To see the other types of publications on this topic, follow the link: Software and hardware security.
Dissertations / Theses on the topic 'Software and hardware security'
Create a spot-on reference in APA, MLA, Chicago, Harvard, and other styles
Consult the top 50 dissertations / theses for your research on the topic 'Software and hardware security.'
Next to every source in the list of references, there is an 'Add to bibliography' button. Press on it, and we will generate automatically the bibliographic reference to the chosen work in the citation style you need: APA, MLA, Harvard, Chicago, Vancouver, etc.
You can also download the full text of the academic publication as pdf and read online its abstract whenever available in the metadata.
Browse dissertations / theses on a wide variety of disciplines and organise your bibliography correctly.
1
Edmison, Joshua Nathaniel. "Hardware Architectures for Software Security." Diss., Virginia Tech, 2006. http://hdl.handle.net/10919/29244.
Full textAbstract:
The need for hardware-based software protection stems primarily from the increasing value of software coupled with the inability to trust software that utilizes or manages shared resources. By correctly utilizing security functions in hardware, trust can be removed from software.
Existing hardware-based software protection solutions generally suffer from utilization of trusted software, lack of implementation, and/or extreme measures such as processor redesign. In contrast, the research outlined in this document proposes that substantial, hardware-based software protection can be achieved, without trusting software or redesigning the processor, by augmenting existing processors with security management hardware placed outside of the processor boundary. Benefits of this approach include the ability to add security features to nearly any processor, update security features without redesigning the processor, and provide maximum transparency to the software development and distribution processes. The major contributions of this research include the the augmentation methodology, design principles, and a graph-based method for analyzing hardware-based security systems.Ph. D.
2
Patel, Krutartha Computer Science & Engineering Faculty of Engineering UNSW. "Hardware-software design methods for security and reliability of MPSoCs." Awarded by:University of New South Wales. Computer Science & Engineering, 2009. http://handle.unsw.edu.au/1959.4/44854.
Full textAbstract:
Security of a Multi-Processor System on Chip (MPSoC) is an emerging area of concern in embedded systems. MPSoC security is jeopardized by Code Injection attacks. Code Injection attacks, which are the most common types of software attacks, have plagued single processor systems. Design of MPSoCs must therefore incorporate security as one of the primary objectives. Code Injection attacks exploit vulnerabilities in \trusted" and legacy code. An architecture with a dedicated monitoring processor (MONITOR) is employed to simultaneously supervise the application processors on an MPSoC. The program code in the application processors is divided into basic blocks. The basic blocks in the application processors are statically instrumented with special instructions that allow communication with the MONITOR at runtime. The MONITOR verifies the execution of all the processors at runtime using control flow checks and either a timing or instruction count check. This thesis proposes a monitoring system called SOFTMON, a design methodology called SHIELD, a design flow called LOCS and an architectural framework called CUFFS for detecting Code Injection attacks. SOFTMON, a software monitoring system, uses a software algorithm in the MONITOR. SOFTMON incurs limited area overheads. However, the runtime performance overhead is quite high. SHIELD, an extension to the work in SOFTMON overcomes the limitation of high runtime overhead using a MONITOR that is predominantly hardware based. LOCS uses only one special instruction per basic block compared to two, as was the case in SOFTMON and SHIELD. Additionally, profile information is generated for all the basic blocks in all the application processors for the MPSoC designer to tune the design by increasing or decreasing the frequency of loop basic blocks. CUFFS detects attacks even without application processors communicating to the MONITOR. The SOFTMON, SHIELD and LOCS approaches can only detect attacks if the application processors communicate to the MONITOR. CUFFS relies on the exact number of instructions in basic blocks to determine an attack, rather than time-frame based measures used in SOFTMON, SHIELD and LOCS. The lowest runtime performance overhead was achieved by LOCS (worst case of 37.5%), while the SOFTMON monitoring system had the least amount of area overheads of about 25%. The CUFFS approach employed an active MONITOR and hence detected a greater range of attacks. The CUFFS framework also detects bit flip errors (reliability errors) in the control flow instructions of the application processors on an MPSoC. CUFFS can detect nearly 70% of all bit flip errors in the control flow instructions. Additionally, a modified CUFFS approach is proposed to ensure reliable inter-processor communication on an MPSoC. The modified CUFFS approach uses a hardware based checksum approach for reliable inter-processor communication and incurred a runtime performance overhead of up to 25% and negligible area overheads compared to CUFFS. Thus, the approaches proposed in this thesis equip an MPSoC designer with tools to embed security features during an MPSoC's design phase. Incorporating security measures at the processor design level provides security against software attacks in MPSoCs and incurs manageable runtime, area and code-size overheads.
3
Chakraborty, Rajat Subhra. "Hardware Security through Design Obfuscation." Cleveland, Ohio : Case Western Reserve University, 2010. http://rave.ohiolink.edu/etdc/view?acc_num=case1270133481.
