Many corporations, private organizations, and government agencies maintain sensitive data that must be accessed remotely by their employees using portable devices. The organizations have a responsibility to secure the data to ensure that it does not get used inappropriately or get disseminated beyond these trusted users. We have designed a computer architecture for these devices, combining new hardware and software, that allows trust to be placed in the devices even when they are not under the organization's physical control.
We have designed, implemented, and tested the Authority-mode Secret-Protection Architecture, which places roots of trust in hardware in the processor chip. It provides new hardware mechanisms based on these roots of trust to protect the execution of trusted software and to provide that software with master secrets. The software uses the master secrets to secure the sensitive data and to communicate securely over the network. The user interacts with this software, which enforces security policies while giving access to data.
The organization designates a central authority that will manage the software on the devices, set security policies, communicate with the devices, and control access to data. Our new hardware mechanisms bind together the device's on-chip roots of trust with the authority's data and trusted software, such that the authority can be assured that the security policies will always be enforced.
To show how our design can be adapted to other platforms, we provide a modified architecture for embedded devices. We additionally demonstrate how the full architecture can be integrated with trustworthy system software in a mandatory access control system.
Finally, we have built a testing framework that can help designers validate new security architectures like ours. The framework allows new architectures to be modeled in a virtualization environment, where a separate testing system has complete controllability and observability over hardware and software. It is used to test the effects of various security attacks and to assist in the development of trusted software for the new architecture. We use the framework to test the prototype hardware and software of our architecture.
|Advisor:||Lee, Ruby B.|
|School Location:||United States -- New Jersey|
|Source:||DAI-B 71/06, Dissertation Abstracts International|
|Keywords:||Computer security, Embedded systems, Remote devices, Sensitive data|
Copyright in each Dissertation and Thesis is retained by the author. All Rights Reserved
The supplemental file or files you are about to download were provided to ProQuest by the author as part of a
dissertation or thesis. The supplemental files are provided "AS IS" without warranty. ProQuest is not responsible for the
content, format or impact on the supplemental file(s) on our system. in some cases, the file type may be unknown or
may be a .exe file. We recommend caution as you open such files.
Copyright of the original materials contained in the supplemental file is retained by the author and your access to the
supplemental files is subject to the ProQuest Terms and Conditions of use.
Depending on the size of the file(s) you are downloading, the system may take some time to download them. Please be