NDLTD Global ETD Search
  • Refine Query
  • Source
  • Publication year
  • to
  • Language
  • 71
  • 6
  • 6
  • 5
  • 4
  • 2
  • 1
  • 1
  • 1
  • 1
  • 1
  • Tagged with
  • 140
  • 60
  • 59
  • 54
  • 35
  • 27
  • 27
  • 25
  • 22
  • 20
  • 20
  • 19
  • 15
  • 15
  • 13
  • About
  • The Global ETD Search service is a free service for researchers to find electronic theses and dissertations. This service is provided by the Networked Digital Library of Theses and Dissertations.
    Our metadata is collected from universities around the world. If you manage a university/consortium/country archive and want to be added, details can be found on the NDLTD website.

Search results

Showing 11 to 20 of 140 (0.032 seconds)
11

Comparative Study of Network Access Control Technologies

Qazi, Hasham Ud Din January 2007 (has links)
<p>This thesis presents a comparative study of four Network Access Control (NAC) technologies; Trusted Network Connect by the Trusted Computing group, Juniper Networks, Inc.’s Unified Access Control, Microsoft Corp.’s Network Access Protection, and Cisco Systems Inc.’s Network Admission Control. NAC is a vision, which utilizes existing solutions and new technologies to provide assurance that any device connecting to a network policy domain is authenticated and is subject to the network’s policy enforcement. Non-compliant devices are isolated until they have been brought back to a complaint status. We compare the NAC technologies in terms of architectural and functional features they provide.</p><p>There is a race of NAC solutions in the marketplace, each claiming their own definition and terminology, making it difficult for customers to adopt such a solution, resulting in much uncertainty. The NAC paradigm can be classified into two categories: the first category embraces open standards; the second follows proprietary standards. By selecting these architectures, we cover a representative set of proprietary and open standards-based NAC technologies.</p><p>This study concludes that there is a great need for standardization and interoperability of NAC components and that the four major solution proposals that we studied fall short of the desired interoperability. With standards, customers have the choice to adopt solution components from different vendors, selecting, what is commonly referred to as the best of breed. One example for a standard technology that all four NAC technologies that we studied did adopt is the IEEE’s 802.1X port-based access control technology. It is used to control endpoint device access to the network.</p><p>One shortcoming that most NAC architectures (with the exception of Trusted Network Connect) have in common, is the lack of a strong root-of-trust. Without it, clients’ compliance measurements cannot be trusted by the policy server whose task is to assess each client’s policy compliance.</p>
Read more
NAC
Network Access Control
Trusted Platform Module
Trusted Computing Group
Trusted Network Connect
Network Access Protection
Network Admission Control
802.1X
root of trust
Computer science
Datavetenskap
12

Comparative Study of Network Access Control Technologies

Qazi, Hasham Ud Din January 2007 (has links)
This thesis presents a comparative study of four Network Access Control (NAC) technologies; Trusted Network Connect by the Trusted Computing group, Juniper Networks, Inc.’s Unified Access Control, Microsoft Corp.’s Network Access Protection, and Cisco Systems Inc.’s Network Admission Control. NAC is a vision, which utilizes existing solutions and new technologies to provide assurance that any device connecting to a network policy domain is authenticated and is subject to the network’s policy enforcement. Non-compliant devices are isolated until they have been brought back to a complaint status. We compare the NAC technologies in terms of architectural and functional features they provide. There is a race of NAC solutions in the marketplace, each claiming their own definition and terminology, making it difficult for customers to adopt such a solution, resulting in much uncertainty. The NAC paradigm can be classified into two categories: the first category embraces open standards; the second follows proprietary standards. By selecting these architectures, we cover a representative set of proprietary and open standards-based NAC technologies. This study concludes that there is a great need for standardization and interoperability of NAC components and that the four major solution proposals that we studied fall short of the desired interoperability. With standards, customers have the choice to adopt solution components from different vendors, selecting, what is commonly referred to as the best of breed. One example for a standard technology that all four NAC technologies that we studied did adopt is the IEEE’s 802.1X port-based access control technology. It is used to control endpoint device access to the network. One shortcoming that most NAC architectures (with the exception of Trusted Network Connect) have in common, is the lack of a strong root-of-trust. Without it, clients’ compliance measurements cannot be trusted by the policy server whose task is to assess each client’s policy compliance.
Read more
NAC
Network Access Control
Trusted Platform Module
Trusted Computing Group
Trusted Network Connect
Network Access Protection
Network Admission Control
802.1X
root of trust
Computer Sciences
Datavetenskap (datalogi)
13