Full textAbstract:
Thesis (Doctor of Philosophy)--Case Western Reserve University, 2010Department of EECS - Computer Engineering Title from PDF (viewed on 2010-05-25) Includes abstract Includes bibliographical references and appendices Available online via the OhioLINK ETD Center
4
Fießler, Andreas Christoph Kurt. "Hybrid Hardware/Software Architectures for Network Packet Processing in Security Applications." Doctoral thesis, Humboldt-Universität zu Berlin, 2019. http://dx.doi.org/10.18452/20023.
Full textAbstract:
Die Menge an in Computernetzwerken verarbeiteten Daten steigt stetig, was Netzwerkgeräte wie Switches, Bridges, Router und Firewalls vor Herausfordungen stellt.
Die Performance der verbreiteten, CPU/softwarebasierten Ansätze für die Implementierung dieser Aufgaben ist durch den inhärenten Overhead in der sequentiellen Datenverarbeitung limitiert, weshalb solche Funktionalitäten vermehrt auf dedizierten Hardwarebausteinen realisiert werden.
Diese bieten eine schnelle, parallele Verarbeitung mit niedriger Latenz, sind allerdings aufwendiger in der Entwicklung und weniger flexibel.
Nicht jede Anwendung kann zudem für parallele Verarbeitung optimiert werden.
Diese Arbeit befasst sich mit hybriden Ansätzen, um eine bessere Ausnutzung der jeweiligen Stärken von Soft- und Hardwaresystemen zu ermöglichen, mit Schwerpunkt auf der Paketklassifikation.
Es wird eine Firewall realisiert, die sowohl Flexibilität und Analysetiefe einer Software-Firewall als auch Durchsatz und Latenz einer Hardware-Firewall erreicht.
Der Ansatz wird auf einem Standard-Rechnersystem, welches für die Hardware-Klassifikation mit einem rekonfigurierbaren Logikbaustein (FPGA) ergänzt wird, evaluiert.
Eine wesentliche Herausforderung einer hybriden Firewall ist die Identifikation von Abhängigkeiten im Regelsatz.
Es werden Ansätze vorgestellt, welche den redundanten Klassifikationsaufwand auf ein Minimum reduzieren, wie etwa die Wiederverwendung von Teilergebnissen der hybriden Klassifikatoren oder eine exakte Abhängigkeitsanalyse mittels Header Space Analysis.
Für weitere Problemstellungen im Bereich der hardwarebasierten Paketklassifikation, wie dynamisch konfigurierbare Filterungsschaltkreise und schnelle, sichere Hashfunktionen für Lookups, werden Machbarkeit und Optimierungen evaluiert.
Der hybride Ansatz wird im Weiteren auf ein System mit einer SDN-Komponente statt einer FPGA-Erweiterung übertragen. Auch hiermit können signifikante Performancegewinne erreicht werden.Network devices like switches, bridges, routers, and firewalls are subject to a continuous development to keep up with ever-rising requirements. As the overhead of software network processing already became the performance-limiting factor for a variety of applications, also former software functions are shifted towards dedicated network processing hardware. Although such application-specific circuits allow fast, parallel, and low latency processing, they require expensive and time-consuming development with minimal possibilities for adaptions. Security can also be a major concern, as these circuits are virtually a black box for the user. Moreover, the highly parallel processing capabilities of specialized hardware are not necessarily an advantage for all kinds of tasks in network processing, where sometimes a classical CPU is better suited. This work introduces and evaluates concepts for building hybrid hardware-software-systems that exploit the advantages of both hardware and software approaches in order to achieve performant, flexible, and versatile network processing and packet classification systems. The approaches are evaluated on standard software systems, extended by a programmable hardware circuit (FPGA) to provide full control and flexibility. One key achievement of this work is the identification and mitigation of challenges inherent when a hybrid combination of multiple packet classification circuits with different characteristics is used. We introduce approaches to reduce redundant classification effort to a minimum, like re-usage of intermediate classification results and determination of dependencies by header space analysis. In addition, for some further challenges in hardware based packet classification like filtering circuits with dynamic updates and fast hash functions for lookups, we describe feasibility and optimizations. At last, the hybrid approach is evaluated using a standard SDN switch instead of the FPGA accelerator to prove portability.
5
Mendoza, Jose Antonio. "Hardware and Software Codesign of a JPEG2000 Watermarking Encoder." Thesis, University of North Texas, 2008. https://digital.library.unt.edu/ark:/67531/metadc9752/.
