Attributes and Dimensions of Trust in Secure Systems

What is it to be trusted? This is an important question as trust is increasingly placed in a system and the degree to which a system is trusted is increasingly being assessed. However, there are issues with how related terms are used. Many definitions focus on one attribute of trust (typically behaviour) preventing that definition from being used for other attributes (e.g., identity). This is confused further by conflating what trustors measure about a trustee and what conclusions a trustor reaches about a trustee. Therefore, in this paper we present definitions of measures (trustiness and trustworthiness) and conclusions (trusted and trustworthy). These definitions are general and do not refer to a specific attribute allowing them to be used with arbitrary attributes which are being assessed (e.g., identity, behaviour, limitation, execution, correctness, data, environment). In addition, in order to demonstrate the complexities of describing if a trustee is designated as trusted or trustworthy, a set of dimensions are defined to describe attributes (time, scale, proactive/reactive, strength, scope, source). Finally, an example system is classified using these attributes and their dimensions in order to highlight the complexities of describing a system as holistically trusted or trustworthy

Network Security Automation

L'abstract è presente nell'allegato / the abstract is in the attachmen

Beyond oracles – a critical look at real-world blockchains

This thesis intends to provide answers to the following questions: 1) What is the oracle problem, and how do the limitations of oracles affect different real-world applications? 2) What are the characteristics of the portion of the literature that leaves the oracle problem unaddressed? 3) Who are the main contributors to solving the oracle problem, and which issues are they focusing on? 4) How can the oracle problem be overcome in real-world applications? The first chapter aims to answer the first question through a literature review of the most current papers published in the field, bringing clarity to the blockchain oracle problem by discussing its effects in some of the most promising real-world blockchain applications. Thus, the chapter investigates the sectors of Intellectual Property Rights (IPRs), healthcare, supply chains, academic records, resource management, and law. By comparing the different applications, the review reveals that heterogeneous issues arise depending on the sector. The analysis supports the view that the more trusted a system is, the less the oracle problem has an impact. The second chapter presents the results of a systematic review intended to highlight the state-of-the-art of real-world blockchain applications using the oracle problem as a lens of analysis. Academic papers proposing real-world blockchain applications were reviewed to see if the authors considered the oracle’s role in the applications and related issues. The results found that almost 90% of the inspected literature neglected the role of oracles, thereby proposing incomplete or irreproducible projects. Through a bibliometric analysis, the third chapter sheds light on the institutions and authors that are actively contributing to the literature on oracles and promoting progress and cooperation. The study shows that, although there is still a lack of collaboration worldwide, there are dedicated authors and institutions working toward a similar and beneficial cause. The results also make it clear that most areas of oracle research are poorly addressed, with some remaining untouched. The fourth and last chapter focuses on a case study of a dairy company operating in the northeast region of Italy. The company applied blockchain technology to support the traceability of their products worldwide, and the study investigated the benefits of their innovation from the point of view of sustainability. The study also considers the role of oracle management, as it is a critical aspect of a blockchain-based project. Thus, the relationship between the company, the blockchain oracle, and the supervising authority is discussed, offering insight into how sustainable innovations can positively impact supply chain management. This work as a whole aims to shed light on blockchain oracles as an academic area of research, explaining why the study of oracles should be considered the backbone of blockchain literature development

Hardening High-Assurance Security Systems with Trusted Computing

We are living in the time of the digital revolution in which the world we know changes beyond recognition every decade. The positive aspect is that these changes also drive the progress in quality and availability of digital assets crucial for our societies. To name a few examples, these are broadly available communication channels allowing quick exchange of knowledge over long distances, systems controlling automatic share and distribution of renewable energy in international power grid networks, easily accessible applications for early disease detection enabling self-examination without burdening the health service, or governmental systems assisting citizens to settle official matters without leaving their homes. Unfortunately, however, digitalization also opens opportunities for malicious actors to threaten our societies if they gain control over these assets after successfully exploiting vulnerabilities in the complex computing systems building them. Protecting these systems, which are called high-assurance security systems, is therefore of utmost importance. For decades, humanity has struggled to find methods to protect high-assurance security systems. The advancements in the computing systems security domain led to the popularization of hardware-assisted security techniques, nowadays available in commodity computers, that opened perspectives for building more sophisticated defense mechanisms at lower costs. However, none of these techniques is a silver bullet. Each one targets particular use cases, suffers from limitations, and is vulnerable to specific attacks. I argue that some of these techniques are synergistic and help overcome limitations and mitigate specific attacks when used together. My reasoning is supported by regulations that legally bind high-assurance security systems' owners to provide strong security guarantees. These requirements can be fulfilled with the help of diverse technologies that have been standardized in the last years. In this thesis, I introduce new techniques for hardening high-assurance security systems that execute in remote execution environments, such as public and hybrid clouds. I implemented these techniques as part of a framework that provides technical assurance that high-assurance security systems execute in a specific data center, on top of a trustworthy operating system, in a virtual machine controlled by a trustworthy hypervisor or in strong isolation from other software. I demonstrated the practicality of my approach by leveraging the framework to harden real-world applications, such as machine learning applications in the eHealth domain. The evaluation shows that the framework is practical. It induces low performance overhead (<6%), supports software updates, requires no changes to the legacy application's source code, and can be tailored to individual trust boundaries with the help of security policies. The framework consists of a decentralized monitoring system that offers better scalability than traditional centralized monitoring systems. Each monitored machine runs a piece of code that verifies that the machine's integrity and geolocation conform to the given security policy. This piece of code, which serves as a trusted anchor on that machine, executes inside the trusted execution environment, i.e., Intel SGX, to protect itself from the untrusted host, and uses trusted computing techniques, such as trusted platform module, secure boot, and integrity measurement architecture, to attest to the load-time and runtime integrity of the surrounding operating system running on a bare metal machine or inside a virtual machine. The trusted anchor implements my novel, formally proven protocol, enabling detection of the TPM cuckoo attack. The framework also implements a key distribution protocol that, depending on the individual security requirements, shares cryptographic keys only with high-assurance security systems executing in the predefined security settings, i.e., inside the trusted execution environments or inside the integrity-enforced operating system. Such an approach is particularly appealing in the context of machine learning systems where some algorithms, like the machine learning model training, require temporal access to large computing power. These algorithms can execute inside a dedicated, trusted data center at higher performance because they are not limited by security features required in the shared execution environment. The evaluation of the framework showed that training of a machine learning model using real-world datasets achieved 0.96x native performance execution on the GPU and a speedup of up to 1560x compared to the state-of-the-art SGX-based system. Finally, I tackled the problem of software updates, which makes the operating system's integrity monitoring unreliable due to false positives, i.e., software updates move the updated system to an unknown (untrusted) state that is reported as an integrity violation. I solved this problem by introducing a proxy to a software repository that sanitizes software packages so that they can be safely installed. The sanitization consists of predicting and certifying the future (after the specific updates are installed) operating system's state. The evaluation of this approach showed that it supports 99.76% of the packages available in Alpine Linux main and community repositories. The framework proposed in this thesis is a step forward in verifying and enforcing that high-assurance security systems execute in an environment compliant with regulations. I anticipate that the framework might be further integrated with industry-standard security information and event management tools as well as other security monitoring mechanisms to provide a comprehensive solution hardening high-assurance security systems