3,854 research outputs found
Systems Support for Trusted Execution Environments
Cloud computing has become a default choice for data processing by both large corporations and individuals due to its economy of scale and ease of system management. However, the question of trust and trustoworthy computing inside the Cloud environments has been long neglected in practice and further exacerbated by the proliferation of AI and its use for processing of sensitive user data. Attempts to implement the mechanisms for trustworthy computing in the cloud have previously remained theoretical due to lack of hardware primitives in the commodity CPUs, while a combination of Secure Boot, TPMs, and virtualization has seen only limited adoption. The situation has changed in 2016, when Intel introduced the Software Guard Extensions (SGX) and its enclaves to the x86 ISA CPUs: for the first time, it became possible to build trustworthy applications relying on a commonly available technology. However, Intel SGX posed challenges to the practitioners who discovered the limitations of this technology, from the limited support of legacy applications and integration of SGX enclaves into the existing system, to the performance bottlenecks on communication, startup, and memory utilization. In this thesis, our goal is enable trustworthy computing in the cloud by relying on the imperfect SGX promitives. To this end, we develop and evaluate solutions to issues stemming from limited systems support of Intel SGX: we investigate the mechanisms for runtime support of POSIX applications with SCONE, an efficient SGX runtime library developed with performance limitations of SGX in mind. We further develop this topic with FFQ, which is a concurrent queue for SCONE's asynchronous system call interface. ShieldBox is our study of interplay of kernel bypass and trusted execution technologies for NFV, which also tackles the problem of low-latency clocks inside enclave. The two last systems, Clemmys and T-Lease are built on a more recent SGXv2 ISA extension. In Clemmys, SGXv2 allows us to significantly reduce the startup time of SGX-enabled functions inside a Function-as-a-Service platform. Finally, in T-Lease we solve the problem of trusted time by introducing a trusted lease primitive for distributed systems. We perform evaluation of all of these systems and prove that they can be practically utilized in existing systems with minimal overhead, and can be combined with both legacy systems and other SGX-based solutions. In the course of the thesis, we enable trusted computing for individual applications, high-performance network functions, and distributed computing framework, making a <vision of trusted cloud computing a reality
Data security in European healthcare information systems
This thesis considers the current requirements for data security in European healthcare systems and
establishments. Information technology is being increasingly used in all areas of healthcare
operation, from administration to direct care delivery, with a resulting dependence upon it by
healthcare staff. Systems routinely store and communicate a wide variety of potentially sensitive
data, much of which may also be critical to patient safety. There is consequently a significant
requirement for protection in many cases.
The thesis presents an assessment of healthcare security requirements at the European level, with a
critical examination of how the issue has been addressed to date in operational systems. It is
recognised that many systems were originally implemented without security needs being properly
addressed, with a consequence that protection is often weak and inconsistent between establishments.
The overall aim of the research has been to determine appropriate means by which security may be
added or enhanced in these cases.
The realisation of this objective has included the development of a common baseline standard for
security in healthcare systems and environments. The underlying guidelines in this approach cover
all of the principal protection issues, from physical and environmental measures to logical system
access controls. Further to this, the work has encompassed the development of a new protection
methodology by which establishments may determine their additional security requirements (by
classifying aspects of their systems, environments and data). Both the guidelines and the
methodology represent work submitted to the Commission of European Communities SEISMED
(Secure Environment for Information Systems in MEDicine) project, with which the research
programme was closely linked.
The thesis also establishes that healthcare systems can present significant targets for both internal
and external abuse, highlighting a requirement for improved logical controls. However, it is also
shown that the issues of easy integration and convenience are of paramount importance if security is
to be accepted and viable in practice. Unfortunately, many traditional methods do not offer these
advantages, necessitating the need for a different approach.
To this end, the conceptual design for a new intrusion monitoring system was developed, combining
the key aspects of authentication and auditing into an advanced framework for real-time user
supervision. A principal feature of the approach is the use of behaviour profiles, against which user
activities may be continuously compared to determine potential system intrusions and anomalous
events.
The effectiveness of real-time monitoring was evaluated in an experimental study of keystroke
analysis -a behavioural biometric technique that allows an assessment of user identity from their
typing style. This technique was found to have significant potential for discriminating between
impostors and legitimate users and was subsequently incorporated into a fully functional security
system, which demonstrated further aspects of the conceptual design and showed how transparent
supervision could be realised in practice.
