CPL - Chalmers Publication Library

An analysis of a secure system based on trusted components

Författare och institution:
Ulf Lindqvist (-); Tomas Olovsson (Institutionen för datorteknik); Erland Jonsson (Institutionen för datorteknik)
Publicerad i:
IEEE Proceedings of the Eleventh Annual Conference on Computer Assurance, COMPASS '96, s. 213-223
Konferensbidrag, refereegranskat
Sammanfattning (abstract):
The paper presents a practical security analysis of a beta implementation of a commercial system based on existing trusted hardware components, such as advanced cryptographic building blocks. The system was designed to securely store and handle both sensitive and insensitive data records on individuals in such a way that it would be impossible for unauthorized parties to link sensitive records to the corresponding individuals. The analysis was performed by means of document reviews, interviews and some practical tests with the intention of finding and listing potential vulnerabilities for the knowledge of the design team. The vulnerabilities revealed are classified with respect to their cause, and possible remedies are discussed. The classification shows that the most important problem was that some system components were incorrectly handled as trusted. Finally, we observed that the problems were to a surprisingly high degree non technical, reflecting organisational and management issues and human insufficiencies.
Ämne (baseras på Högskoleverkets indelning av forskningsämnen):
Data- och informationsvetenskap ->
Systemvetenskap, informationssystem och informatik ->
Data- och systemvetenskap
Data- och informationsvetenskap ->
security evaluation, penetration test
Chalmers styrkeområden:
Informations- och kommunikationsteknik
Postens nummer:
Posten skapad:
2012-12-13 17:06
Posten ändrad:
2013-08-26 15:36

Visa i Endnote-format