Towards a Standard for a Reliable Execution Environment for Security Protocols
Abstract
Approaches for securing digital assets of information systems can be classified as active approaches based on attack models, and passive approaches based on system-models. Passive approaches are inherently superior to active ones. However, taking full advantage of passive approaches calls for a rigorous standard for a low-complexity-high-integrity execution environment for security protocols. We sketch broad outlines of mirror network (MN) modules, as a candidate for such a standard. Their utility in assuring real-world information systems is illustrated with examples.
Downloads
References
[1] Shannon, Claude (4 October 1949), “Communication Theory of Secrecy Systems,” Bell System Technical Journal 28: 662.
[2] D .D. Clark, and D. R.Wilson, “A Comparison of Commercial and Military Computer Security Policies,” in Proceedings of the 1987 IEEE Symposium on Research in Security and Privacy (SP’87), May 1987, Oakland, CA; IEEE Press, pp. 184–193.
[3] M. Ramkumar, Symmetric Cryptographic Protocols, Springer, 2014.
[4] M.Ramkumar, Mirror Network: A Holistic Approach for Assuring Information Systems, SAM 2015, Las Vegas, NV, Jul 2015.
[5] M.Ramkumar, S. Mohanty, Reliable Assurance Protocols for Information Systems, INTERNET 2015, St. Julians, Malta, Oct 2015.
[6] B.K. Atchinson, D.M. Fox, “The Politics Of The Health Insurance Portability And Accountability Act”. Health Affairs 16 (3): 146150, May 1997.
[7] http://www.consumer.ftc.gov/. 15 USC x1681, Fair Credit Reporting Act (FCRA), September 2012.
[8] https://it.ojp.gov/privacyliberty/authorities/statutes/1285, 18 U.S.C. x2510–22, Electronic Communications Privacy Act of 1986 (ECPA).
[9] I. Damgrd, “A Design Principle for Hash Functions,” Advances in Cryptology, CRYPTO ’89, Lecture Notes in Computer Science Vol. 435, Springer-Verlag, 1989, pp. 416-427.
[10] R. C. Merkle, “A Digital Signature Based on a Conventional Encryption Function,” Advances in Cryptology, CRYPTO ’87. Lecture Notes in Computer Science 293. 1987.
[11] V. Thotakura, and M. Ramkumar, “Minimal TCB For MANET Nodes,” 6th IEEE International Conference on Wireless and Mobile Computing, Networking and Communications (WiMob 2010), Niagara Falls, ON, Canada, September 2010.
[12] S. D. Mohanty, and M. Ramkumar, “Securing File Storage in an Untrusted Server Using a Minimal Trusted Computing Base,” First International Conference on Cloud Computing and Services Science, Noordwijkerhout, The Netherlands, May 2011.
[13] T. Leighton, S. Micali, “Secret-key AgreementWithout Public-Key Cryptography,”Advances in Cryptology - CRYPTO 1993, pp 456-479, 1994.
[14] M. Ramkumar, “On the Scalability of a “Nonscalable” Key Distribution Scheme,” IEEE SPAWN 2008, Newport Beach, CA, June 2008.
[15] P. V. Mockapetris, “Domain names - concepts and facilities,”RFC Editor, 1987.
[16] R. Arends, R. Austein, M. Larson, D. Massey, S. Rose “RFC 4033: DNS Security Introduction and Requirements,” March 2005.
[17] S. Weiler, J. Ihren, “RFC 4470: Minimally Covering NSEC Records and DNSSEC On-line Signing,” April 2006.
[18] B. Laurie, G. Sisson, R. Arends, Nominet, D. Blacka, “DNS Security (DNSSEC) Hashed Authenticated Denial of Existence,” RFC 5155, March 2008.
[19] Z. Durumeric et. al., “The Matter of Heartbleed,” IMC 2014, Vancouver, Canada, Nov 2014.
[20] J. Rushby, “Design and Verification of Secure Systems,” 8th ACM Symposium on Operating System Principles, Pacific Grove, California, US. pp. 1221, 1981.
[21] W. Stallings, L. Brown, Computer Security: Principles and Practice (3rd Edition), Pearson Inc.