Minimal trusted computing base for critical infrastructure protection
<p>Critical infrastructures like oil & gas, power grids, water treatment facilities, domain name system (DNS) etc., are attractive targets for attackers both due to the potential impact of attacks on such systems, and due to the enormous attack surface exposed by such systems. Unwarranted...
Main Author: | |
---|---|
Other Authors: | |
Format: | Others |
Language: | en |
Published: |
MSSTATE
2013
|
Subjects: | |
Online Access: | http://sun.library.msstate.edu/ETD-db/theses/available/etd-04192013-084612/ |
id |
ndltd-MSSTATE-oai-library.msstate.edu-etd-04192013-084612 |
---|---|
record_format |
oai_dc |
spelling |
ndltd-MSSTATE-oai-library.msstate.edu-etd-04192013-0846122015-03-17T15:54:59Z Minimal trusted computing base for critical infrastructure protection Velagapalli, Arun Computer Science and Engineering <p>Critical infrastructures like oil & gas, power grids, water treatment facilities, domain name system (DNS) etc., are attractive targets for attackers both due to the potential impact of attacks on such systems, and due to the enormous attack surface exposed by such systems. Unwarranted functionality in the form of accidental bugs or maliciously inserted hidden functionality in any component of a system could potentially be exploited by attackers to launch attacks on the system.</p> <p> As it is far from practical to root out undesired functionality in <i>every</i> component of a complex system, it is essential to develop security measures for protecting CI systems that rely <i>only</i> on the integrity of a small number of carefully constructed components, identified as the <i>trusted computing base</i> (TCB) for the system. The broad aim of this dissertation is to <i>characterize</i> elements of the TCB for critical infrastructure systems, and outline <i>strategies</i> to leverage the TCB to secure CI systems.</p> <p> A unified provider-middleman-consumer (PMC) view of systems was adopted to characterize systems as being constituted by <i>providers</i> of data, untrusted <i>middlemen</i>, and <i>consumers</i> of data. As the goal of proposed approach is to eliminate the need to trust <i>most</i> components of a system to be secured, most components of the system are considered to fall under the category of untrusted middlemen. From this perspective, the TCB for the system is a minimal set of trusted functionality required to verify that the tasks performed by the middle-men will not result in violation of the desired assurances.</p> <p> Specific systems that were investigated in this dissertation work to characterize the minimal TCB included the domain name system (DNS), dynamic DNS, and Supervisory Control and Data Acquisition (SCADA) systems that monitor/control various CI systems. For such systems, this dissertation provides a comprehensive <i>functional specification</i> of the TCB, and outlines <i>security protocols</i> that leverage the trust in TCB functionality to realize the desired assurances regarding the system. </p> Dr. Mahalingam Ramkumar Dr. David A. Dampier Dr. Yoginder S. Dandass Dr. Thomas H. Morris MSSTATE 2013-07-30 text application/pdf http://sun.library.msstate.edu/ETD-db/theses/available/etd-04192013-084612/ http://sun.library.msstate.edu/ETD-db/theses/available/etd-04192013-084612/ en unrestricted I hereby certify that, if appropriate, I have obtained and attached hereto a written permission statement from the owner(s) of each third party copyrighted matter to be included in my thesis, Dissertation, or project report, allowing distribution as specified below. I certify that the version I submitted is the same as that approved by my advisory committee. I hereby grant to Mississippi State University Libraries or its agents the non-exclusive license to archive and make accessible, under the conditions specified below, my thesis, Dissertation, or project report in whole or in part in all forms of media, now or hereafter known. I retain all other ownership rights to the copyright of the thesis, Dissertation or project report. I also retain the right to use in future works (such as articles or books) all or part of this thesis, Dissertation, or project report. |
collection |
NDLTD |
language |
en |
format |
Others
|
sources |
NDLTD |
topic |
Computer Science and Engineering |
spellingShingle |
Computer Science and Engineering Velagapalli, Arun Minimal trusted computing base for critical infrastructure protection |
description |
<p>Critical infrastructures like oil & gas, power grids, water treatment facilities, domain
name system (DNS) etc., are attractive targets for attackers both due to the potential
impact of attacks on such systems, and due to the enormous attack surface exposed by
such systems. Unwarranted functionality in the form of accidental bugs or maliciously
inserted hidden functionality in any component of a system could potentially be exploited
by attackers to launch attacks on the system.</p>
<p>
As it is far from practical to root out undesired functionality in <i>every</i> component of a
complex system, it is essential to develop security measures for protecting CI systems that
rely <i>only</i> on the integrity of a small number of carefully constructed components, identified
as the <i>trusted computing base</i> (TCB) for the system. The broad aim of this dissertation is to
<i>characterize</i> elements of the TCB for critical infrastructure systems, and outline <i>strategies</i>
to leverage the TCB to secure CI systems.</p>
<p>
A unified provider-middleman-consumer (PMC) view of systems was adopted to characterize
systems as being constituted by <i>providers</i> of data, untrusted <i>middlemen</i>, and
<i>consumers</i> of data. As the goal of proposed approach is to eliminate the need to trust
<i>most</i> components of a system to be secured, most components of the system are considered
to fall under the category of untrusted middlemen. From this perspective, the TCB
for the system is a minimal set of trusted functionality required to verify that the tasks
performed by the middle-men will not result in violation of the desired assurances.</p>
<p>
Specific systems that were investigated in this dissertation work to characterize the
minimal TCB included the domain name system (DNS), dynamic DNS, and Supervisory
Control and Data Acquisition (SCADA) systems that monitor/control various CI systems.
For such systems, this dissertation provides a comprehensive <i>functional specification</i> of the
TCB, and outlines <i>security protocols</i> that leverage the trust in TCB functionality to realize
the desired assurances regarding the system. </p> |
author2 |
Dr. Mahalingam Ramkumar |
author_facet |
Dr. Mahalingam Ramkumar Velagapalli, Arun |
author |
Velagapalli, Arun |
author_sort |
Velagapalli, Arun |
title |
Minimal trusted computing base for critical infrastructure protection |
title_short |
Minimal trusted computing base for critical infrastructure protection |
title_full |
Minimal trusted computing base for critical infrastructure protection |
title_fullStr |
Minimal trusted computing base for critical infrastructure protection |
title_full_unstemmed |
Minimal trusted computing base for critical infrastructure protection |
title_sort |
minimal trusted computing base for critical infrastructure protection |
publisher |
MSSTATE |
publishDate |
2013 |
url |
http://sun.library.msstate.edu/ETD-db/theses/available/etd-04192013-084612/ |
work_keys_str_mv |
AT velagapalliarun minimaltrustedcomputingbaseforcriticalinfrastructureprotection |
_version_ |
1716732173519683584 |