Global ETD Search

1	Towards a Trustworthy Thin Terminal for Securing Enterprise Networks Frenn, Evan 25 April 2013 (has links) Organizations have many employees that lack the technical knowledge to securely operate their machines. These users may open malicious email attachments/links or install unverified software such as P2P programs. These actions introduce significant risk to an organization's network since they allow attackers to exploit the trust and access given to a client machine. However, system administrators currently lack the control of client machines needed to prevent these security risks. A possible solution to address this issue lies in attestation. With respect to computer science, attestation is the ability of a machine to prove its current state. This capability can be used by client machines to remotely attest to their state, which can be used by other machines in the network when making trust decisions. Previous research in this area has focused on the use of a static root of trust (RoT), requiring the use of a chain of trust over the entire software stack. We would argue this approach is limited in feasibility, because it requires an understanding and evaluation of the all the previous states of a machine. With the use of late launch, a dynamic root of trust introduced in the Trusted Platform Module (TPM) v1.2 specification, the required chain of trust is drastically shortened, minimizing the previous states of a machine that must be evaluated. This reduced chain of trust may allow a dynamic RoT to address the limitations of a static RoT. We are implementing a client terminal service that utilizes late launch to attest to its execution. Further, the minimal functional requirements of the service facilitate strong software verification. The goal in designing this service is not to increase the security of the network, but rather to push the functionality, and therefore the security risks and responsibilities, of client machines to the network€™s servers. In doing so, we create a platform that can more easily be administered by those individuals best equipped to do so with the expectation that this will lead to better security practices. Through the use of late launch and remote attestation in our terminal service, the system administrators have a strong guarantee the clients connecting to their system are secure and can therefore focus their efforts on securing the server architecture. This effectively addresses our motivating problem as it forces user actions to occur under the control of system administrators. Late launch Trusted Platform Module Trusted Computing
2	Trusted Computing auf dem Prüfstand des kartellrechtlichen Missbrauchsverbotes / Blaha, Ralf. January 2006 (has links) (PDF) Universiẗat, Diss.--Wien, 2006. / Literaturverz. S. 239 - 246.
3	Informationssicherheit in Automobilen Goss, Stefan January 2008 (has links) Zugl.: Siegen, Univ., Diss., 2008
4	Enclave Host Interface for Security Sinha, Anmol January 2022 (has links) Secure enclave technology has during the last decade emerged as an important hardware security primitive in server computer cores, and increasingly also in chips intended for consumer devices like mobile phones and PCs. The Linux Confidential Compute Consortium has taken a leading role in defining the host APIs for enclave access (e.g. OpenEnclave APIs). Earlier solutions for security isolation in mobile phones relied on so called Trusted Execution Environments, which are similar in hardware isolation, but serve primarily OEM device security use-cases, and the environments are access controlled by remote trust roots (code signatures). This thesis examines the security requirements for enclaves, visible through APIs and SDKs. An augmented IDE / SDK interface that accounts for security, including legacy considerations present with TEEs is also proposed. This thesis also attempts to improve developer experience related to development of trusted application by providing a tight integration with IDE and an expressive way to select methods which can be carved out of an existing rust application into a seperate trusted application. Furthermore, this thesis also discusses some common pitfalls while developing code for trusted applications and attempts to mitigate several of the discussed risks. The work plan includes a background study on existing TEE and enclave SDKs, a novel SDK augmentation that accounts for the features listed above, and a prototype implementation that highlights the enclave security needs beyond mere isolated execution. An IDE plugin is also implemented, that exemplifies how software engineers (with potentially limited security knowledge) can implement a trusted application service with enclave support such that the end result (enclave code) will run without information leakage or interface security problems. / Säker enklavteknologi har under S senaste decenniet framstått som en viktig hårdvarusäkerhets primitiv i serverdatorkärnor och i allt högre grad även i chips avsedda för konsumentenheter som mobiltelefoner och datorer. Linux Confidential Compute Consortium har tagit en ledande roll i att definiera värdAPI:erna för enklavåtkomst (t.ex. OpenEnclave APIs). Tidigare lösningar för säkerhetsisolering i mobiltelefoner förlitade sig på så kallade Trusted Execution Environments, som liknar hårdvaruisolering, men som i första hand tjänar OEMenhetssäkerhetsanvändning, och miljöerna är åtkomstkontrollerade av fjärrstyrda förtroenderötter (kodsignaturer). Denna avhandling undersöker säkerhetskraven för enklaver, synliga genom API:er och SDK:er. Ett utökat IDE/SDK-gränssnitt som står för säkerhet, inklusive äldre överväganden som finns med TEE, föreslås också. Detta examensarbete försöker också förbättra utvecklarupplevelsen relaterad till utveckling av betrodda applikationer genom att tillhandahålla en tät integration med IDE och ett uttrycksfullt sätt att välja metoder som kan skäras ut ur en befintlig rostapplikation till en separat betrodd applikation. Dessutom diskuterar denna avhandling också några vanliga fallgropar samtidigt som man utvecklar kod för betrodda applikationer och försöker mildra flera av de diskuterade riskerna. Arbetsplanen inkluderar en bakgrundsstudie av befintliga TEE- och enklav-SDK:er, en ny SDK-förstärkning som står för funktionerna som anges ovan, och en prototypimplementering som belyser enklavens säkerhetsbehov utöver enbart isolerad exekvering. En IDE-plugin är också implementerad, som exemplifierar hur mjukvaruingenjörer (med potentiellt begränsad säkerhetskunskap) kan implementera en betrodd applikationstjänst med enklavstöd så att slutresultatet (enklavkoden) kommer att köras utan informationsläckage eller gränssnittssäkerhetsproblem. Trusted Execution Environment Enclave Trusted Applications SDK Visual Studio Code Trusted Execution Environment Enclave Trusted Applications SDK Visual Studio Code Computer and Information Sciences Data- och informationsvetenskap
