30,006 research outputs found
Transparent code authentication at the processor level
The authors present a lightweight authentication mechanism that verifies the authenticity of code and thereby addresses the virus and malicious code problems at the hardware level eliminating the need for trusted extensions in the operating system. The technique proposed tightly integrates the authentication mechanism into the processor core. The authentication latency is hidden behind the memory access latency, thereby allowing seamless on-the-fly authentication of instructions. In addition, the proposed authentication method supports seamless encryption of code (and static data). Consequently, while providing the software users with assurance for authenticity of programs executing on their hardware, the proposed technique also protects the software manufacturersâ intellectual property through encryption. The performance analysis shows that, under mild assumptions, the presented technique introduces negligible overhead for even moderate cache sizes
The system architecture of the Pocket Companion
In the Moby Dick project we design the architecture of a so-called Pocket Companion. It is a small personal portable computer with wireless communication facilities for every day use. The typical use of the Pocket Companion induces a number of requirements concerning security, performance, energy consumption, communication and size. We have shown that these requirements are interrelated and can only be met optimal with one single architecture. The Pocket Companion architecture consists of a central switch with a security module surrounded by several modules. The Pocket Companion is a personal machine. Communication, and particularly wireless communication, is essential for the system to support electronic transactions. Such a system requires a good security infrastructure not only for safeguarding personal data, but also to allow safe (financial) transactions. The integration of a security module in the Pocket Companion architecture provides the basis for a secure environment.\ud
Because battery life is limited and battery weight is an important factor for the size and the weight of the Pocket Companion, energy consumption plays a crucial role in the architecture. An important theme of the architecture is: enough performance for minimal energy consumption
BlockChain: A distributed solution to automotive security and privacy
Interconnected smart vehicles offer a range of sophisticated services that
benefit the vehicle owners, transport authorities, car manufacturers and other
service providers. This potentially exposes smart vehicles to a range of
security and privacy threats such as location tracking or remote hijacking of
the vehicle. In this article, we argue that BlockChain (BC), a disruptive
technology that has found many applications from cryptocurrencies to smart
contracts, is a potential solution to these challenges. We propose a BC-based
architecture to protect the privacy of the users and to increase the security
of the vehicular ecosystem. Wireless remote software updates and other emerging
services such as dynamic vehicle insurance fees, are used to illustrate the
efficacy of the proposed security architecture. We also qualitatively argue the
resilience of the architecture against common security attacks
CyberGuarder: a virtualization security assurance architecture for green cloud computing
Cloud Computing, Green Computing, Virtualization, Virtual Security Appliance, Security Isolation
C-FLAT: Control-FLow ATtestation for Embedded Systems Software
Remote attestation is a crucial security service particularly relevant to
increasingly popular IoT (and other embedded) devices. It allows a trusted
party (verifier) to learn the state of a remote, and potentially
malware-infected, device (prover). Most existing approaches are static in
nature and only check whether benign software is initially loaded on the
prover. However, they are vulnerable to run-time attacks that hijack the
application's control or data flow, e.g., via return-oriented programming or
data-oriented exploits. As a concrete step towards more comprehensive run-time
remote attestation, we present the design and implementation of Control- FLow
ATtestation (C-FLAT) that enables remote attestation of an application's
control-flow path, without requiring the source code. We describe a full
prototype implementation of C-FLAT on Raspberry Pi using its ARM TrustZone
hardware security extensions. We evaluate C-FLAT's performance using a
real-world embedded (cyber-physical) application, and demonstrate its efficacy
against control-flow hijacking attacks.Comment: Extended version of article to appear in CCS '16 Proceedings of the
23rd ACM Conference on Computer and Communications Securit
- âŠ