Full textAbstract:
Analog technology has been around for a long time. The use of analog technology is necessary since we live in an analog world. However, the transmission and storage of analog technology is more complicated and in many cases less efficient than digital technology. Digital technology, on the other hand, provides fast means to be transmitted and stored. Digital technology continues to grow and it is more widely used than ever before. However, with the advent of new technology that can reproduce digital documents or images with unprecedented accuracy, it poses a risk to the intellectual rights of many artists and also on personal security. One way to protect intellectual rights of digital works is by embedding watermarks in them. The watermarks can be visible or invisible depending on the application and the final objective of the intellectual work. This thesis deals with watermarking images in the discrete wavelet transform domain. The watermarking process was done using the JPEG2000 compression standard as a platform. The hardware implementation was achieved using the ALTERA DSP Builder and SIMULINK software to program the DE2 ALTERA FPGA board. The JPEG2000 color transform and the wavelet transformation blocks were implemented using the hardware-in-the-loop (HIL) configuration.
6
Ramsey, Glenn. "Hardware/software optimizations for elliptic curve scalar multiplication on hybrid FPGAs /." Online version of thesis, 2008. http://hdl.handle.net/1850/7765.
Full text
7
Zarate, Orozco Ismael. "Software and Hardware-In-The-Loop Modeling of an Audio Watermarking Algorithm." Thesis, University of North Texas, 2010. https://digital.library.unt.edu/ark:/67531/metadc33221/.
Full textAbstract:
Due to the accelerated growth in digital music distribution, it becomes easy to modify, intercept, and distribute material illegally. To overcome the urgent need for copyright protection against piracy, several audio watermarking schemes have been proposed and implemented. These digital audio watermarking schemes have the purpose of embedding inaudible information within the host file to cover copyright and authentication issues. This thesis proposes an audio watermarking model using MATLAB® and Simulink® software for 1K and 2K fast Fourier transform (FFT) lengths. The watermark insertion process is performed in the frequency domain to guarantee the imperceptibility of the watermark to the human auditory system. Additionally, the proposed audio watermarking model was implemented in a Cyclone® II FPGA device from Altera® using the Altera® DSP Builder tool and MATLAB/Simulink® software. To evaluate the performance of the proposed audio watermarking scheme, effectiveness and fidelity performance tests were conducted for the proposed software and hardware-in-the-loop based audio watermarking model.
8
Zaiets, Tetiana. "Diebold Nixdorf - global leader in providing innovative self-service technology, security systems and related services." Thesis, Київський національний університет технологій та дизайну, 2017. https://er.knutd.edu.ua/handle/123456789/6690.
Full text
9
Farag, Mohammed Morsy Naeem. "Architectural Enhancements to Increase Trust in Cyber-Physical Systems Containing Untrusted Software and Hardware." Diss., Virginia Tech, 2012. http://hdl.handle.net/10919/29084.
Full textAbstract:
Embedded electronics are widely employed in cyber-physical systems (CPSes), which tightly integrate and coordinate computational and physical elements. CPSes are extensively deployed in security-critical applications and nationwide infrastructure. Perimeter security approaches to preventing malware infiltration of CPSes are challenged by the complexity of modern embedded systems incorporating numerous heterogeneous and updatable components. Global supply chains and third-party hardware components, tools, and software limit the reach of design verification techniques and introduce security concerns about deliberate Trojan inclusions. As a consequence, skilled attacks against CPSes have demonstrated that these systems can be surreptitiously compromised. Existing run-time security approaches are not adequate to counter such threats because of either the impact on performance and cost, lack of scalability and generality, trust needed in global third parties, or significant changes required to the design flow.
We present a protection scheme called Run-time Enhancement of Trusted Computing (RETC) to enhance trust in CPSes containing untrusted software and hardware. RETC is complementary to design-time verification approaches and serves as a last line of defense against the rising number of inexorable threats against CPSes. We target systems built using reconfigurable hardware to meet the flexibility and high-performance requirements of modern security protections. Security policies are derived from the system physical characteristics and component operational specifications and translated into synthesizable hardware integrated into specific interfaces on a per-module or per-function basis. The policy-based approach addresses many security challenges by decoupling policies from system-specific implementations and optimizations, and minimizes changes required to the design flow. Interface guards enable in-line monitoring and enforcement of critical system computations at run-time. Trust is only required in a small set of simple, self-contained, and verifiable guard components. Hardware trust anchors simultaneously addresses the performance, flexibility, developer productivity, and security requirements of contemporary CPSes.
We apply RETC to several CPSes having common security challenges including: secure reconfiguration control in reconfigurable cognitive radio platforms, tolerating hardware Trojan threats in third-party IP cores, and preserving stability in process control systems. High-level architectures demonstrated with prototypes are presented for the selected applications. Implementation results illustrate the RETC efficiency in terms of the performance and overheads of the hardware trust anchors. Testbenches associated with the addressed threat models are generated and experimentally validated on reconfigurable platform to establish the protection scheme efficacy in thwarting the selected threats. This new approach significantly enhances trust in CPSes containing untrusted components without sacrificing cost and performance.Ph. D.