Private environments for programs

Dunn, Alan Mark 25 September 2014 (has links)
Commodity computer systems today do not provide system support for privacy. As a result, given the creation of new leak opportunities by ever-increasing software complexity, leaks of private data are inevitable. This thesis presents Suliban and Lacuna, two systems that allow programs to execute privately on commodity hardware. These systems demonstrate different points in a design space wherein stronger privacy guarantees can be traded for greater system usability. Suliban uses trusted computing technology to run computation-only code privately; we refer to this protection as "cloaking". In particular, Suliban can run malicious computations in a way that is resistant to analysis. Suliban uses the Trusted Platform Module and processor late launch to create an execution environment entirely disjoint from normal system software. Suliban uses a remote attestation protocol to demonstrate to a malware distribution platform that the environment has been correctly created before the environment is allowed to receive a malicious payload. Suliban's execution outside of standard system software allows it to resist attackers with privileged operating system access and those that can perform some forms of physical attack. However, Suliban cannot access system services, and requires extra case-by-case measures to get outside information like the date or host file contents. Nonetheless, we demonstrate that Suliban can run computations that would be useful in real malware. In building Suliban, we uncover which defenses are most effective against it and highlight current problems with the use of the Trusted Platform Module. Lacuna instead aims at achieving forensic deniability, which guarantees that an attacker that gains full control of a system after a computation has finished cannot learn answers to even binary questions (with a few exceptions) about the computation. This relaxation of Suliban's guarantees allows Lacuna to run full-featured programs concurrently with non-private programs on a system. Lacuna's key primitive is the ephemeral channel, which allows programs to use peripherals while maintaining forensic deniability. This thesis extends the original Lacuna work by investigating how Linux kernel statistics leak private session information and how to mitigate these leaks. / text
Read more
System-level privacy
Code obfuscation
Data leaks
Trusted computing
Virtualization
14

An architectural approach for reasoning about trust properties

Namiluko, Cornelius January 2012 (has links)
The need for trustworthy system operation has been acknowledged in many circles. However, establishing that a system is trustworthy is a significant challenge. While trusted computing proposes technical mechanisms towards this end, less attention is directed towards providing a basis for trusting such systems. Consequently, it is not clear: (i) how such mechanisms influence the overall trust in a system; (ii) the properties and assumptions upon which trust is based; and (iii) the evidence necessary to reason about these properties. This can be attributed to a number of factors including: (i) the complexity of modern systems; (ii) a lack of consensus on a definition of trust; and (iii) a lack of a systematic approach for identifying and using evidence to reason about trust-related properties. This dissertation presents research towards addressing these challenges. We argue that an architectural approach provides effective abstractions for making trust properties and assumptions explicit and reasoning about a system's ability to satisfy these properties. We propose a framework for identifying, categorising and mapping trust-properties to aspects of a system that could be used to reason about these properties. Guided by this framework, we propose and develop models for representing knowledge about a particular aspect and using it to reason about trust-properties. A semantic model, based on the semantics of Z, is developed to characterise building blocks of trustworthy systems and to demonstrate how the system's constituents determine its trustworthiness. An abstraction model based on formal verification is developed to reason about the impact of the system's construction and configuration on its trustworthiness. Finally, two complementary models for capturing the runtime aspects of the system are developed. A trace-based model enables analysis of runtime evidence in the form of event logs and a provenance-based model captures operations on the system as a provenance graph. The models are validated on a trusted grid architecture, a password manager and a trustworthy collaborative system.
Read more
004.21
15

A Reconfigurable Trusted Platform Module

James, Matthew David 01 March 2017 (has links)
A Trusted Platform Module (TPM) is a security device included in most modern desktop and laptop computers. It helps keep the computing environment secure by isolating cryptographic functions and data from the CPU. A TPM is usually implemented with a small microcontroller which is near the main processor. In addition to a microcontroller, it may employ hardware acceleration to assist in cryptographic computations. When vulnerabilities are found, or new algorithms developed, TPMs become obsolete because the hardware accelerators cannot be upgraded. This thesis presents a proof of concept implementation of a TPM on an FPGA. By using an FPGA, the TPM gains the ability to be upgraded or have new cryptographic modules added. This new design easily fits on the Zynq FPGA used in this work, with room left over for additional functionality. We explore the feasibility of this approach, including the added cost of the FPGA, and the added benefits of reconfigurable hardware.
FPGA
TPM
Cryptography
Trusted Computing
Electrical and Computer Engineering
16

