Formal analysis of security models for mobile devices, virtualization platforms and domain name systems

En esta tesis investigamos la seguridad de aplicaciones de seguridad criticas, es decir aplicaciones en las cuales una falla podria producir consecuencias inaceptables. Consideramos tres areas: dispositivos moviles, plataformas de virtualizacion y sistemas de nombres de dominio. La plataforma Java Micro Edition define el Perfil para Dispositivos de Informacion Moviles (MIDP) para facilitar el desarrollo de aplicaciones para dispositivos moviles, como telefonos celulares y asistentes digitales personales. En este trabajo primero estudiamos y comparamos formalmente diversas variantes del modelo de seguridad especificado por MIDP para acceder a recursos sensibles de un dispositivo movil. Los hipervisores permiten que multiples sistemas operativos se ejecuten en un hardware compartido y ofrecen un medio para establecer mejoras de seguridad y flexibilidad de sistemas de software. En esta tesis formalizamos un modelo de hipervisor y establecemos (formalmente) que el hipervisor asegura propiedades de aislamiento entre los diferentes sistemas operativos de la plataforma, y que las solicitudes de estos sistemas son atendidas siempre. Demostramos tambien que las plataformas virtualizadas son transparentes, es decir, que un sistema operativo no puede distinguir si ejecuta solo en la plataforma o si lo hace junto con otros sistemas operativos. Las Extensiones de Seguridad para el Sistema de Nombres de Dominio (DNSSEC) constituyen un conjunto de especificaciones que proporcionan servicios de aseguramiento de autenticacion e integridad de origen de datos DNS. Finalmente, presentamos una especificaci´on minimalista de un modelo de DNSSEC que proporciona los fundamentos necesarios para formalmente establecer y verificar propiedades de seguridad relacionadas con la cadena de confianza del arbol de DNSSEC. Desarrollamos todas nuestras formalizaciones en el C´alculo de Construccion

Defense in Depth of Resource-Constrained Devices

The emergent next generation of computing, the so-called Internet of Things (IoT), presents significant challenges to security, privacy, and trust. The devices commonly used in IoT scenarios are often resource-constrained with reduced computational strength, limited power consumption, and stringent availability requirements. Additionally, at least in the consumer arena, time-to-market is often prioritized at the expense of quality assurance and security. An initial lack of standards has compounded the problems arising from this rapid development. However, the explosive growth in the number and types of IoT devices has now created a multitude of competing standards and technology silos resulting in a highly fragmented threat model. Tens of billions of these devices have been deployed in consumers\u27 homes and industrial settings. From smart toasters and personal health monitors to industrial controls in energy delivery networks, these devices wield significant influence on our daily lives. They are privy to highly sensitive, often personal data and responsible for real-world, security-critical, physical processes. As such, these internet-connected things are highly valuable and vulnerable targets for exploitation. Current security measures, such as reactionary policies and ad hoc patching, are not adequate at this scale. This thesis presents a multi-layered, defense in depth, approach to preventing and mitigating a myriad of vulnerabilities associated with the above challenges. To secure the pre-boot environment, we demonstrate a hardware-based secure boot process for devices lacking secure memory. We introduce a novel implementation of remote attestation backed by blockchain technologies to address hardware and software integrity concerns for the long-running, unsupervised, and rarely patched systems found in industrial IoT settings. Moving into the software layer, we present a unique method of intraprocess memory isolation as a barrier to several prevalent classes of software vulnerabilities. Finally, we exhibit work on network analysis and intrusion detection for the low-power, low-latency, and low-bandwidth wireless networks common to IoT applications. By targeting these areas of the hardware-software stack, we seek to establish a trustworthy system that extends from power-on through application runtime

Digital document imaging systems: An overview and guide

This is an aid to NASA managers in planning the selection of a Digital Document Imaging System (DDIS) as a possible solution for document information processing and storage. Intended to serve as a manager's guide, this document contains basic information on digital imaging systems, technology, equipment standards, issues of interoperability and interconnectivity, and issues related to selecting appropriate imaging equipment based upon well defined needs

Third International Symposium on Space Mission Operations and Ground Data Systems, part 2

Under the theme of 'Opportunities in Ground Data Systems for High Efficiency Operations of Space Missions,' the SpaceOps '94 symposium included presentations of more than 150 technical papers spanning five topic areas: Mission Management, Operations, Data Management, System Development, and Systems Engineering. The symposium papers focus on improvements in the efficiency, effectiveness, and quality of data acquisition, ground systems, and mission operations. New technology, methods, and human systems are discussed. Accomplishments are also reported in the application of information systems to improve data retrieval, reporting, and archiving; the management of human factors; the use of telescience and teleoperations; and the design and implementation of logistics support for mission operations. This volume covers expert systems, systems development tools and approaches, and systems engineering issues

