Establishing Software Integrity Trust

2010 ◽  
pp. 78-100
Author(s):  
Yongzheng Wu ◽  
Roland H.C. Yap ◽  
Rajiv Ramnath ◽  
Felix Halim
Keyword(s):  
Operating System ◽  
Vulnerability Assessment ◽  
System Security ◽  
Public Key ◽  
Security Measures ◽  
Confidential Data ◽  
Integrity Protection ◽  
Authentication System ◽  
Design Factors ◽  
Microsoft Windows

Malware causes damage by stealing confidential data or making other software unusable. Ensuring software trustworthiness is difficult because malware may disguise itself to appear benign or trusted. This chapter explores the problem of making software more trustworthy through the use of binary integrity mechanisms. The authors review the problem of devising an effective binary integrity protection, and discuss how it complements other operating system security measures. They analyze design factors for binary integrity and compare existing systems. The authors then present a prototype which exemplifies a mandatory binary integrity mechanism and its integration within an operating system. Their system, BinAuth, demonstrates a practical, lightweight in-kernel binary authentication system for Microsoft Windows. A system like BinAuth shows that mandatory authentication is practical on complex commodity operating system like Windows. To deal with various constraints in the user’s environments, BinAuth uses a flexible scheme which does not mandate public key infrastructure (PKI) although it can take advantage of it. The authors also combine the authentication with a simple software-ID scheme which is useful for software management and vulnerability assessment.

scholarly journals Secure message routing in structured peer-to-peer networks

2021 ◽  
Author(s):  
Abdolkarim Hajfarajollah Dabbagh
Keyword(s):  
Public Key Cryptography ◽  
Peer To Peer ◽  
Public Key ◽  
Message Delivery ◽  
Delivery Time ◽  
P2p Networks ◽  
Security Measures ◽  
Message Routing ◽  
Security Issues ◽  
Identity Based

"Due to the lack of a centralized server in “Peer-to-Peer” (P2P) networks, users are responsible for the security of these networks. One of the security issues in P2P networks is the security of the message routing. Messages could be altered or modified by attackers while being routed. The conventional security method to avoid this has been “Public Key Cryptography” (PKC). To avoid the certificate management issue in PKC, “Identity-based Encryption” (IBE) has been suggested in which any arbitrary string could be used as a public key. Since IBE is a computationally expensive method, current proposed IBE-based methods are not effective in the message routing phase in P2P networks and highly affect the performance of message delivery time in these networks. This thesis proposes two IBE-based protocols that can be applied effectively to the message routing phase of structured P2P networks, yet provide a satisfactory message delivery time performance. Both protocols benefit from Identity-based key exchange scheme and, therefore, none of them impose any extra communication on the network to secure message routing. Protocol 1 significantly improves the performance of message delivery time compared to the current IBE-based proposed methods. Protocol 2, which requires nodes to store data, has a performance similar to the situations in which no security measures are applied for message routing."

On network operating system security

2015 ◽  
Vol 26 (1) ◽  
pp. 6-24 ◽  
Author(s):  
Christian Röpke ◽  
Thorsten Holz
Keyword(s):  
Operating System ◽  
System Security ◽  
Operating System Security

Evaluation of Network Operating System Security Controls

2003 ◽  
Vol 18 (3) ◽  
pp. 291-306 ◽  
Author(s):  
Cheryl L. Dunn ◽  
Gregory J. Gerard ◽  
James L. Worrell
Keyword(s):  
Operating System ◽  
Learning Experience ◽  
Simulated Data ◽  
System Security ◽  
Financial Statement ◽  
Security Controls ◽  
Related Risk ◽  
Course Material ◽  
Operating System Security ◽  
System Access

Systems and financial statement auditors are often responsible for evaluating compliance with system security controls as part of their annual audit procedures. This assignment provides a practical learning experience that relates your course material to actual tasks practitioners perform. You are provided with simulated data from a realistic company example and are asked practitioner-relevant questions covering a variety of issues related to network operating system access. Monitoring and limiting network operating system access and mitigating the related risk is crucial since any application (including accounting applications) can be accessed, and potentially compromised, through the network operating system.