10
Kalibjian, Jeff. "Virtualization Security Issues in Telemetry Post-Processing Environments." International Foundation for Telemetering, 2009. http://hdl.handle.net/10150/606000.
Full textAbstract:
ITC/USA 2009 Conference Proceedings / The Forty-Fifth Annual International Telemetering Conference and Technical Exhibition / October 26-29, 2009 / Riviera Hotel & Convention Center, Las Vegas, NevadaVirtualization technologies have the potential to transform the telemetry post-processing environment. Significant efficiencies can be gained by migrating telemetry post processing activities to virtual computing platforms. However, while facilitating better server utilization, virtualization also presents several challenges; one of the most difficult of those challenges being security. In virtualization, server environments are replicated in software; unfortunately, the security individual servers provide is not replicated in a software stack implementation of a server environment. After reviewing virtualization fundamentals, security issues and their impact on telemetry post processing will be discussed.
11
Godquin, Tanguy. "Sécurisation adaptative des objets de l'IoT par méthodes logicielles (White box) et combinées (hardware et software)." Thesis, Normandie, 2020. http://www.theses.fr/2020NORMC222.
Full textAbstract:
Depuis maintenant plusieurs années, nous assistons à l'essor de l'Internet des Objets (IdO ou IoT en anglais). Suite à de récentes attaques sur ces systèmes, les études ont démontré que la sécurité de ces appareils était majoritairement insuffisante. Afin de remédier à ce problème, nous devrions idéalement mettre en place des mécanismes de sécurité sur l'ensemble des périphériques IoT, cependant cette solution n'est pas toujours envisageable.Une approche alternative, pour sécuriser ces systèmes, consiste à déployer des services de sécurité en bordure du réseau afin de rapprocher les mécanismes de sécurité au plus près des périphériques non sécurisés.Le but de cette thèse est de constituer un framework de sécurisation adaptative des objets de l'IoT qui repose sur le positionnement de services de sécurité. Ce travail se décompose en trois contributions qui touchent chacune des aspects différents de notre approche.La première contribution élabore une stratégie de déploiement de services de sécurité qui minimise leurs coûts de déploiement. Cette approche traduit nos contraintes de positionnement sous la forme d'un problème de graphes que nous proposons de résoudre à l'aide d'outils de théorie des graphes.La seconde contribution formalise les problèmes de placement de services pour les modéliser sous la forme d'une ontologie. Cette dernière est alors utilisée pour résoudre ces problèmes et permettre de comparer leurs différentes solutions.La troisième contribution se focalise sur les services de sécurité qui implémentent de la cryptographie \textit{whitebox}. Dans cette contribution, nous proposons un mécanisme d'ancrage de ces implémentations sur un réseau IoT afin de prévenir les attaques par extraction de code ainsi que le vol du périphérique.Finalement, nous proposons un framework de sécurisation adaptative des objets de l'IoT dans lequel nous positionnons l'ensemble des contributions réalisées pendant cette thèseThe Internet of Things (IoT) has been on the rise for several years now. Following recent attacks on these systems, studies have shown that most of these devices were not sufficiently secured. The ideal solution to this problem would be to provide security mechanisms on all IoT devices however, this solution is not always achievable.An alternative strategy to secure these systems would be to deploy security services at the edge of the network to bring the security mechanisms as close as possible to unsecured devices.The purpose of this thesis is to design an adaptive security framework for IoT devices relying on security services positioning. This work is divided into three contributions, each of which affects different aspects of our approach.The first contribution provides a strategy for deploying security services that minimizes the cost of deployment. This method expresses our positioning constraints into a graph problem which we suggest solving using graph theory.The second contribution formalizes the service placement problems and models them into an ontology. The latter is then used to solve those problems and to compare their different solutions.The third contribution focuses on security services that implement \textit{whitebox} cryptography. In this contribution, we present a mechanism for anchoring these implementations on an IoT network to prevent code lifting attacks and device theft.Finally, we present an adaptive security framework for IoT objects in which we position all the contributions made during this thesis
12
Fießler, Andreas Christoph Kurt [Verfasser], Björn [Gutachter] Scheuermann, Andrew W. [Gutachter] Moore, and Georg [Gutachter] Carle. "Hybrid Hardware/Software Architectures for Network Packet Processing in Security Applications / Andreas Christoph Kurt Fießler ; Gutachter: Björn Scheuermann, Andrew W. Moore, Georg Carle." Berlin : Humboldt-Universität zu Berlin, 2019. http://d-nb.info/1189213710/34.