Design and Implementation of the Ephemerizer System

Xu, Shangjin January 2007 (has links)
<p>This thesis describes the system design and implementation of the secure Ephemerizer System that was first introduced by Radia Perlman in 2005. The system is designed to enable users to keep data for a finite period of time before making the data unrecoverable by destroying the keys with which the data was encrypted. The task of the Ephemerizer System service is to create, advertise, and destroy keys required for the Ephemerizer System's functionalities.</p><p>We designed the Ephemerizer System Service's security by placing the sensitive key management modules into a Trusted Computing Base (TCB). Our compartmentalized approach distributes security requirements at different sensitivity levels into different protection domains. In our approach, we implement the trusted protection domain (our TCB) on a tamper-resistant Javacard.</p><p>We placed the key storage database into the partly trusted protection domain to improve scalability and availability of the Ephemerizer System. The partly trusted protection domain requires memory isolation and other security mechanisms provided by the underlying operating system. We implemented several mechanisms on the TCB, such as the signature engine, cryptographic modules, the on-card expiration validator, and on-card time verification. We make the Ephemerizer System available to users as a web service and expose it though a uniform API. This approach enables the seamless integration of the Ephemerizer System into business processes on heterogeneous platforms.</p>
Read more
Ephemerizer
Javacard
Cryptography
Trusted Computing Base
Webservices
Computer science
Datavetenskap
17

A Secured Data Protocol for the Trusted Truck(R) System

Bulusu, Srinivasa Anuradha 01 December 2010 (has links)
Security has become one of the major concerns in the Intelligent Transportation Systems (ITS). The Trusted Truck(R) System, provides an efficient wireless communication mechanism for safe exchange of messages between the moving vehicles (trucks) and the roadside inspection stations. The vehicles and the station are equipped with processing units but with different computational capabilities. To make this Trusted Truck(R) system more secure, this thesis proposes a secured data protocol which ensures data integrity, message authentication and non-repudiation. The uniqueness of the protocol is: it is cost-effective, resource-efficient and embeds itself into the Trusted Truck (R) environment without demanding any additional infrastructure. The protocol also balances the computational load between the vehicle and station by incorporating an innovative key transport mechanism. Digital signatures and encryption techniques are used for authentication and data con dentiality. Cryptography algorithms along with optimization methods are used for the digital signatures. The computational time for the algorithms are analyzed. Combining all these techniques, an efficient secured data protocol is developed and implemented successfully.
Read more
Data Protocol
Trusted Truck
Cryptography
18

TCPA/TCG and NGSCB : Benefits and Risks for Users

Ericson, Peter January 2004 (has links)
<p>Trusted computing has been proposed as a way to enhance computer security and privacy significantly by including them in the design of computing platforms instead of adding them on top of an inherently insecure foundation; however, the project has attracted much criticism. This dissertation looks at trusted computing from the user perspective. Possible beneficial uses of the technology are brought up, and some of the raised criticism is discussed. The criticism is analyzed in an attempt to find out if the criticism is correct on all points, or if some of it is the result of misinformation or misunderstanding. The conclusion is that not all the arguments against trusted computing are correct, and that the possible implications for users are taken into account in the development process. The dissertation ends on a positive note, concluding that trusted computing is possible without the worst fears of the critics coming true.</p>
TCPA
TCG
NGSCB
Trusted computing
Computer science
Datavetenskap
19

Konzeptioneller Entwurf und prototypische Implementierung einer Sicherheitsarchitektur für die Java-Data-Objects-Spezifikationen

Merz, Matthias January 2007 (has links)
Zugl.: Mannheim, Univ., Diss., 2007
20

Enhanced Password Security on Mobile Devices

Liu, Dongtao January 2013 (has links)
<p>Sleek and powerful touchscreen devices with continuous access to high-bandwidth wireless data networks have transformed mobile into a first-class development platform. Many applications (i.e., "apps") written for these platforms rely on remote services such as Dropbox, Facebook, and Twitter, and require users to provide one or more passwords upon installation. Unfortunately, today's mobile platforms provide no protection for users' passwords, even as mobile devices have become attractive targets for password-stealing malware and other phishing attacks.</p><p>This dissertation explores the feasibility of providing strong protections for passwords input on mobile devices without requiring large changes to existing apps.</p><p>We propose two approaches to secure password entry on mobile devices: ScreenPass and VeriUI. ScreenPass is integrated with a device's operating system and continuously monitors the device's screen to prevent malicious apps from spoofing the system's trusted software keyboard. The trusted keyboard ensures that ScreenPass always knows when a password is input, which allows it to prevent apps from sending password data to the untrusted servers. VeriUI relies on trusted hardware to isolate password handling from a device's operating system and apps. This approach allows VeriUI to prove to remote services that a relatively small and well-known code base directly handled a user's password data.</p> / Dissertation
Read more
Computer science
Mobile Computing
Password
Security
Trusted UI

Page generated in 0.0372 seconds