Secure Method Invocation in JASON

We describe the Secure Method Invocation (SMI) framework implemented for Jason, our Javacard As Secure Objects Networks platform. Jason realises the secure object store paradigm, that reconciles the card-as-storage-element and card-as-processing-element views. In this paradigm, smart cards are viewed as secure containers for objects, whose methods can be called straightforwardly and securely using SMI. Jason is currently being developed as a middleware layer that securely interconnects an arbitrary number of smart cards, terminals and back-office systems over the Internet

Secure Communication over 1-2-1 Networks

This paper starts by assuming a 1-2-1 network, the abstracted noiseless model of mmWave networks that was shown to closely approximate the Gaussian capacity in [1], and studies secure communication. First, the secure capacity is derived for 1-2-1 networks where a source is connected to a destination through a network of unit capacity links. Then, lower and upper bounds on the secure capacity are derived for the case when source and destination have more than one beam, which allow them to transmit and receive in multiple directions at a time. Finally, secure capacity results are presented for diamond 1-2-1 networks when edges have different capacities.Comment: Submitted for ISIT 201

Overcenter collet space station truss fastener

A quick-connect fastener is arranged with a tubular body that is arranged to be engaged against the exterior surface of a hollow attachment fitting and coincidentally aligned with an opening in the fitting. A collet having normally-contracted fingers with outwardly-enlarged ends is operatively arranged in the body to be moved forwardly by an expander member mounted in the tubular body for advancing the collet fingers through the opening in the attachment fitting. Biasing means are arranged between the expander member and a toggle linkage in the tubular body which is selectively operated to urge the expander member forwardly into engagement with the collet fingers with an initial biasing force to advance their forward portions through the body opening and then expand them outwardly. The biasing means also provide a subsequent biasing force for retaining the collet members in their expanded positions once their enlarged forward end portions are on the opposite side of the body

Deploying Virtual Machines on Shared Platforms

In this report, we describe mechanisms for secure deployment of virtual machines on shared platforms looking into a telecommunication cloud use case, which is also presented in this report. The architecture we present focuses on the security requirements of the major stakeholders’ part of the scenario we present. This report comprehensively covers all major security aspects including different security mechanisms and protocols, leveraging existing standards and state-of-the art wherever applicable. In particular, our architecture uses TCG technologies for trust establishment in the deployment of operator virtual machines on shared resource platforms. We also propose a novel procedure for securely launching and cryptographically binding a virtual machine to a target platform thereby protecting the operator virtual machine and its related credentials

ARIES WP3 – Needs and Requirements Analyses

Information and communication technologies have increasingly influenced and changed our daily life. They allow global connectivity and easy access to distributed applications and digital services over the Internet. This report analysis security requirements on trust establishment and trust evaluation based on two different use case scenarios: "Trusted Communication using COTS" and "Trust Establishment for Cross-organizational Crises Management". A systematic needs analysis is performed on both scenarios which haver resulted in a large and well documented set of requirements. This is the first step in a large effort to define a security architecture for the two use case scenarios.

User-Relative Names for Globally Connected Personal Devices

Nontechnical users who own increasingly ubiquitous network-enabled personal devices such as laptops, digital cameras, and smart phones need a simple, intuitive, and secure way to share information and services between their devices. User Information Architecture, or UIA, is a novel naming and peer-to-peer connectivity architecture addressing this need. Users assign UIA names by "introducing" devices to each other on a common local-area network, but these names remain securely bound to their target as devices migrate. Multiple devices owned by the same user, once introduced, automatically merge their namespaces to form a distributed "personal cluster" that the owner can access or modify from any of his devices. Instead of requiring users to allocate globally unique names from a central authority, UIA enables users to assign their own "user-relative" names both to their own devices and to other users. With UIA, for example, Alice can always access her iPod from any of her own personal devices at any location via the name "ipod", and her friend Bob can access her iPod via a relative name like "ipod.Alice".Comment: 7 pages, 1 figure, 1 tabl