Full text
13
Fießler, Andreas [Verfasser], Björn [Gutachter] Scheuermann, Andrew W. [Gutachter] Moore, and Georg [Gutachter] Carle. "Hybrid Hardware/Software Architectures for Network Packet Processing in Security Applications / Andreas Christoph Kurt Fießler ; Gutachter: Björn Scheuermann, Andrew W. Moore, Georg Carle." Berlin : Humboldt-Universität zu Berlin, 2019. http://d-nb.info/1189213710/34.
Full text
14
Wahab, Muhammad Abdul. "Hardware support for the security analysis of embedded softwares : applications on information flow control and malware analysis." Thesis, CentraleSupélec, 2018. http://www.theses.fr/2018CSUP0003.
Full textAbstract:
Le contrôle de flux d’informations, Dynamic Information Flow Tracking (DIFT), permet de détecter différents types d’attaques logicielles tels que les dépassements de tampon ou les injections SQL. Dans cette thèse, une solution ciblant les processeurs hardcore ARM Cortex-A9 est proposée. Notre approche s’appuie sur des composants ARM CoreSight, qui permettent de tracer l’exécution des programmes exécutés par le processeur, afin de réaliser le contrôle de flux d’informations. Le co-processeur DIFT que nous proposons est réalisé dans la partie FPGA Artix-7 du système sur puce (SoC) Zynq. Il est montré que l’utilisation des composants ARM CoreSight n’ajoute pas de surcoût en terme de temps d’exécution et permet une amélioration du temps de communication entre le processeur ARM et le coprocesseur DIFTInformation flow control (also known as Dynamic Information Flow Tracking, DIFT), allows a user to detect several types of software attacks such as buffer overflow or SQL injections. In this thesis, a solution based on the ARM Cortex-A9 processor family is proposed. Our approach relies on the use of ARM CoreSight components, which are able to trace software as executed by the processor in order to perform the information flow tracking. The DIFT coprocessor proposed in this thesis is implemented in an Artix-7 FPGA, embedded in a System-on-Chip (SoC) Zynq provided by Xilinx. It is shown that using ARM CoreSight components does not add a latency overhead while giving a better communication time between the ARM processor and the DIFT coprocessor
15
Mao, Yuxiao. "Détection dynamique d'attaques logicielles et matérielles basée sur l'analyse de signaux microarchitecturaux." Thesis, Toulouse, INSA, 2022. http://www.theses.fr/2022ISAT0015.
Full textAbstract:
Les systèmes informatiques ont évolué rapidement ces dernières années, ces évolutions touchant toutes les couches des systèmes informatiques, du logiciel (systèmes d'exploitation et logiciels utilisateur) au matériel (microarchitecture et technologie des puces). Si ce développement a permis d'accroître les fonctionnalités et les performances, il a également augmenté la complexité des systèmes (rendant plus difficile la compréhension globale du système), et par la-même augmenté la surface d'attaque pour les pirates. Si les attaques ont toujours ciblé les vulnérabilités logicielles, au cours des deux dernières décennies, les attaques exploitant les vulnérabilités matérielles des systèmes informatiques sont devenues suffisamment graves pour ne plus être ignorées. En 2018, par exemple, la divulgation des attaques Spectre et Meltdown a mis sur le devant de la scène les problèmes que peuvent poser certaines optimisations faites dans la microarchitecture des systèmes. Malheureusement, la détection et la protection contre ces attaques se révèlent particulièrement complexes, et posent donc aujourd'hui de nombreux défis : (1) le niveau élevé de complexité et de variabilité de la microarchitecture implique une grande difficulté à identifier les sources de vulnérabilité; (2) les contremesures impliquant une modification de la microarchitecture peuvent impacter significativement les performances globales du système complet; et (3) les contremesures doivent pouvoir s'adapter à l'évolution des attaques. Pour donner des éléments de réponse, cette thèse s'est intéressée à l'utilisation des informations qui sont disponibles au niveau de la microarchitecture pour construire des méthodes de détection efficaces.Ces travaux ont en particulier abouti à la construction d'un framework permettant la détection d'attaques qui laissent des empreintes au niveau de la couche microarchitecturale. Ce framework propose : (1) d'utiliser les informations microarchitecturales pour la détection des attaques, couvrant efficacement les attaques visant les vulnérabilités microarchitecturales; (2) de proposer une méthodologie pour aider les concepteurs dans le choix des informations pertinentes à extraire de la microarchitecture; (3) d'utiliser des connexions dédiées pour la transmission de ces informations microarchitecturales afin de garantir une haute bande passante; et (4) d'utiliser du matériel reconfigurable en conjonction avec du logiciel pour implémenter la logique de détection des attaques. Cette combinaison de logiciel et matériel reconfigurable (constituant le module de détection) permet à la fois de réduire l'impact sur les performances grâce à de l'accélération matérielle, et de mettre à jour la logique de détection afin de s'adapter à l'évolution des menaces par la reconfiguration au cours du cycle de vie du système. Nous présentons en détails les changements requis au niveau de la microarchitecture et du système d'exploitation, la méthodologie pour sélectionner les informations microarchitecturales appropriées, l'intégration de ce framework dans un système informatique spécifique, ainsi que la description du fonctionnement du système final pendant son cycle de vie. Cette thèse décrit pour finir deux cas d'étude menés sur un prototype (basé sur un coeur RISC-V) sur un FPGA, et montre comment des logiques relativement simples implantées dans le module de détection nous ont permis de détecter des attaques de classes différentes (attaque visant les caches et attaques de type ROP) sur un système complet exécutant un système d'exploitation, via l'exploitation d'informations provenant de la microarchitectureIn recent years, computer systems have evolved quickly. This evolution concerns different layers of the system, both software (operating systems and user programs) and