Show/Hide Menu
Hide/Show Apps
Logout
Türkçe
Türkçe
Search
Search
Login
Login
OpenMETU
OpenMETU
About
About
Open Science Policy
Open Science Policy
Open Access Guideline
Open Access Guideline
Postgraduate Thesis Guideline
Postgraduate Thesis Guideline
Communities & Collections
Communities & Collections
Help
Help
Frequently Asked Questions
Frequently Asked Questions
Guides
Guides
Thesis submission
Thesis submission
MS without thesis term project submission
MS without thesis term project submission
Publication submission with DOI
Publication submission with DOI
Publication submission
Publication submission
Supporting Information
Supporting Information
General Information
General Information
Copyright, Embargo and License
Copyright, Embargo and License
Contact us
Contact us
Increasing trustworthiness of security critical applications using trusted computing
Download
index.pdf
Date
2014
Author
Uzunay, Yusuf
Metadata
Show full item record
Item Usage Stats
299
views
162
downloads
Cite This
In this thesis work, we aim to increase the trustworthiness of security critical applications by utilizing trusted computing technologies. We focus on two case applications; authentication proxy systems and e-voting systems. Our first case application is authentication proxy systems which store users’ sensitive credentials and submit them to the servers of the service providers on their behalf. To increase the trustworthiness of authentication proxy systems, we propose Trust-in-the-Middle a trusted platform module based proxy system which ensures that user credentials are securely stored and submitted without disclosing them even if the proxy is compromised. We use remote attestation to guarantee that all critical operations on the proxy are performed securely and credentials are cryptographically protected when they are not in trusted platform module supported isolation. For our second case application, we propose Trusted3Ballot, a trusted computing based three-ballot e-voting system to increase the trustworthiness of poll-site e-voting systems. In our second proposal, we put forth an election process where security critical issues are processed in software applications attested by TPM. By integrating three-ballot voting mechanism into an electronic voting system secured by trusted platform module, we not only satisfy some contradictory requirements of voting such as providing individual and universal verifiability without causing vote trade, but also give users and the relevant parties the ability to attest the trustworthiness of the running software at each phase of the election. The analysis of Trusted3Ballot reveals that significant improvements to the three-ballot system are provided in terms of both security and usability.
Subject Keywords
Computer security.
,
Data protection.
,
Proxy servers.
,
Web proxy servers.
,
Electronic voting.
URI
http://etd.lib.metu.edu.tr/upload/12616762/index.pdf
https://hdl.handle.net/11511/23256
Collections
Graduate School of Informatics, Thesis
Suggestions
OpenMETU
Core
A Decision Support System for Optimal Selection of Enterprise Information Security Preventative Actions
Özdemir Sönmez, Ferda ; Günel Kılıç, Banu (2021-09-01)
Types and complexity of information security related vulnerabilities are growing rapidly and present numerous challenges to the enterprises. One of the key challenges is to identify the optimal set of precautions with limited budget. Despite the fact that majority of enterprises have a budget constraint for installing and maintaining the protection systems, the majority of the previous work only focus on prioritization of security targets and do not consider the preventative actions and budget constraints. ...
Security Qualitative Metrics for Open Web Application Security Project Compliance
Sönmez, Ferda Özdemir (Elsevier BV; 2019)
The focus of this study is to find out repeatable features for large-scale enterprise web application production process related to based on OWASP security requirement list. As a result of a rigorous work including domain analysis for Java language and development frameworks and the examination of a large set of technical documents, 230 security qualitative metrics are discovered, under six categories. These security qualitative metrics are beneficial for security analysts as well as other parties such as d...
An automated tool for information security management system
Erkan, Ahmet; Arifoğlu, Ali; Department of Information Systems (2006)
This thesis focuses on automation of processes of Information Security Management System. In accordance with two International Standards, ISO/IEC 27001:2005 and ISO/IEC 17799:2005, to automate the activities required for a documented ISMS as much as possible helps organizations. Some of the well known tools in this scope are analyzed and a comparative study on them including “InfoSec Toolkit”, which is developed for this purpose in the thesis scope, is given. “InfoSec Toolkit” is based on ISO/IEC 27001:2005...
Performance comparison of pattern discovery methods on web log data
Bayir, Murat Ali; Toroslu, İsmail Hakkı; Coşar, Ahmet (2006-03-11)
One of the popular trends in computer science has been development of intelligent web-based systems. Demand for such systems forces designers to make use of knowledge discovery techniques on web server logs. Web usage mining has become a major area of knowledge discovery on World Wide Web. Frequent pattern discovery is one of the main issues in web usage mining. These frequent patterns constitute the basic information source for intelligent web-based systems. In this paper; frequent pattern mining algorithm...
The Role of expertise on code review for security: an eye tracking study
Kaplan, Utku; Acartürk, Cengiz; Department of Cyber Security (2019)
To improve the quality of the software and find security vulnerabilities, code review is usually performed during software development activities. The experience of software developers reviewing the code may affect the quality of the code review. This study investigates whether differences between novices and experts in the detection of vulnerabilities in the code can be identified by eye tracking. Participants’ eye movements were recorded by an eye tracker while they investigated program codes for security...
Citation Formats
IEEE
ACM
APA
CHICAGO
MLA
BibTeX
Y. Uzunay, “Increasing trustworthiness of security critical applications using trusted computing,” Ph.D. - Doctoral Program, Middle East Technical University, 2014.