Design and implementation of an open security architecture for a software-based security module

Kaynar, Kaan
Main purpose of this thesis work is to design a comprehensive and open security architecture whose desired parts could be realized on a general-purpose embedded computer without any special cryptography hardware. The architecture provides security mechanisms that implement known cryptography techniques, operations of some famous network security protocols and appropriate system security methods. Consequently, a server machine may offload a substantial part of its security processing tasks to an embedded computer realizing the architecture. The mechanisms provided can be accessed by a server machine using a client-side API and via a secure protocol which provides message integrity and peer authentication. To demonstrate the practicability of the security architecture, a set of its security mechanisms was realized on an embedded PC/104-plus computer. A server machine was connected to and requested mechanisms from the embedded computer over the Ethernet network interface. Four types of performance parameters were measured. They are; number of executions of a symmetric encryption method by the embedded computer per second, number of executions of a public-key signing method by the embedded computer per second, footprint of the implementation on the embedded computer memory, and the embedded computer CPU power utilized by the implementation. Apart from various security mechanisms and the secure protocol via which they can be accessed, the architecture defines a reliable software-based method for protection and storage of secret information belonging to clients.


Specification and verification of confidentiality in software architectures
Ulu, Cemil; Oğuztüzün, Mehmet Halit S.; Department of Computer Engineering (2004)
This dissertation addresses the confidentiality aspect of the information security problem from the viewpoint of the software architecture. It presents a new approach to secure system design in which the desired security properties, in particular, confidentiality, of the system are proven to hold at the architectural level. The architecture description language Wright is extended so that confidentiality authorizations can be specified. An architectural description in Wright/c, the extended language, assigns...
A certificate based authentication control model using smart mobile devices for ubiquitous computing environments
Çavdar, Davut; Eren, Pekin Erhan; Department of Information Systems (2011)
In this thesis work, a certificate based authentication model supported by mobile devices is provided for ubiquitous computing environments. The model primarily aims to create an infrastructure for controlling and regulating access requests through mobile devices to local resources and services. The model also allows users from different domains to use local resources and services within the scope of agreements between domains. In addition to conceptual description of the model, a real prototype implementat...
Investigation of the effects of structural characteristics of object-oriented software on fault-proneness
Gölcük, Halit; Bilgen, Semih; Department of Electrical and Electronics Engineering (2014)
This study investigates the effects of structural characteristics of object-oriented software, which are observable at the model level of the software developed by means of Unified Modeling Language (UML), on software quality, assessing quality in terms of fault-proneness. In the scope of this thesis study, real-time embedded software components developed by Aselsan, a leading defense industry company in Turkey, were analyzed. The correlation between software metrics measured from the UML models of the soft...
A fuzzy petri net model for intelligent databases
Bostan, Burçin; Yazıcı, Adnan; Department of Computer Engineering (2005)
Knowledge intensive applications require an intelligent environment, which can perform deductions in response to user queries or events that occur inside or outside of the applications. For that, we propose a Fuzzy Petri Net (FPN) model to represent the knowledge and the behavior in an intelligent object-oriented database environment, which integrates fuzzy, active and deductive rules with database objects. By gaining intelligent behaviour, the system maintains objects to perceive dynamic occurences and use...
Design and implementation of a hybrid and configurable access control model
Turan, Uğur; Özgit, Attila; Department of Computer Engineering (2009)
A hybrid and configurable access control model is designed to satisfy the requirements of using different access control models in the same schema. The idea is arised to completely combine and configure the two main access control models, discretionary and mandatory which have been widely used in many systems so far with their advantages and disadvantages. The motivation originates from the fact that; in real life usage, discretionary based systems needs some strict policies and mandatory based systems need...
Citation Formats
K. Kaynar, “Design and implementation of an open security architecture for a software-based security module,” M.S. - Master of Science, Middle East Technical University, 2009.