Remote monitoring of industrial frequency converters

Frequency converters are sometimes mounted at places, in which they have the most processing power of the surrounding devices. Often the remote monitoring of frequency converters has been implemented in an external programmable logic controller PC which is connected to the Internet. Sometimes it is not reasonable to use an extra computer at the location, which means the remote connection should be directly connectible to the frequency converter. This master’s thesis studies the possibility to use SOAP for a remote connection, established from the frequency converter to an external database server. The objective is to create a remote monitoring connection which is easily deployable for the end user. The implementation considers compatibility issues with firewalls, proxy servers and NAT routers.fi=Opinnäytetyö kokotekstinä PDF-muodossa.|en=Thesis fulltext in PDF format.|sv=Lärdomsprov tillgängligt som fulltext i PDF-format

Open-TEE - An Open Virtual Trusted Execution Environment

Hardware-based Trusted Execution Environments (TEEs) are widely deployed in mobile devices. Yet their use has been limited primarily to applications developed by the device vendors. Recent standardization of TEE interfaces by GlobalPlatform (GP) promises to partially address this problem by enabling GP-compliant trusted applications to run on TEEs from different vendors. Nevertheless ordinary developers wishing to develop trusted applications face significant challenges. Access to hardware TEE interfaces are difficult to obtain without support from vendors. Tools and software needed to develop and debug trusted applications may be expensive or non-existent. In this paper, we describe Open-TEE, a virtual, hardware-independent TEE implemented in software. Open-TEE conforms to GP specifications. It allows developers to develop and debug trusted applications with the same tools they use for developing software in general. Once a trusted application is fully debugged, it can be compiled for any actual hardware TEE. Through performance measurements and a user study we demonstrate that Open-TEE is efficient and easy to use. We have made Open- TEE freely available as open source.Comment: Author's version of article to appear in 14th IEEE International Conference on Trust, Security and Privacy in Computing and Communications, TrustCom 2015, Helsinki, Finland, August 20-22, 201

Using a virtual machine to protect sensitive Grid resources

Most Grid systems rely on their operating systems (OSs) to protect their sensitive files and networks. Unfortunately, modern OSs are very complex and it is difficult to completely avoid intrusions. Once intruders compromise the OS and gain system privilege, they can easily disable or bypass the OS security protections. This paper proposes a secure virtual Grid system, SVGrid, to protect sensitive system resources. SVGrid works by isolating Grid applications in Grid virtual machines. The Grid virtual machines' filesystem and network services are moved into a dedicated monitor virtual machine. All file and network accesses are forced to go through this monitor virtual machine, where SVGrid checks request parameters and only accepts the requests that comply with security rules. Because SVGrid enforces security policy in the isolated monitor virtual machine, it can continue to protect sensitive files and networks even if a Grid virtual machine is compromised. We tested SVGrid against attacks on Grid virtual machines. SVGrid was able to prevent all of them from accessing files and networks maliciously. We also evaluated the performance of SVGrid and found that performance cost was reasonable considering the security benefits of SVGrid. Furthermore, the experimental results show that the virtual remote procedure call mechanism proposed in this paper significantly improves system performance. Copyright © 2006 John Wiley & Sons, Ltd.Peer Reviewedhttp://deepblue.lib.umich.edu/bitstream/2027.42/56163/1/1134_ftp.pd

SECURING USER INTERACTION CHANNELS ON MOBILE PLATFORM USING ARM TRUSTZONE

Smartphones have become an essential part of our lives, and are used daily forimportant tasks like banking, shopping, and making phone calls. Smartphones provide several interaction channels which can be affected by a compromised mobile OS. This dissertation focuses on the user interaction channels of UI input and audio I/O. The security of the software running on smartphones has become more critical because of widespread smartphone usage. A technology called TEE (Trusted Execution Environment) has been introduced to help protect users in the event of OS compromise, with the most commonly deployed TEE on mobile devices being ARM TrustZone. This dissertation utilizes ARM TrustZone to provide secure design for user interactionchannels of UI input (called Truz-UI) and Audio I/O for VoIP calls (called Truz-Call). The primary goal is to ensure that the design is transparent to mobile applications. During research based on TEE, one of the important challenges that is encountered is the ability to prototype a secure design. In TEE research one often needs to interface hardware peripherals with the TEE OS, which can be challenging for non-hardware experts, depending on the available support from the TEE OS vendor. This dissertation discusses a simulation based approach (called Truz-Sim) that reduces setup time and hardware experience required to build a hardware environment for TEE prototyping

Generic Patterns for Intrusion Detection Systems in Service-Oriented Automotive and Medical Architectures

To implement new software functions and more flexible updates in the future as well as to provide cloud-based functionality, the service-oriented architecture (SOA) paradigm is increasingly being integrated into automotive electrical and electronic architecture (E/E architectures). In addition to the automotive industry, the medical industry is also researching SOA-based solutions to increase the interoperability of devices (vendor-independent). The resulting service-oriented communication is no longer fully specified during design time, which affects information security measures. In this paper, we compare different SOA protocols for the automotive and medical fields. Furthermore, we explain the underlying communication patterns and derive features for the development of an SOA-based Intrusion Detection System (IDS)