hardware (microarchitecture design and chip technology). While this evolution allows to enrich the functionalities and improve the performance, it has also increased the complexity of the systems. It is difficult, if not impossible, to fully understand a particular modern computer system, and a greater complexity also stands for a larger attack surface for hackers. While most of the attacks target software vulnerabilities, over the past two decades, attacks exploiting hardware vulnerabilities have emerged and demonstrated their serious impact. For example, in 2018, the Spectre and Meltdown attacks have been disclosed, that exploited vulnerabilities in the microarchitecture layer to allow powerful arbitrary reads, and highlighted the security issues that can arise from certain optimizations of system microarchitecture. Detecting and preventing such attacks is not intuitive and there are many challenges to deal with: (1) the great difficulty in identifying sources of vulnerability implied by the high level of complexity and variability of different microarchitectures; (2) the significant impact of countermeasures on overall performance and on modifications to the system's hardware microarchitecture generally not desired; and (3) the necessity to design countermeasures able to adapt to the evolution of the attack after deployment of the system. To face these challenges, this thesis focuses on the use of information available at the microarchitecture level to build efficient attack detection methods.In particular, we describe a framework allowing the dynamic detection of attacks that leave fingerprints at the system's microarchitecture layer. This framework proposes: (1) the use microarchitectural information for attack detection, which can effectively cover attacks targeting microarchitectural vulnerabilities; (2) a methodology that assists designers in selecting relevant microarchitectural information to extract; (3) the use of dedicated connections for the transmission of information extracted, in order to ensure high transmission bandwidth and prevent data loss; and (4) the use of reconfigurable hardware in conjunction with software to implement attack detection logic. This combination (composing to the so-called detection module) reduces the performance overhead through hardware acceleration, and allows updating detection logic during the system lifetime with reconfiguration in order to adapt to the evolution of attacks. We present in detail the proposed architecture and modification needed on the operating system, the methodology for selecting appropriate microarchitectural information and for integrating this framework into a specific computer system, and we describe how the final system integrating our detection module is able to detect attacks and adapt to attack evolution. This thesis also provides two use-case studies implemented on a prototype (based on a RISC-V core with a Linux operating system) on an FPGA. It shows that, thanks to the analysis of microarchitectural information, relatively simple logic implemented in the detection module is sufficient to detect different classes of attacks (cache side-channel attack and ROP attack)
16
Stamenkovich, Joseph Allan. "Enhancing Trust in Autonomous Systems without Verifying Software." Thesis, Virginia Tech, 2019. http://hdl.handle.net/10919/89950.
Full textAbstract:
The complexity of the software behind autonomous systems is rapidly growing, as are the
applications of what they can do. It is not unusual for the lines of code to reach the millions,
which adds to the verification challenge. The machine learning algorithms involved are often
"black boxes" where the precise workings are not known by the developer applying them, and
their behavior is undefined when encountering an untrained scenario. With so much code, the
possibility of bugs or malicious code is considerable. An approach is developed to monitor and
possibly override the behavior of autonomous systems independent of the software controlling
them. Application-isolated safety monitors are implemented in configurable hardware to
ensure that the behavior of an autonomous system is limited to what is intended. The sensor
inputs may be shared with the software, but the output from the monitors is only engaged
when the system violates its prescribed behavior. For each specific rule the system is expected
to follow, a monitor is present processing the relevant sensor information. The behavior is
defined in linear temporal logic (LTL) and the associated monitors are implemented in a
field programmable gate array (FPGA). An off-the-shelf drone is used to demonstrate the
effectiveness of the monitors without any physical modifications to the drone. Upon detection
of a violation, appropriate corrective actions are persistently enforced on the autonomous
system.Master of Science
Autonomous systems are surprisingly vulnerable, not just from malicious hackers, but from design errors and oversights. The lines of code required can quickly climb into the millions, and the artificial decision algorithms can be inscrutable and fully dependent upon the information they are trained on. These factors cause the verification of the core software running our autonomous cars, drones, and everything else to be prohibitively difficult by traditional means. Independent safety monitors are implemented to provide internal oversight for these autonomous systems. A semi-automatic design process efficiently creates error-free monitors from safety rules drones need to follow. These monitors remain separate and isolated from the software typically controlling the system, but use the same sensor information. They are embedded in the circuitry and act as their own small, task-specific processors watching to make sure a particular rule is not violated; otherwise, they take control of the system and force corrective behavior. The monitors are added to a consumer off-the-shelf (COTS) drone to demonstrate their effectiveness. For every rule monitored, an override is triggered when they are violated. Their effectiveness depends on reliable sensor information as with any electronic component, and the completeness of the rules detailing these monitors.
