização do paciente, salvo quando necessário para be-neficiá-lo. Este trabalho propõe o MACA, um modelo de autorização contextual para o controle de acesso baseado em papéis (CABP) que contempla requisitos de limita-ção de acesso ao PEP em ambientes abertos e distribuídos. O CABP regula o acesso dos usuários ao PEP com base nas funções (papéis) que eles exercem numa organi-zação. Uma autorização contextual usa informações ambientais disponíveis durante o acesso para decidir se um usuário tem o direito e a necessidade de acessar um re-curso do PEP. Isso confere ao MACA flexibilidade e poder expressivo para estabele-cer políticas de acesso ao PEP e políticas administrativas para o CABP que se adap-tam à diversidade ambiental e cultural das organizações de saúde. O MACA ainda permite que os componentes do PEP utilizem o CABP de forma transparente para o usuário final, tornando-o mais fácil de usar quando comparado a outros modelos de CABP. A arquitetura onde a implementação do MACA foi integrada adota o serviço de diretórios LDAP (Lightweight Directory Access Protocol), a linguagem de pro-gramação Java e os padrões CORBA Security Service e Resource Access Decision Fa-cility. Com esses padrões abertos e distribuídos, os componentes heterogêneos do PEP podem solicitar serviços de autenticação de usuário e de autorização de acesso de modo unificado e coerente a partir de múltiplas plataformas. A implementação do MACA ainda tem a vantagem de ser um software livre, de basear-se em componen-tes de software sem custos de licenciamento e de apresentar bom desempenho para as demandas de acesso estimadas. Por fim, a utilização rotineira do MACA no con-trole de acesso ao PEP do InCor-HC.FMUSP, por cerca de 2000 usuários, evidenciam a exeqüibilidade do modelo, da sua implementação e da sua aplicação prática em casos reais. / The recent advances in computing and communication technologies allowed ready access to the electronic patient record (EPR) information. High availability of clinical information raises concerns about patients privacy and data confidentiality of their data. The legal regulation mandates the confidentiality of EPR contents. Everyone has to be authorized by the patients to access their EPR, except when this access is necessary to provide care on their behalf. This work proposes MACA, a contextual authorization model for the role-based access control (RBAC) that considers the ac-cess restrictions requirements for the EPR in open and distributed environments. RBAC regulates user’s access to EPR based on organizational functions (roles). Con-textual authorizations use environmental information available at access time, like user/patient relationship, in order to decide whether a user is allowed to access an EPR resource. This gives flexibility and expressive power to MACA, allowing one to establish access policies for the EPR and administrative policies for the RBAC that considers the environmental and cultural diversity of healthcare organizations. MACA also allows EPR components to use RBAC transparently, making it more user friendly when compared with other RBAC models. The implementation of MACA architecture uses the LDAP (Lightweight Directory Access Protocol) directory server, the Java programming language and the standards CORBA Security Service and Re-source Access Decision Facility. Thus, heterogeneous EPR components can request user authentication and access authorization services in a unified and coherent way across multiple platforms. MACA implementation complies with free software pol-icy. It is based on software components without licensing costs and it offers good performance for the estimated access demand. Finally, the daily use of MACA to control the access of about 2000 users to the EPR at InCor-HC.FMUSP shows the feasibility of the model, of its implementation and the effectiveness of its practical application on real cases.

arquiteturas abertas e distribuídas

autorização contextual

contexto

contexts

contextual authorization

electronic patient record (EPR)

open and distributed architectures

role-based access control (RBAC)

security

segurança

Um modelo de autorização contextual para o controle de acesso ao prontuário eletrônico do paciente em ambientes abertos e distribuídos. / A contextual authorization model for access control of electronic patient record in open distributed environments.