Cloud-Centric Blockchain Public Key Infrastructure for Big Data Applications

2020 ◽  
pp. 125-140
Author(s):  
Brian Tuan Khieu ◽  
Melody Moh
Keyword(s):  
Big Data ◽  
Data Storage ◽  
Public Key Infrastructure ◽  
Public Key ◽  
Cloud Provider ◽  
Smart Contracts ◽  
Security Measures ◽  
Certificate Authority ◽  
Blockchain Technology ◽  
Attack Surface

A cloud-based public key infrastructure (PKI) utilizing blockchain technology is proposed. Big data ecosystems have scalable and resilient needs that current PKI cannot satisfy. Enhancements include using blockchains to establish persistent access to certificate data and certificate revocation lists, decoupling of data from certificate authority, and hosting it on a cloud provider to tap into its traffic security measures. Instead of holding data within the transaction data fields, certificate data and status were embedded into smart contracts. The tests revealed a significant performance increase over that of both traditional and the version that stored data within blocks. The proposed method reduced the mining data size, and lowered the mining time to 6.6% of the time used for the block data storage method. Also, the mining gas cost per certificate was consequently cut by 87%. In summary, completely decoupling the certificate authority portion of a PKI and storing certificate data inside smart contracts yields a sizable performance boost while decreasing the attack surface.

Designing Component-Based Heuristic Search Engines for Knowledge Discovery

2011 ◽  
pp. 68-88
Author(s):  
Craig M. Howard
Keyword(s):  
Operating System ◽  
Data Mining ◽  
Knowledge Discovery ◽  
Search Engines ◽  
Rule Induction ◽  
Object Oriented Design ◽  
Modular Programming ◽  
Software Packages ◽  
Component Object ◽  
Microsoft Windows

The overall size of software packages has grown considerably over recent years. Modular programming, object-oriented design and the use of static and dynamic libraries have all contributed towards the reusability and maintainability of these packages. One of the latest methodologies that aims to further improve software design is the use of component-based services. The Component Object Model (COM) is a specification that provides a standard for writing software components that are easily interoperable. The most common platform for component libraries is on Microsoft Windows, where COM objects are an integral part of the operating system and used extensively in most major applications. This chapter examines the use of COM in the design of search engines for knowledge discovery and data mining using modern heuristic techniques and how adopting this approach benefits the design of a commercial toolkit. The chapter describes how search engines have been implemented as COM objects and how representation and problem components have been created to solve rule induction problems in data mining.

scholarly journals A Cancelable Iris- and Steganography-Based User Authentication System for the Internet of Things

Sensors ◽  
2019 ◽  
Vol 19 (13) ◽  
pp. 2985 ◽  
Author(s):  
Wencheng Yang ◽  
Song Wang ◽  
Jiankun Hu ◽  
Ahmed Ibrahim ◽  
Guanglou Zheng ◽  
...  
Keyword(s):  
Internet Of Things ◽  
User Authentication ◽  
System Security ◽  
Random Projection ◽  
Biometric Data ◽  
Iot Security ◽  
Biometric Systems ◽  
Authentication System ◽  
Iot Devices ◽  
The Internet Of Things

Remote user authentication for Internet of Things (IoT) devices is critical to IoT security, as it helps prevent unauthorized access to IoT networks. Biometrics is an appealing authentication technique due to its advantages over traditional password-based authentication. However, the protection of biometric data itself is also important, as original biometric data cannot be replaced or reissued if compromised. In this paper, we propose a cancelable iris- and steganography-based user authentication system to provide user authentication and secure the original iris data. Most of the existing cancelable iris biometric systems need a user-specific key to guide feature transformation, e.g., permutation or random projection, which is also known as key-dependent transformation. One issue associated with key-dependent transformations is that if the user-specific key is compromised, some useful information can be leaked and exploited by adversaries to restore the original iris feature data. To mitigate this risk, the proposed scheme enhances system security by integrating an effective information-hiding technique—steganography. By concealing the user-specific key, the threat of key exposure-related attacks, e.g., attacks via record multiplicity, can be defused, thus heightening the overall system security and complementing the protection offered by cancelable biometric techniques.

Sign in / Sign up

Export Citation Format

Share Document