17
Sensaoui, Abderrahmane. "Etude et implémentation de mécanismes de protection d'exécution d'applications embarquées." Thesis, Université Grenoble Alpes, 2020. http://www.theses.fr/2020GRALM002.
Full textAbstract:
En considérant la vitesse avec laquelle la technologie des systèmes embarqués progresse, il n’est pas étonnant que le nombre des attaques des systèmes soit en nette augmentation. De nombreuses applications sont développées rapidement et sont écrites avec un langage bas niveau pour suivre le rythme avec lequel progresse l’industrie des systèmes embarqués. Souvent, ces applications contiennent beaucoup de bugs. Certains bugs peuvent être exploités pour pénétrer un système et exécuter un code malveillant. Aujourd’hui, la revue de code peut s’avérer très coûteuse vu la taille des codes développés. En outre, une revue détaillée de code ne garantit pas un système infaillible.Cette thèse présente une architecture permettant l'exécution de plusieurs applications sécurisées et non sécurisées sur une même plate-forme « légère ». Notre architecture doit garantir que même s’il y a une application compromise, les attaquants ne peuvent pas compromettre la totalité du système et/ou récupérer les données des autres applications. Elle doit garantir une forte séparation entre tous les périphériques et les applications présents sur la plate-forme. Finalement, elle doit aussi être capable de vérifier l’état de n’importe quel bout de code. Pour pouvoir garantir ces points, nous utiliserons des techniques d’isolation et d’attestation.Dans un premier temps, nous avons étudié plusieurs architectures d’isolation et d’attestation décrites dans la littérature et utilisés par l’industrie. L’étude a montré qu’il existe une grande variété d’architectures intéressantes offrant différents niveaux de protection et visant différents systèmes. Les systèmes avec une grande capacité de calcul proposent un bon niveau de protection. Par contre, les systèmes « légers », qui ont des ressources très limitées et doivent répondre aux contraintes temporelles, échouent dans au moins un des critères suivants : l’isolation, les performances, le coût, ou bien la flexibilité.À l’issue de cette étude, nous avons conçu Toubkal. Une solution hybride (Co-design logiciel et matériel) pour offrir une architecture d’isolation et d’attestation modulaire qui permet d’établir une isolation sur plusieurs niveaux, de détecter la présence d’un logiciel malveillant ou une donnée malveillante avec des performances acceptables et un coût réduit.Toubkal est principalement composé de trois modules ; deux matériels et un logiciel. Le premier module, appelé Master Memory Protection, permet de créer un premier niveau d’isolation pour contrôler les accès mémoire des périphériques. Le deuxième module, appelé Execution Aware Protection, permet de renforcer la protection d’un logiciel critique, y compris le système d’exploitation. Ces deux niveaux d’isolation permettent de réduire la surface d’attaque.L’isolation toute seule ne suffit pas pour garantir que les applications fonctionnent comme il le faut. En fait, l’attaquant peut toujours modifier le comportement d’une application faillible. Pour cela, Toubkal propose un root immuable qui permet d’attester l’intégrité des autres applications.Pour valider le design de Toubkal, nous avons défini des propriétés de sécurité que nous avons prouvé avec la vérification formelle. Nous avons aussi évalué la taille de Toubkal. Les résultats montrent que le coût de Toubkal est acceptable pour un système dit « léger ».Finalement, nous avons conclu cette thèse avec une discussion des limitations de Toubkal et les perspectives pour améliorer le design et offrir plus de protection, comme par exemple le chiffrement du code à coût cachéLooking at the speed by which embedded systems technologies are advancing, there is no surprise the attacks' number is rising. Many applications are written quickly in a low-level language to keep up with industry pace, and they contain a variety of bugs. Bugs can be used to break into a device and to run malicious code. Reviewing code becomes more and more complex and costly due to its size. Another factor complicating code review is the use of on-the-shelf libraries. Even a detailed code review does not guarantee a bug-free application.This thesis presents an architecture to run securely untrusted applications on the same platform. We assume that the applications contain exploitable bugs, even the operating system can be exploited. We also assume that attackers can take control of In/Out hardware components (e.g., Direct Memory Access (DMA)). The device is trusted when the architecture guarantees that attackers cannot compromise the whole device and access sensitive code and data. Even when an application is compromised, our architecture guarantees a strong separation of multiple components: hardware and software. It ensures the authenticity and integrity of embedded applications and can verify their state before any sensitive operation. The architecture guarantees, for local and remote parties, that the device is running properly, and protect against software attacks.First, we study multiple attack vector and isolation and attestation architectures. We