Increasing trustworthiness of security critical applications using trusted computing

Download
2014
Uzunay, Yusuf
In this thesis work, we aim to increase the trustworthiness of security critical applications by utilizing trusted computing technologies. We focus on two case applications; authentication proxy systems and e-voting systems. Our first case application is authentication proxy systems which store users’ sensitive credentials and submit them to the servers of the service providers on their behalf. To increase the trustworthiness of authentication proxy systems, we propose Trust-in-the-Middle a trusted platform module based proxy system which ensures that user credentials are securely stored and submitted without disclosing them even if the proxy is compromised. We use remote attestation to guarantee that all critical operations on the proxy are performed securely and credentials are cryptographically protected when they are not in trusted platform module supported isolation. For our second case application, we propose Trusted3Ballot, a trusted computing based three-ballot e-voting system to increase the trustworthiness of poll-site e-voting systems. In our second proposal, we put forth an election process where security critical issues are processed in software applications attested by TPM. By integrating three-ballot voting mechanism into an electronic voting system secured by trusted platform module, we not only satisfy some contradictory requirements of voting such as providing individual and universal verifiability without causing vote trade, but also give users and the relevant parties the ability to attest the trustworthiness of the running software at each phase of the election. The analysis of Trusted3Ballot reveals that significant improvements to the three-ballot system are provided in terms of both security and usability.

Suggestions

An automated tool for information security management system
Erkan, Ahmet; Arifoğlu, Ali; Department of Information Systems (2006)
This thesis focuses on automation of processes of Information Security Management System. In accordance with two International Standards, ISO/IEC 27001:2005 and ISO/IEC 17799:2005, to automate the activities required for a documented ISMS as much as possible helps organizations. Some of the well known tools in this scope are analyzed and a comparative study on them including “InfoSec Toolkit”, which is developed for this purpose in the thesis scope, is given. “InfoSec Toolkit” is based on ISO/IEC 27001:2005...
A Decision Support System for Optimal Selection of Enterprise Information Security Preventative Actions
Sonmez, Ferda Ozdemir; Günel Kılıç, Banu (2021-09-01)
Types and complexity of information security related vulnerabilities are growing rapidly and present numerous challenges to the enterprises. One of the key challenges is to identify the optimal set of precautions with limited budget. Despite the fact that majority of enterprises have a budget constraint for installing and maintaining the protection systems, the majority of the previous work only focus on prioritization of security targets and do not consider the preventative actions and budget constraints. ...
Performance comparison of pattern discovery methods on web log data
Bayir, Murat Ali; Toroslu, İsmail Hakkı; Coşar, Ahmet (2006-03-11)
One of the popular trends in computer science has been development of intelligent web-based systems. Demand for such systems forces designers to make use of knowledge discovery techniques on web server logs. Web usage mining has become a major area of knowledge discovery on World Wide Web. Frequent pattern discovery is one of the main issues in web usage mining. These frequent patterns constitute the basic information source for intelligent web-based systems. In this paper; frequent pattern mining algorithm...
Computational platform for predicting lifetime system reliability profiles for different structure types in a network
Akgül, Ferhat (2004-01-01)
This paper presents a computational platform for predicting the lifetime system reliability profiles for different structure types located in an existing network. The computational platform has the capability to incorporate time-variant live load and resistance models. Following a review of the theoretical basis, the overall architecture of the computational platform is described. Finally, numerical examples of three existing bridges (i.e., a steel, a prestressed concrete, and a hybrid steel-concrete bridge...
Malicious user input detection on web-based attacks with the negative selection algorithm
Karataş, Mustafa Mer; Acar, Aybar Can; Department of Cyber Security (2019)
In the cyber security domain, detection and prevention of intrusions is a crucial task. Intrusion attempts exploiting vulnerabilities in an organization’s servers or applications may lead to devastating consequences. The malicious actor may obtain sensitive information from the application, seize database records or take over the servers completely. While protecting web applications/services, discrimination of legitimate user inputs from malicious payloads must be done. Taking inspiration from the Human Imm...
Citation Formats
Y. Uzunay, “Increasing trustworthiness of security critical applications using trusted computing,” Ph.D. - Doctoral Program, Middle East Technical University, 2014.