The thesis also examines how the intrusion monitoring concept may be integrated into a wider
security architecture, allowing more comprehensive protection within both the local healthcare
establishment and between remote domains.Commission of European Communities
SEISMED proje
Hardware Implementation of an Enhanced Securityand Authentication-Related Automotive CAN Bus Prototype
In this paper a new security technique aiming to ensure safe and reliable communications between different nodes on an automotive Controller Area Network (CAN) is presented. The proposed method relies on a robust authentication code using Blake-3 as a hash algorithm within an adapted structure that includes a monitor node. A prototype is implemented and run effectively to perform hardware simulations of real case-based security problems of automotive embedded CAN systems. As a result, data transfer can take place on a newly enhanced CAN bus according to the standard protocol without being intercepted nor tampered with by unauthorized parties thereby highlighting the effectiveness of the proposed technique
Application-based authentication on an inter-VM traffic in a Cloud environment
Cloud Computing (CC) is an innovative computing model in which resources are provided as a service over the Internet, on an as-needed basis. It is a large-scale distributed computing paradigm that is driven by economies of scale, in which a pool of abstracted, virtualized, dynamically-scalable, managed computing power, storage, platforms, and services are delivered on demand to external customers over the Internet. Since cloud is often enabled by virtualization and share a common attribute, that is, the allocation of resources, applications, and even OSs, adequate safeguards and security measures are essential. In fact, Virtualization creates new targets for intrusion due to the complexity of access and difficulty in monitoring all interconnection points between systems, applications, and data sets. This raises many questions about the appropriate infrastructure, processes, and strategy for enacting detection and response to intrusion in a Cloud environment. Hence, without strict controls put in place within the Cloud, guests could violate and bypass security policies, intercept unauthorized client data, and initiate or become the target of security attacks. This article shines the light on the issues of security within Cloud Computing, especially inter-VM traffic visibility. In addition, the paper lays the proposition of an Application Based Security (ABS) approach in order to enforce an application-based authentication between VMs, through various security mechanisms, filtering, structures, and policies
Computer security in an educational environment.
Massachusetts Institute of Technology, Alfred P. Sloan School of Management. Thesis. 1973. M.S.MICROFICHE COPY ALSO AVAILABLE IN DEWEY LIBRARY.Includes bibliographical references.M.S
Recommended from our members
A survey on security issues and solutions at different layers of Cloud computing
Cloud computing offers scalable on-demand services to consumers with greater flexibility and lesser infrastructure investment. Since Cloud services are delivered using classical network protocols and formats over the Internet, implicit vulnerabilities existing in these protocols as well as threats introduced by newer architectures raise many security and privacy concerns. In this paper, we survey the factors affecting Cloud computing adoption, vulnerabilities and attacks, and identify relevant solution directives to strengthen security and privacy in the Cloud environment
Arm TrustZone: evaluating the diversity of the memory subsystem
Dissertação de mestrado em Engenharia Eletrónica Industrial e ComputadoresThe diversification of the embedded market has led the once single-purpose built embedded
device to become a broader concept that can accommodate more general-purpose solutions,
by widening its hardware and software resources. A huge diversity in system resources and
requirements has boosted the investigation around virtualization technology, which is becoming
prevalent in the embedded systems domain, allowing timing and spatial sharing of hardware and
software resources between specialized subsystems. As strict timing demands imposed in realtime
virtualized systems must be met, coupled with a small margin for the penalties incurred
by conventional software-based virtualization, resort to hardware-assisted solutions has become
indispensable.
Although not a virtualization but security-oriented technology, Arm TrustZone is seen by many
as a reliable hardware-based virtualization alternative, with the low cost and high spread of
TrustZone-enabled processors standing as strong arguments for its acceptance. But, since Trust-
Zone only dictates the hardware infrastructure foundations, providing SoC designers with a range
of components that can fulfil specific functions, several key-components and subsystems of this
technology are implementation defined. This approach may hinder a system designer’s work, as
it may impair and make the portability of system software a lot more complicated.
As such, this thesis proposes to examine how different manufacturers choose to work with
the TrustZone architecture, and how the changes introduced by this technology may affect the
security and performance of TrustZone-assisted virtualization solutions, in order to scale back
those major constraints. It identifies the main properties that impact the creation and execution
of system software and points into what may be the most beneficial approaches for developing
and using TrustZone-assisted hardware and software.A recente metamorfose na área dos sistemas embebidos transformou estes dispositivos,
outrora concebidos com um único e simples propósito, num aglomerado de subsistemas prontos
para integrar soluções mais flexíveis. Este aumento de recursos e de requisitos dos sistemas
potenciou a investigação em soluções de virtualização dos mesmos, permitindo uma partilha
simultânea de recursos de hardware e software entre os vários subsistemas. A proliferação destas
soluções neste domínio, onde os tempos de execução têm de ser respeitados e a segurança é
um ponto-chave, tem levado à adoção de técnicas de virtualização assistidas por hardware.