5	Implementing Direct Anonymous Attestation on TPM 2.0 Luther, Noah Robert 19 June 2017 (has links) Numerous organizations have pressed in the past several years for improved security and privacy in online interactions. Stakeholders have encouraged the adoption of privacy-enhancing technologies, utilization of microcontrollers and hardware devices for key storage and attestation, and improvements to the methods and policies used for authentication. Cryptographers and security engineers have responded to these calls. There have been numerous papers published in the last decade on topics such as private information retrieval and anonymous authentication and the Trusted Computing Group (TCG) has released a version 2.0 standard for Trusted Platform Modules (TPM). Adoption and implementation of these techniques, however, has been lacking. Although the TPM 2.0 specification was released in 2014 there are no reference implementations of direct anonymous attestation algorithms compatible with the hardware. The purpose of this work is to implement and discuss the implementation of direct anonymous attestation on TPM 2.0 and to consider the scalability and performance of direct anonymous attestation schemes operating on real-world TPM devices. / Master of Science / Numerous organizations have pressed in the past several years for improved security and privacy in online interactions. Stakeholders have encouraged the adoption of new technologies for authentication to reduce the instances of fraud and identity theft. Researchers and engineers have developed standards and devices that aim to simultaneously improve security while maintaining user privacy. In particular, an organization called the Trusted Computing Group has released standards for a device called a Trusted Platform Module. This device is built in to many modern personal computers and is designed to allow users to authenticate without compromising their privacy. Even though the version 2.0 standard was released in 2014, however, there are no reference implementations of standardized privacy-preserving authentication algorithms compatible with the device. The purpose of this work is to implement algorithms for authentication utilizing a Trusted Platform Module and to discuss their performance in the real world. Direct Anonymous Attestation TPM Trusted Computing
6	Parallelizing Trusted Execution Environments for Multicore Hard Real-Time Systems Mishra, Tanmaya 05 June 2019 (has links) Real-Time systems are defined not only by their logical correctness but also timeliness. Modern real-time systems, such as those controlling industrial plants or the flight controller on UAVs, are no longer isolated. The same computing resources are shared with a variety of other systems and software. Further, these systems are increasingly being connected and made available over the internet with the rise of Internet of Things and the need for automation. Many real-time systems contain sensitive code and data, which not only need to be kept confidential but also need protection against unauthorized access and modification. With the cheap availability of hardware supported Trusted Execution Environments (TEE) in modern day microprocessors, securing sensitive information has become easier and more robust. However, when applied to real-time systems, the overheads of using TEEs make scheduling untenable. However, this issue can be mitigated by judiciously utilizing TEEs and capturing TEE operation peculiarities to create better scheduling policies. This thesis provides a new task model and scheduling approach, Split-TEE task model and a scheduling approach ST-EDF. It also presents simulation results for 2 previously proposed approaches to scheduling TEEs, T-EDF and CT-RM. / Master of Science / Real-Time systems are computing systems that not only maintain the traditional purpose of any computer, i.e, to be logically correct, but also timeliness, i.e, guaranteeing an output in a given amount of time. While, traditionally, real-time systems were isolated to reduce interference which could affect the timeliness, modern real-time systems are being increasingly connected to the internet. Many real-time systems, especially those used for critical applications like industrial control or military equipment, contain sensitive code or data that must not be divulged to a third party or open to modification. In such cases, it is necessary to use methods to safeguard this information, regardless of the extra processing time/resource consumption (overheads) that it may add to the system. Modern hardware support Trusted Execution Environments (TEEs), a cheap, easy and robust mechanism to secure arbitrary pieces of code and data. To effectively use TEEs in a real-time system, the scheduling policy which decides which task to run at a given time instant, must be made aware of TEEs and must be modified to take as much advantage of TEE execution while mitigating the effect of its overheads on the timeliness guarantees of the system. This thesis presents an approach to schedule TEE augmented code and simulation results of two previously proposed approaches. Trusted Execution Hard real-time systems Scheduling
