Ordered Merkle Tree - a versatile data-structure for security kernels

• Main Author: Mohanty, Somya Darsan
• Other Authors: Dr. Yoginder S. Dandass
• Format: Others
• Language: en
• Published: MSSTATE 2013
• Subjects: Computer Science and Engineering
• Online Access: http://sun.library.msstate.edu/ETD-db/theses/available/etd-06242013-124105/

<p>Hidden undesired functionality is an unavoidable reality in any complex hardware or software component. Undesired functionality deliberately introduced Trojan horses or accidentally introduced bugsin any component of a system can be exploited by attackers to exert control over the system. This poses a serious security risk to systemsespecially in the ever growing number of systems based on networks of computers.</p> <p>The approach adopted in this dissertation to secure systems seeks immunity from hidden functionality. Specifically, if a minimal trusted computing base (TCB) for any system can be identified, and if we can eliminate hidden functionality in the TCB, all desired assurances regarding the operation of the system can be guaranteed. More specifically, the desired assurances are guaranteed even if undesired functionality may exist in every component of the system <I>outside</I> the TCB.</p> <p>A broad goal of this dissertation is to characterize the TCB for various systems as <I>a set of functions executed by a trusted security kernel.</I> Some constraints are deliberately imposed on the security kernel functionality to reduce the risk of hidden functionality inside the security kernel.</p> <p>In the security model adopted in this dissertation, any system is seen as an interconnection of subsystems, where each subsystem is associated with a security kernel. The security kernel for a subsystem performs only the bare minimal tasks required to assure the integrity of the tasks performed by the subsystem.</p> <p>Even while the security kernel functionality may be different for each system/subsystem, it is essential to identify reusable components of the functionality that are suitable for a wide range of systems. The contribution of the research is a versatile data-structure Ordered Merkle Tree (OMT), which can act as the reusable component of various security kernels. The utility of OMT is illustrated by designing security kernels for subsystems participating in, 1) a remote file storage system, 2) a generic content distribution system, 3) generic look-up servers, 4) mobile ad-hoc networks and 5) the Internets routing infrastructure based on the border gateway protocol (BGP).</p>