Gustavo Henrique Matos Bezerra Motta

05 February 2004

Os recentes avanços nas tecnologias de comunicação e computação viabilizaram o pronto acesso às informações do prontuário eletrônico do paciente (PEP). O potencial de difusão de informações clínicas resultante suscita preocupações acerca da priva-cidade do paciente e da confidencialidade de seus dados. As normas presentes na legislação dispõem que o conteúdo do prontuário deve ser sigiloso, não cabendo o acesso a ele sem a prévia autorização do paciente, salvo quando necessário para be-neficiá-lo. Este trabalho propõe o MACA, um modelo de autorização contextual para o controle de acesso baseado em papéis (CABP) que contempla requisitos de limita-ção de acesso ao PEP em ambientes abertos e distribuídos. O CABP regula o acesso dos usuários ao PEP com base nas funções (papéis) que eles exercem numa organi-zação. Uma autorização contextual usa informações ambientais disponíveis durante o acesso para decidir se um usuário tem o direito e a necessidade de acessar um re-curso do PEP. Isso confere ao MACA flexibilidade e poder expressivo para estabele-cer políticas de acesso ao PEP e políticas administrativas para o CABP que se adap-tam à diversidade ambiental e cultural das organizações de saúde. O MACA ainda permite que os componentes do PEP utilizem o CABP de forma transparente para o usuário final, tornando-o mais fácil de usar quando comparado a outros modelos de CABP. A arquitetura onde a implementação do MACA foi integrada adota o serviço de diretórios LDAP (Lightweight Directory Access Protocol), a linguagem de pro-gramação Java e os padrões CORBA Security Service e Resource Access Decision Fa-cility. Com esses padrões abertos e distribuídos, os componentes heterogêneos do PEP podem solicitar serviços de autenticação de usuário e de autorização de acesso de modo unificado e coerente a partir de múltiplas plataformas. A implementação do MACA ainda tem a vantagem de ser um software livre, de basear-se em componen-tes de software sem custos de licenciamento e de apresentar bom desempenho para as demandas de acesso estimadas. Por fim, a utilização rotineira do MACA no con-trole de acesso ao PEP do InCor-HC.FMUSP, por cerca de 2000 usuários, evidenciam a exeqüibilidade do modelo, da sua implementação e da sua aplicação prática em casos reais. / The recent advances in computing and communication technologies allowed ready access to the electronic patient record (EPR) information. High availability of clinical information raises concerns about patients privacy and data confidentiality of their data. The legal regulation mandates the confidentiality of EPR contents. Everyone has to be authorized by the patients to access their EPR, except when this access is necessary to provide care on their behalf. This work proposes MACA, a contextual authorization model for the role-based access control (RBAC) that considers the ac-cess restrictions requirements for the EPR in open and distributed environments. RBAC regulates user’s access to EPR based on organizational functions (roles). Con-textual authorizations use environmental information available at access time, like user/patient relationship, in order to decide whether a user is allowed to access an EPR resource. This gives flexibility and expressive power to MACA, allowing one to establish access policies for the EPR and administrative policies for the RBAC that considers the environmental and cultural diversity of healthcare organizations. MACA also allows EPR components to use RBAC transparently, making it more user friendly when compared with other RBAC models. The implementation of MACA architecture uses the LDAP (Lightweight Directory Access Protocol) directory server, the Java programming language and the standards CORBA Security Service and Re-source Access Decision Facility. Thus, heterogeneous EPR components can request user authentication and access authorization services in a unified and coherent way across multiple platforms. MACA implementation complies with free software pol-icy. It is based on software components without licensing costs and it offers good performance for the estimated access demand. Finally, the daily use of MACA to control the access of about 2000 users to the EPR at InCor-HC.FMUSP shows the feasibility of the model, of its implementation and the effectiveness of its practical application on real cases.

arquiteturas abertas e distribuídas

autorização contextual

contexto

segurança

contexts

contextual authorization

electronic patient record (EPR)

open and distributed architectures

role-based access control (RBAC)