Industrial networks and IIoT: Now and future trends

Connectivity is the one word summary for Industry 4.0 revolution. The importance of Internet of Things (IoT) and Industrial IoT (IIoT) have been increased dramatically with the rise of industrialization and industry 4.0. As new opportunities bring their own challenges, with the massive interconnected devices of the IIoT, cyber security of those networks and privacy of their users have become an important aspect. Specifically, intrusion detection for industrial networks (IIoT) has great importance. For instance, it is a key factor in improving the safe operation of the smart grid systems yet protecting the privacy of the consumers at the same time. In the same manner, data streaming is a valid option when the analysis is to be pushed from the cloud to the fog for industrial networks to provide agile response, since it brings the advantage of fast action on intrusion detection and also can buy time for intrusion mitigation. In order to dive deep in industrial networks, basic ground needs to be settled. Hence, this chapter serves in this manner, by presenting basic and emerging technologies along with ideas and discussions: First, an introduction of semiconductor evolution is provided along with the up-to-date hi-tech wired/wireless communication solutions for industrial networks. This is followed by a thorough representation of future trends in industrial environments. More importantly, enabling technologies for industrial networks is also presented. Finally, the chapter is concluded with a summary of the presentations along with future projections of IIoT networks

Towards a General Framework for Digital Rights Management (DRM)

Digital rights management (DRM) can be defined as a technology that enables persistent access control. The common understanding of DRM is that of a technology that enables means to thwart piracy of digital multimedia through limiting how the media is used by the consumer. It can be observed that many of these restrictions can be applied to any type of data. Therefore, it should be possible to create a two part DRM system -- a common DRM system that enforces the basic access controls (such as read, write and execute) and an application specific DRM system that enforces the application specific access controls (such as print and play). The aim of this dissertation is to create such a framework for distribution independent DRM systems. Most vendors promote DRM as a copyright protection mechanism, and thus consumers expect a number of rights that are allowed by copyright legislation, but which are not available for the DRM protected media. However, DRM is not an enforcement of copyright law, but rather an enforcement of a licensing regime. Thus, there is incorrect (and possibly false) marketing of DRM enabled media from the vendors of DRM enabled media, leading to dissatisfied consumers. We think that one of the main reasons for the current situation, is that there is no defined legal framework governing the operation of DRM systems. In this dissertation, we address this gap, by developing a legal framework for DRM systems as one of the components of our DRM framework. Negotiation can be defined as the process which leads to the conclusion of a contract. Since DRM is the enforcement of licensing agreements, there is a need to cater for negotiation protocols in DRM systems. Negotiations provide the consumer with the power to request different rights packages, especially when consumers have a legitimate need for rights not granted normally to other consumers (for example, disabled consumers have needs that may not be met with standard rights set). Negotiations also allow the possibility for the licensors to extract the maximum value from the consumers. For this reason, the inclusion of negotiation protocols in DRM systems can become a powerful tool, and in this dissertation we present the first negotiation protocols for DRM systems. Even though the definition of DRM as an access control model has existed since at least 2002, there has been no formal description of DRM as an access control model. Thus, there are no formal models for any of the rights expression languages which express DRM access control policies, and various authors have commented on ambiguities present in interpretation and enforcement of licenses expressed in these languages -- a result of a lack of formal definition of these languages. In this dissertation, we develop a formal model for a Licensing Rights Expression Language (LiREL), which is designed to provide a mechanism to express access control policies which are also sound legal license documents. Our formal model also discusses the enforcement of the access control policies, and is thus the first formal model for DRM as a mechanism for access control. Access control is a two part process: authentication of the parties involved and authorisation of the parties to access the resources. Authorisation in DRM provides some unique challenges: there is a need to support multiple platforms, without guaranteed network connectivity and minimal trust between the parties involved. For this reason, the associated authentication framework becomes more complex. While many access control models define user management as part of their model, we have taken a different approach, and removed user management from the core DRM system. Instead, our authorisation process requires a trusted verification of the user's credentials and then decides on the access control request. For this reason, our user authentication framework is ticket based, and shares similarities to Kerberos tickets. DRM also requires a strong data identity management. However, all the current identity systems for data do not provide verification service for data identity. For this reason, we developed Verifiable Digital Object Identity (VDOI) System, to address this gap. These components are combined towards a general framework for digital rights management that advances the understanding, organisation and implementation of DRM compared to approaches or solutions which are currently available