248,094 research outputs found
ScaRR: Scalable Runtime Remote Attestation for Complex Systems
The introduction of remote attestation (RA) schemes has allowed academia and
industry to enhance the security of their systems. The commercial products
currently available enable only the validation of static properties, such as
applications fingerprint, and do not handle runtime properties, such as
control-flow correctness. This limitation pushed researchers towards the
identification of new approaches, called runtime RA. However, those mainly work
on embedded devices, which share very few common features with complex systems,
such as virtual machines in a cloud. A naive deployment of runtime RA schemes
for embedded devices on complex systems faces scalability problems, such as the
representation of complex control-flows or slow verification phase.
In this work, we present ScaRR: the first Scalable Runtime Remote attestation
schema for complex systems. Thanks to its novel control-flow model, ScaRR
enables the deployment of runtime RA on any application regardless of its
complexity, by also achieving good performance. We implemented ScaRR and tested
it on the benchmark suite SPEC CPU 2017. We show that ScaRR can validate on
average 2M control-flow events per second, definitely outperforming existing
solutions.Comment: 14 page
Towards Intelligent Databases
This article is a presentation of the objectives and techniques
of deductive databases. The deductive approach to databases aims at extending
with intensional definitions other database paradigms that describe
applications extensionaUy. We first show how constructive specifications can
be expressed with deduction rules, and how normative conditions can be defined
using integrity constraints. We outline the principles of bottom-up and
top-down query answering procedures and present the techniques used for
integrity checking. We then argue that it is often desirable to manage with
a database system not only database applications, but also specifications of
system components. We present such meta-level specifications and discuss
their advantages over conventional approaches
Beyond OAIS : towards a reliable and consistent digital preservation implementation framework
Current work in digital preservation (DP) is dominated by the "Open Archival Information System" (OAIS) reference framework specified by the international standard ISO 14721:2003. This is a useful aid to understanding the concepts, main functional components and the basic data flows within a DP system, but does not give specific guidance on implementation-level issues. In this paper we suggest that there is a need for a reference architecture which goes beyond OAIS to address such implementationlevel issues - to specify minimum requirements in respect of the policies, processes, and metadata required to measure and validate repository trustworthiness in respect of the authenticity, integrity, renderability, meaning, and retrievability of the digital materials preserved. The suggestion is not that a particular way of implementing OAIS be specified, but, rather that general guidelines on implementation are required if the term 'OAIS-compliant' is to be meaningful in the sense of giving an assurance of attaining and maintaining an operationally adequate or better level of long-term reliability, consistency, and crosscompatibility in implemented DP systems that is measurable, verifiable, manageable, and (as far as possible) futureproofed
SEABASS: Symmetric-keychain Encryption and Authentication for Building Automation Systems
There is an increasing security risk in Building Automation Systems (BAS) in that its communication is unprotected, resulting in the adversary having the capability to inject spurious commands to the actuators to alter the behaviour of BAS. The communication between the Human-Machine-Interface (HMI) and the controller (PLC) is vulnerable as there is no secret key being used to protect the authenticity, confidentiality and integrity of the sensor data and commands.
We propose SEABASS, a lightweight key management scheme to distribute and manage session keys between HMI and PLCs, providing a secure communication channel between any two communicating devices in BAS through a symmetric-key based hash-chain encryption and authentication of message exchange. Our scheme facilitates automatic renewal of session keys periodically based on the use of a reversed hash-chain. A prototype was implemented using the BACnet/IP communication protocol and the preliminary results show that the symmetric keychain approach is lightweight and incurs low latency
Recommended from our members
Generating citizen trust in e-government using a trust verification agent: A research note
Generating Citizen Trust in e-Government using a Trust Verification AgentThis is an eGISE network paper. It is motivated by a concern about the extent to which trust issues inhibit a citizenâs take-up of online public sector services or engagement with public decision and
policy making. A citizenâs decision to use online systems is influenced by their willingness to trust the environment and agency involved. This project addresses one aspect of individual âtrustâ decisions by
providing support for citizens trying to evaluate the implications of the security infrastructure provided by the agency. Based on studies of the way both groups (citizens and agencies) express their concerns and concepts in the security area, the project will develop a software tool â a trust
verification agent (TVA) - that can take an agencyâs security statements (or security audit) and infer how effectively this meets the security concerns of a particular citizen. This will enable citizens to state
their concerns and obtain an evaluation of the agencyâs provision in appropriate âcitizen friendlyâ language. Further, by employing rule-based expert systems techniques the TVA will also be able to explain its evaluation.Engineering and Physical Sciences Research Council, UK (grant GR/T27020/01
Recommended from our members
A survey study of steering wheel vibration and sound in automobiles at idle
Copyright @ 2009 Engineering Integrity SocietyThis work is supported by Shell Global Solutions UK for their sponsorship of this research as part of the activities of the EFII3 project
Recommended from our members
Generating citizen trust in e-government using a trust verification agent: A research note
Generating Citizen Trust in e-Government using a Trust Verification AgentThis is an eGISE network paper. It is motivated by a concern about the extent to which trust issues inhibit a citizenâs take-up of online public sector services or engagement with public decision and policy making. A citizenâs decision to use online systems is influenced by their willingness to trust the environment and agency involved. This project addresses one aspect of individual âtrustâ decisions by
providing support for citizens trying to evaluate the implications of the security infrastructure provided by the agency. Based on studies of the way both groups (citizens and agencies) express their concerns and concepts in the security area, the project will develop a software tool â a trust
verification agent (TVA) - that can take an agencyâs security statements (or security audit) and infer how effectively this meets the security concerns of a particular citizen. This will enable citizens to state
their concerns and obtain an evaluation of the agencyâs provision in appropriate âcitizen friendlyâ
language. Further, by employing rule-based expert systems techniques the TVA will also be able to explain its evaluation.Engineering and Physical Sciences Research Council-UK (grant GR/T27020/01
- âŠ