• 主题
高级搜索  >
历史搜索 清空历史
首页> 外文学位 >Ordered Merkle Tree - a versatile data-structure for security kernels.
【24h】

Ordered Merkle Tree - a versatile data-structure for security kernels.

机译:有序Merkle树-用于安全内核的通用数据结构。

获取原文
获取原文并翻译 | 示例
页面导航
  • 摘要
  • 著录项
  • 相似文献
  • 相关主题

摘要

Hidden undesired functionality is an unavoidable reality in any complex hardware or software component. Undesired functionality---deliberately introduced Trojan horses or accidentally introduced bugs---in any component of a system can be exploited by attackers to exert control over the system. This poses a serious security risk to systems---especially in the ever growing number of systems based on networks of computers.;The approach adopted in this dissertation to secure systems seeks immunity from hidden functionality. Specifically, if a minimal trusted computing base (TCB) for any system can be identified, and if we can eliminate hidden functionality in the TCB, all desired assurances regarding the operation of the system can be guaranteed. More specifically, the desired assurances are guaranteed even if undesired functionality may exist in every component of the system outside the TCB.;A broad goal of this dissertation is to characterize the TCB for various systems as a set of functions executed by a trusted security kernel. Some constraints are deliberately imposed on the security kernel functionality to reduce the risk of hidden functionality inside the security kernel.;In the security model adopted in this dissertation, any system is seen as an interconnection of subsystems, where each subsystem is associated with a security kernel. The security kernel for a subsystem performs only the bare minimal tasks required to assure the integrity of the tasks performed by the subsystem.;Even while the security kernel functionality may be different for each system/subsystem, it is essential to identify reusable components of the functionality that are suitable for a wide range of systems. The contribution of the research is a versatile data-structure---Ordered Merkle Tree (OMT), which can act as the reusable component of various security kernels. The utility of OMT is illustrated by designing security kernels for subsystems participating in, 1) a remote file storage system, 2) a generic content distribution system, 3) generic look-up servers, 4) mobile ad-hoc networks and 5) the Internet's routing infrastructure based on the border gateway protocol (BGP).
机译:在任何复杂的硬件或软件组件中,隐藏的不良功能都是不可避免的现实。攻击者可以利用系统中任何组件不想要的功能(故意引入的特洛伊木马程序或不经意引入的错误)​​来控制系统。这给系统带来了严重的安全风险,尤其是在基于计算机网络的系统数量不断增长的情况下。本论文采用的方法来保护系统的安全性寻求不受隐藏功能的影响。具体来说,如果可以确定任何系统的最小可信计算库(TCB),并且如果我们可以消除TCB中的隐藏功能,则可以保证有关系统运行的所有所需保证。更具体地说,即使在TCB之外的系统的每个组件中可能存在不需要的功能,也可以保证获得所需的保证。本论文的主要目标是将各种系统的TCB表征为由受信任的安全内核执行的一组功能。 。故意对安全内核功能施加一些约束,以减少安全内核内部隐藏功能的风险。在本文采用的安全模型中,任何系统都被视为子系统的互连,其中每个子系统都与安全性相关联。核心。子系统的安全内核仅执行确保子系统执行的任务的完整性所需的最基本的最小任务。即使每个系统/子系统的安全内核功能可能有所不同,也必须确定操作系统的可重用组件。适用于各种系统的功能。该研究的贡献是一种通用的数据结构-有序Merkle树(OMT),它可以用作各种安全内核的可重用组件。通过为参与以下活动的子系统设计安全内核来说明OMT的作用:1)远程文件存储系统,2)通用内容分发系统,3)通用查找服务器,4)移动自组织网络和5)基于边界网关协议(BGP)的Internet路由基础结构。

著录项

  • 作者

    Mohanty, Somya D.;

  • 作者单位

    Mississippi State University.;

  • 授予单位 Mississippi State University.;
  • 学科 Computer science.
  • 学位 Ph.D.
  • 年度 2013
  • 页码 183 p.
  • 总页数 183
  • 原文格式 PDF
  • 正文语种 eng
  • 中图分类
  • 关键词

相似文献

  • 外文文献
  • 中文文献
  • 专利
获取原文

客服邮箱:kefu@zhangqiaokeyan.com

京公网安备:11010802029741号 ICP备案号:京ICP备15016152号-6 六维联合信息科技 (北京) 有限公司©版权所有

  • 客服微信

  • 服务号