Uma tecnologia que tem vindo a ser utilizada para este fim é a Arm TrustZone, apesar de
inicialmente ter sido desenvolvida como uma tecnologia de proteção, dado a sua maior presença
em placas de médio e baixo custo quando comparada a outras tecnologias. Infelizmente, dado
que a TrustZone apenas fornece diretrizes base sobre as quais os fabricantes podem contruir
os seus sistemas, as especificações da tecnologia divergem de fabricante para fabricante, ou
até entre produtos com a mesma origem. Aliada à geral escassez de informação sobre esta
tecnologia, esta característica pode trazer problemas para a criação e portabilidade de software
de sistema dependente desta tecnologia.
Como tal, a presente tese propõe examinar, de uma forma sistematizada, de que forma diferentes
fabricantes escolhem implementar sistemas baseados na arquitetura TrustZone e em que
medida as mudanças introduzidas por esta tecnologia podem afetar a segurança e desempenho
de soluções de virtualização baseadas na mesma. São identificadas as principais características
que podem influenciar a criação e execução de software de sistema e potenciais medidas para
diminuir o seu impacto, assim como boas práticas a seguir no desenvolvimento na utilização de
software e hardware baseados na TrustZone
Application framework for wireless sensor networks [thesis]
Wireless Sensor Networks (WSNs) are based on innovative technologies that had revolutionized the methods in which we interact with the environment; i.e., through sensing the physical (e.g., fire motion, contact) and chemical (e.g., molecular concentration) properties of the natural surroundings. The hardware in which utilized by WSNs is rapidly evolving into sophisticated platforms that seamlessly integrate with different vendors and protocols (plug-n-play). In this thesis, we propose a WSN framework which provides assistance with monitoring environmental conditions; we focus on three main applications which include: a. Air-quality monitoring, b. Gas-leak detection, and c. Fire sensing. The framework involves four specifications: 1. Over the air programming (OTAP), 2. Network interconnections, 3. Sensors manageability, and 4. Alarm signaling. Their aim is to enhance the internetwork relations between the WSNs and the outside-world (i.e., main users, clients, or audience); by creating a medium in which devices efficiently communicate, independent of location or infrastructure (e.g., Internet), in order to exchange data among networked-objects and their users. Therefore, we propose a WSN-over-IP architecture which provides several renowned services of the Internet; the major functionalities include: live-data streaming (real-time), e-mailing, cloud storage (external servers), and network technologies (e.g., LAN or WLAN). WSNs themselves operate independently of the Internet; i.e., their operation involve unique protocols and specific hardware requirements which are incompatible with common network platforms (e.g., within home network infrastructure). Hybrid technologies are those which support multiple data-communication protocols within a single device; their main capabilities involve seamless integration and interoperability of different hardware vendors. We propose an overall architecture based on hybrid communication technology in which data is transmitted using three types of protocols: 802.11 (Wi-Fi), 802.15.4 and Digimesh (WSN)
Securing Arm Platform: From Software-Based To Hardware-Based Approaches
With the rapid proliferation of the ARM architecture on smart mobile phones and Internet of Things (IoT) devices, the security of ARM platform becomes an emerging problem. In recent years, the number of malware identified on ARM platforms, especially on Android, shows explosive growth. Evasion techniques are also used in these malware to escape from being detected by existing analysis systems.
In our research, we first present a software-based mechanism to increase the accuracy of existing static analysis tools by reassembleable bytecode extraction. Our solution collects bytecode and data at runtime, and then reassemble them offline to help static analysis tools to reveal the hidden behavior in an application.
Further, we implement a hardware-based transparent malware analysis framework for general ARM platforms to defend against the traditional evasion techniques. Our framework leverages hardware debugging features and Trusted Execution Environment (TEE) to achieve transparent tracing and debugging with reasonable overhead.
To learn the security of the involved hardware debugging features, we perform a comprehensive study on the ARM debugging features and summarize the security implications. Based on the implications, we design a novel attack scenario that achieves privilege escalation via misusing the debugging features in inter-processor debugging model.
The attack has raised our concern on the security of TEEs and Cyber-physical System (CPS). For a better understanding of the security of TEEs, we investigate the security of various TEEs on different architectures and platforms, and state the security challenges. A study of the deploying the TEEs on edge platform is also presented. For the security of the CPS, we conduct an analysis on the real-world traffic signal infrastructure and summarize the security problems
- …