security

Enhancing security in distributed systems with trusted computing hardware

Reid, Jason Frederick

January 2007

The need to increase the hostile attack resilience of distributed and internet-worked computer systems is critical and pressing. This thesis contributes to concrete improvements in distributed systems trustworthiness through an enhanced understanding of a technical approach known as trusted computing hardware. Because of its physical and logical protection features, trusted computing hardware can reliably enforce a security policy in a threat model where the authorised user is untrusted or when the device is placed in a hostile environment. We present a critical analysis of vulnerabilities in current systems, and argue that current industry-driven trusted computing initiatives will fail in efforts to retrofit security into inherently flawed operating system designs, since there is no substitute for a sound protection architecture grounded in hardware-enforced domain isolation. In doing so we identify the limitations of hardware-based approaches. We argue that the current emphasis of these programs does not give sufficient weight to the role that operating system security plays in overall system security. New processor features that provide hardware support for virtualisation will contribute more to practical security improvement because they will allow multiple operating systems to concurrently share the same processor. New operating systems that implement a sound protection architecture will thus be able to be introduced to support applications with stringent security requirements. These can coexist alongside inherently less secure mainstream operating systems, allowing a gradual migration to less vulnerable alternatives. We examine the effectiveness of the ITSEC and Common Criteria evaluation and certification schemes as a basis for establishing assurance in trusted computing hardware. Based on a survey of smart card certifications, we contend that the practice of artificially limiting the scope of an evaluation in order to gain a higher assurance rating is quite common. Due to a general lack of understanding in the marketplace as to how the schemes work, high evaluation assurance levels are confused with a general notion of 'high security strength'. Vendors invest little effort in correcting the misconception since they benefit from it and this has arguably undermined the value of the whole certification process. We contribute practical techniques for securing personal trusted hardware devices against a type of attack known as a relay attack. Our method is based on a novel application of a phenomenon known as side channel leakage, heretofore considered exclusively as a security vulnerability. We exploit the low latency of side channel information transfer to deliver a communication channel with timing resolution that is fine enough to detect sophisticated relay attacks. We avoid the cost and complexity associated with alternative communication techniques suggested in previous proposals. We also propose the first terrorist attack resistant distance bounding protocol that is efficient enough to be implemented on resource constrained devices. We propose a design for a privacy sensitive electronic cash scheme that leverages the confidentiality and integrity protection features of trusted computing hardware. We specify the command set and message structures and implement these in a prototype that uses Dallas Semiconductor iButtons. We consider the access control requirements for a national scale electronic health records system of the type that Australia is currently developing. We argue that an access control model capable of supporting explicit denial of privileges is required to ensure that consumers maintain their right to grant or withhold consent to disclosure of their sensitive health information in an electronic system. Finding this feature absent in standard role-based access control models, we propose a modification to role-based access control that supports policy constructs of this type. Explicit denial is difficult to enforce in a large scale system without an active central authority but centralisation impacts negatively on system scalability. We show how the unique properties of trusted computing hardware can address this problem. We outline a conceptual architecture for an electronic health records access control system that leverages hardware level CPU virtualisation, trusted platform modules, personal cryptographic tokens and secure coprocessors to implement role based cryptographic access control. We argue that the design delivers important scalability benefits because it enables access control decisions to be made and enforced locally on a user's computing platform in a reliable way.

trusted computing

trusted computing hardware

trusted systems

operating system security

distributed systems security

smart card

security evaluation

tamper resistance

distance bounding protocol

side channel leakage

electronic cash

electronic health records

role-based access control

Systém správy identit pro malé a střední firmy / Identity Management Solution for Small and Medium Businesses

MAXA, Karel

January 2014

The topic of this master's thesis is development of identity management solution for small and medium business. The thesis is divided into four major parts. The first part contains theoretical background as description of RBAC model or model with relationships between practically used objects (user identity, role, position, permission, account...). Analysis of functioning and needs of targeted organizations was carried out in the second part. The third part describes the design of the developed application. The fourth part discusses actual implementation of the application. The main outcome of the thesis is implemented application that can be deployed at thesis defined organizations. The application includes all the functionality required in the first phase of the project.

MAC řízení přístupu / Mandatory access control

Grepl, Miroslav

January 2008

This master's thesis describes the problems of SELinux, and the methods of creation of a proper security policy with a focus on the SELinux reference policy and its mechanisms. It designs the methodics of formulation of specific security rules, supplemented with the practical example of its application. Furthermore, it describes the available security rules commonly used for http, ftp and ssh services securing, their modification and practical utilization. According to the proposed methodology, these services are protected with their own security rules and both security methods are mutually compared and evaluated.

Semantic and Role-Based Access Control for Data Grid Systems

Muppavarapu, Vineela

11 December 2009

No description available.

Computer Science

Data Grid

role-based access control

semantic-based access control

Storage Resource Broker

Shibboleth

ontology