7	Secure Service Provisioning in a Public Cloud Aslam, Mudassar January 2012 (has links) The evolution of cloud technologies which allows the provisioning of IT resources over the Internet promises many benefits for the individuals and enterprises alike. However, this new resource provisioning model comes with the security challenges which did not exist in the traditional resource procurement mechanisms. We focus on the possible security concerns of a cloud user (e.g. an organization, government department, etc.) to lease cloud services such as resources in the form of Virtual Machines (VM) from a public Infrastructure-as-a-Service (IaaS) provider. There are many security critical areas in the cloud systems, such as data confidentiality, resource integrity, service compliance, security audits etc. In this thesis, we focus on the security aspects which result in the trust deficit among the cloud stakeholders and hence hinder a security sensitive user to benefit from the opportunities offered by the cloud computing. Based upon our findings from the security requirements analysis,we propose solutions that enable user trust in the public IaaS clouds. Our solutions mainly deal with the secure life cycle management of the user VM which include mechanisms for VM launch and migration. The VM launch and migration solutions ensure that the user VM is always protected in the cloud by only allowing it to run on the user trusted platforms. This is done by using trusted computing techniques that allow the users to remotely attest and hence rate the cloud platforms trusted or untrusted. We also provide a prototype implementation to prove the implementation feasibility of the proposed trust enabling principles used in the VM launch and migration solutions. VM migration trusted platforms cloud security IaaS TPM Security Trusted Computing Virtualization Cloud Computing trust
8	A TRUSTED STORAGE SYSTEM FOR THE CLOUD Karumanchi, Sushama 01 January 2010 (has links) Data stored in third party storage systems like the cloud might not be secure since confidentiality and integrity of data are not guaranteed. Though cloud computing provides cost-effective storage services, it is a third party service and so, a client cannot trust the cloud service provider to store its data securely within the cloud. Hence, many organizations and users may not be willing to use the cloud services to store their data in the cloud until certain security guarantees are made. In this thesis, a solution to the problem of securely storing the client’s data by maintaining the confidentiality and integrity of the data within the cloud is developed. Five protocols are developed which ensure that the client’s data is stored only on trusted storage servers, replicated only on trusted storage servers, and guarantee that the data owners and other privileged users of that data access the data securely. The system is based on trusted computing platform technology [11]. It uses a Trusted Platform Module, specified by the Trusted Computing Group [11]. An encrypted file system is used to encrypt the user’s data. The system provides data security against a system administrator in the cloud. Trusted Storage Cloud Computing Trusted Platform Encrypted File System Cloud Storage Computer Sciences
9	Semi-centralizovaná kryptoměna založená na blockchainu a trusted computing / Semi-Centralized Cryptocurrency Based on the Blockchain and Trusted Computing Handzuš, Jakub January 2021 (has links) The aim of this thesis is to create a concept of semi-centralized cryptocurrency that supports external interoperability. It is assumed that semi-centralized cryptocurrency is the future of cryptocurrencies in the banking sector, because even at the cost of partial centralization, the concept brings the benefits of a decentralized ledger. Since the simultaneous deployment of their own cryptocurrencies by various central authorities, such as central bank, it is necessary to establish a communication protocol for interbank transactions. The work is thus focused on extending the existing Aquareum solution with an interoperability protocol.
10	Minimal Trusted Computing Base for Critical Infrastructure Protection Velagapalli, Arun 17 August 2013 (has links) Critical infrastructures like oil & gas, power grids, water treatment facilities, domain name system (DNS) etc., are attractive targets for attackers — both due to the potential impact of attacks on such systems, and due to the enormous attack surface exposed by such systems. Unwarranted functionality in the form of accidental bugs or maliciously inserted hidden functionality in any component of a system could potentially be exploited by attackers to launch attacks on the system. As it is far from practical to root out undesired functionality in every component of a complex system, it is essential to develop security measures for protecting CI systems that rely only on the integrity of a small number of carefully constructed components, identified as the trusted computing base (TCB) for the system. The broad aim of this dissertation is to characterize elements of the TCB for critical infrastructure systems, and outline strategies to leverage the TCB to secure CI systems. A unified provider-middleman-consumer (PMC) view of systems was adopted to characterize systems as being constituted by providers of data, untrusted middlemen, and consumers of data. As the goal of proposed approach is to eliminate the need to trust most components of a system to be secured, most components of the system are considered to fall under the category of “untrusted middlemen.” From this perspective, the TCB for the system is a minimal set of trusted functionality required to verify that the tasks performed by the middle-men will not result in violation of the desired assurances. Specific systems that were investigated in this dissertation work to characterize the minimal TCB included the domain name system (DNS), dynamic DNS, and Supervisory Control and Data Acquisition (SCADA) systems that monitor/control various CI systems. For such systems, this dissertation provides a comprehensive functional specification of the TCB, and outlines security protocols that leverage the trust in TCB functionality to realize the desired assurances regarding the system. Critical Infrastructure Security DNS DNSSEC SCADA security Data Dissemination Systems Trusted Computing base TCG Trusted Module

Search results