CPL - Chalmers Publication Library
| Utbildning | Forskning | Styrkeområden | Om Chalmers | In English In English Ej inloggad.

An analysis of a secure system based on trusted components

Ulf Lindqvist ; Tomas Olovsson (Institutionen för datorteknik) ; Erland Jonsson (Institutionen för datorteknik)
IEEE Proceedings of the Eleventh Annual Conference on Computer Assurance, COMPASS '96 p. 213-223.
[Konferensbidrag, refereegranskat]

The paper presents a practical security analysis of a beta implementation of a commercial system based on existing trusted hardware components, such as advanced cryptographic building blocks. The system was designed to securely store and handle both sensitive and insensitive data records on individuals in such a way that it would be impossible for unauthorized parties to link sensitive records to the corresponding individuals. The analysis was performed by means of document reviews, interviews and some practical tests with the intention of finding and listing potential vulnerabilities for the knowledge of the design team. The vulnerabilities revealed are classified with respect to their cause, and possible remedies are discussed. The classification shows that the most important problem was that some system components were incorrectly handled as trusted. Finally, we observed that the problems were to a surprisingly high degree non technical, reflecting organisational and management issues and human insufficiencies.

Nyckelord: security evaluation, penetration test



Den här publikationen ingår i följande styrkeområden:

Läs mer om Chalmers styrkeområden  

Denna post skapades 2012-12-13. Senast ändrad 2013-08-26.
CPL Pubid: 167750

 

Läs direkt!


Länk till annan sajt (kan kräva inloggning)


Institutioner (Chalmers)

Institutionen för datorteknik (1985-2001)

Ämnesområden

Informations- och kommunikationsteknik
Data- och systemvetenskap
Datorteknik