Design and implementation of an open security architecture for a software-based security module

Kaynar, Kaan
Main purpose of this thesis work is to design a comprehensive and open security architecture whose desired parts could be realized on a general-purpose embedded computer without any special cryptography hardware. The architecture provides security mechanisms that implement known cryptography techniques, operations of some famous network security protocols and appropriate system security methods. Consequently, a server machine may offload a substantial part of its security processing tasks to an embedded computer realizing the architecture. The mechanisms provided can be accessed by a server machine using a client-side API and via a secure protocol which provides message integrity and peer authentication. To demonstrate the practicability of the security architecture, a set of its security mechanisms was realized on an embedded PC/104-plus computer. A server machine was connected to and requested mechanisms from the embedded computer over the Ethernet network interface. Four types of performance parameters were measured. They are; number of executions of a symmetric encryption method by the embedded computer per second, number of executions of a public-key signing method by the embedded computer per second, footprint of the implementation on the embedded computer memory, and the embedded computer CPU power utilized by the implementation. Apart from various security mechanisms and the secure protocol via which they can be accessed, the architecture defines a reliable software-based method for protection and storage of secret information belonging to clients.


Specification and verification of confidentiality in software architectures
Ulu, Cemil; Oğuztüzün, Mehmet Halit S.; Department of Computer Engineering (2004)
This dissertation addresses the confidentiality aspect of the information security problem from the viewpoint of the software architecture. It presents a new approach to secure system design in which the desired security properties, in particular, confidentiality, of the system are proven to hold at the architectural level. The architecture description language Wright is extended so that confidentiality authorizations can be specified. An architectural description in Wright/c, the extended language, assigns...
Modeling of software as a service architectures and investigation on their design alternatives
Öztürk, Karahan; Doğru, Ali Hikmet; Department of Computer Engineering (2010)
In general, a common reference architecture can be derived for Software as a Service (SaaS) architecture. However, while designing particular applications one may derive various different application design alternatives from the same reference SaaS architecture specification. To meet the required functional and nonfunctional requirements of different enterprise applications it is important to model the possible design so that a feasible alternative can be defined. In this thesis, we propose a systematic app...
An approach for including business requirements to soa design
Ocaktürk, Murat; Doğru, Ali Hikmet; Department of Computer Engineering (2010)
In this thesis, a service oriented decomposition approach: Use case Driven Service Oriented Architecture (UDSOA), is introduced to close the gap between business requirements and SOA (Service Oriented Architecture) design by including business use cases and system use cases into decomposition process. The approach is constructed upon Service Oriented Software Engineering (SOSE) modeling technique and aims to fill the deficits of it at the decomposition phase. Further, it aims to involve both business vision...
Execution of distributed database queries on a HPC system
Önder, İbrahim Seçkin; Coşar, Ahmet; Department of Computer Engineering (2010)
Increasing performance of computers and ability to connect computers with high speed communication networks make distributed databases systems an attractive research area. In this study, we evaluate communication and data processing capabilities of a HPC machine. We calculate accurate cost formulas for high volume data communication between processing nodes and experimentally measure sorting times. A left deep query plan executer has been implemented and experimentally used for executing plans generated by ...
Design and implementation of a hybrid and configurable access control model
Turan, Uğur; Özgit, Attila; Department of Computer Engineering (2009)
A hybrid and configurable access control model is designed to satisfy the requirements of using different access control models in the same schema. The idea is arised to completely combine and configure the two main access control models, discretionary and mandatory which have been widely used in many systems so far with their advantages and disadvantages. The motivation originates from the fact that; in real life usage, discretionary based systems needs some strict policies and mandatory based systems need...
Citation Formats
K. Kaynar, “Design and implementation of an open security architecture for a software-based security module,” M.S. - Master of Science, Middle East Technical University, 2009.