Minimal trusted computing base for critical infrastructure protection

<p>Critical infrastructures like oil & gas, power grids, water treatment facilities, domain name system (DNS) etc., are attractive targets for attackers both due to the potential impact of attacks on such systems, and due to the enormous attack surface exposed by such systems. Unwarranted...

Full description

Bibliographic Details
Main Author: Velagapalli, Arun
Other Authors: Dr. Mahalingam Ramkumar
Format: Others
Language:en
Published: MSSTATE 2013
Subjects:
Online Access:http://sun.library.msstate.edu/ETD-db/theses/available/etd-04192013-084612/
id ndltd-MSSTATE-oai-library.msstate.edu-etd-04192013-084612
record_format oai_dc
spelling ndltd-MSSTATE-oai-library.msstate.edu-etd-04192013-0846122015-03-17T15:54:59Z Minimal trusted computing base for critical infrastructure protection Velagapalli, Arun Computer Science and Engineering <p>Critical infrastructures like oil & gas, power grids, water treatment facilities, domain name system (DNS) etc., are attractive targets for attackers both due to the potential impact of attacks on such systems, and due to the enormous attack surface exposed by such systems. Unwarranted functionality in the form of accidental bugs or maliciously inserted hidden functionality in any component of a system could potentially be exploited by attackers to launch attacks on the system.</p> <p> As it is far from practical to root out undesired functionality in <i>every</i> component of a complex system, it is essential to develop security measures for protecting CI systems that rely <i>only</i> on the integrity of a small number of carefully constructed components, identified as the <i>trusted computing base</i> (TCB) for the system. The broad aim of this dissertation is to <i>characterize</i> elements of the TCB for critical infrastructure systems, and outline <i>strategies</i> to leverage the TCB to secure CI systems.</p> <p> A unified provider-middleman-consumer (PMC) view of systems was adopted to characterize systems as being constituted by <i>providers</i> of data, untrusted <i>middlemen</i>, and <i>consumers</i> of data. As the goal of proposed approach is to eliminate the need to trust <i>most</i> components of a system to be secured, most components of the system are considered to fall under the category of untrusted middlemen. From this perspective, the TCB for the system is a minimal set of trusted functionality required to verify that the tasks performed by the middle-men will not result in violation of the desired assurances.</p> <p> Specific systems that were investigated in this dissertation work to characterize the minimal TCB included the domain name system (DNS), dynamic DNS, and Supervisory Control and Data Acquisition (SCADA) systems that monitor/control various CI systems. For such systems, this dissertation provides a comprehensive <i>functional specification</i> of the TCB, and outlines <i>security protocols</i> that leverage the trust in TCB functionality to realize the desired assurances regarding the system. </p> Dr. Mahalingam Ramkumar Dr. David A. Dampier Dr. Yoginder S. Dandass Dr. Thomas H. Morris MSSTATE 2013-07-30 text application/pdf http://sun.library.msstate.edu/ETD-db/theses/available/etd-04192013-084612/ http://sun.library.msstate.edu/ETD-db/theses/available/etd-04192013-084612/ en unrestricted I hereby certify that, if appropriate, I have obtained and attached hereto a written permission statement from the owner(s) of each third party copyrighted matter to be included in my thesis, Dissertation, or project report, allowing distribution as specified below. I certify that the version I submitted is the same as that approved by my advisory committee. I hereby grant to Mississippi State University Libraries or its agents the non-exclusive license to archive and make accessible, under the conditions specified below, my thesis, Dissertation, or project report in whole or in part in all forms of media, now or hereafter known. I retain all other ownership rights to the copyright of the thesis, Dissertation or project report. I also retain the right to use in future works (such as articles or books) all or part of this thesis, Dissertation, or project report.
collection NDLTD
language en
format Others
sources NDLTD
topic Computer Science and Engineering
spellingShingle Computer Science and Engineering
Velagapalli, Arun
Minimal trusted computing base for critical infrastructure protection
description <p>Critical infrastructures like oil & gas, power grids, water treatment facilities, domain name system (DNS) etc., are attractive targets for attackers both due to the potential impact of attacks on such systems, and due to the enormous attack surface exposed by such systems. Unwarranted functionality in the form of accidental bugs or maliciously inserted hidden functionality in any component of a system could potentially be exploited by attackers to launch attacks on the system.</p> <p> As it is far from practical to root out undesired functionality in <i>every</i> component of a complex system, it is essential to develop security measures for protecting CI systems that rely <i>only</i> on the integrity of a small number of carefully constructed components, identified as the <i>trusted computing base</i> (TCB) for the system. The broad aim of this dissertation is to <i>characterize</i> elements of the TCB for critical infrastructure systems, and outline <i>strategies</i> to leverage the TCB to secure CI systems.</p> <p> A unified provider-middleman-consumer (PMC) view of systems was adopted to characterize systems as being constituted by <i>providers</i> of data, untrusted <i>middlemen</i>, and <i>consumers</i> of data. As the goal of proposed approach is to eliminate the need to trust <i>most</i> components of a system to be secured, most components of the system are considered to fall under the category of untrusted middlemen. From this perspective, the TCB for the system is a minimal set of trusted functionality required to verify that the tasks performed by the middle-men will not result in violation of the desired assurances.</p> <p> Specific systems that were investigated in this dissertation work to characterize the minimal TCB included the domain name system (DNS), dynamic DNS, and Supervisory Control and Data Acquisition (SCADA) systems that monitor/control various CI systems. For such systems, this dissertation provides a comprehensive <i>functional specification</i> of the TCB, and outlines <i>security protocols</i> that leverage the trust in TCB functionality to realize the desired assurances regarding the system. </p>
author2 Dr. Mahalingam Ramkumar
author_facet Dr. Mahalingam Ramkumar
Velagapalli, Arun
author Velagapalli, Arun
author_sort Velagapalli, Arun
title Minimal trusted computing base for critical infrastructure protection
title_short Minimal trusted computing base for critical infrastructure protection
title_full Minimal trusted computing base for critical infrastructure protection
title_fullStr Minimal trusted computing base for critical infrastructure protection
title_full_unstemmed Minimal trusted computing base for critical infrastructure protection
title_sort minimal trusted computing base for critical infrastructure protection
publisher MSSTATE
publishDate 2013
url http://sun.library.msstate.edu/ETD-db/theses/available/etd-04192013-084612/
work_keys_str_mv AT velagapalliarun minimaltrustedcomputingbaseforcriticalinfrastructureprotection
_version_ 1716732173519683584