present multiple software attack vectors, and we define the security features and properties that these architectures need to ensure. We provide a detailed description of fifteen existing architectures in both academia and industry, and we compare their features. Then, we provide an in-depth study of five lightweight architectures where we give a comparison of performance, size, and how they behave against software-based attacks. From these studies, we draw our security objectives for lightweight devices: multi-layer isolation, attestation, upgradability, confidentiality, small size with a negligible run-time overhead and ease-of-use.Then, we design hybrid isolation and attestation architecture for lightweight devices. The so-called Toubkal offers multi-layered isolation; the system is composed of three layers of isolation. The first one is at the hardware level to separate In/Out components from each other. The second one is at the security monitor level; our study shows that there is a strong need to create a real separation between the security monitor and all the rest. Finally, the third layer is at the application level.However, isolation itself is not sufficient. Devices still need to ensure that the running application behaves as it was intended. For this reason, Toubkal provides attestation to be able to check the state of a device at any-time. It guarantees that a software component or data were not compromised.Finally, we prove the correctness of the security properties that Toubkal provides. We modeled Toubkal as a finite state machine and used computer-aided formal verification to prove the security properties. Then, we evaluated Toubkal's overhead. The results show that Toubkal overhead is small and fit for lightweight devices
18
Perin, Guilherme. "On the Resistance of RSA Countermeasures at Algorithmic, Arithmetic and Hardware Levels Against Chosen-Message, Correlation and Single-Execution Side-Channel Attacks." Thesis, Montpellier 2, 2014. http://www.theses.fr/2014MON20039/document.
Full textAbstract:
De nos jours, les concepteurs de dispositifs cryptographiques doivent non seulement mettre en œuvre des algorithmes robustes, mais ils doivent également s'assurer qu'il n'y ait pas de fuites d'informations à travers plusieurs canaux latéraux lors de l'exécution d'un algorithme. En effet, si ce n'est pas le cas, les implémentations cryptographiques, tant symétriques qu'asymétriques, seront vulnérables aux attaques par canaux auxiliaires. Pour les algorithmes à clé publique tels que le RSA, l'opération principale que doit être rendue robuste est l'exponentiation modulaire sur un anneau fini. Les principales solutions (contremesures) permettant de rendre robuste l'exponentiation modulaire à ces attaques par canaux auxiliaires sont basées sur la randomisation des données traitées. La randomisation de l'exposant et celle des messages sont en effet des techniques particulièrement efficaces pour contrecarrer les attaques par collision et par analyse des corrélations verticales. Toutefois, ces solutions éculées montrent leurs limites par rapport aux attaques dites horizontales qui n'exploitent qu'une exponentiation. Dans ce contexte, ce document relate le travail de conception, tant matériel que logiciel, d'un chiffreur RSA basé sur les systèmes modulaires de représentation des nombres (RNS). Ce chiffreur incorpore différentes contremesures définies à divers niveaux d'abstraction. L'évaluation de sa robustesse aux attaques par canaux cachés tant horizontales que verticales a démontré sa pertinenceNot only designers of cryptographic devices have to implement the algorithmsefficiently, they also have to ensure that sensible information that leaks throughseveral side-channels (time, temperature, power consumption, electromagneticemanations, etc.) during the execution of an algorithm, remains unexploitedby an attacker. If not sufficiently protected, both symmetric and asymmetriccryptographic implementations are vulnerable to these so-called side-channelattacks (SCA). For public-key algorithms such as RSA, the main operation to bearmoured consists of a multi-digit exponentiation over a finite ring.Countermeasures to defeat most of side-channel attacks onexponentiations are based on randomization of processed data. The exponentand the message blinding are particular techniques to thwartsimple, collisions, differential and correlation analyses. Attacks based ona single (trace) execution of exponentiations, like horizontal correlationanalysis and profiled template attacks, have shown to be efficient againstmost of popular countermeasures.This work proposes a hardware and software implementations of RSA based on Residue Number System (RNS). Different countermeasures are implemented on different abstraction levels. Then, chosen-message and correlation attacks, based on both multi-trace and single-trace attacks are applied to evaluate the robustness of adopted countermeasures. Finally, we propose an improved single-execution attack based on unsupervised learning and multi-resolution analysis using the wavelet transform
19
Janardhana, Swamy V. C. "Electronic Access Control Systems: A New Approach." Thesis, Indian Institute of Science, 1994. http://hdl.handle.net/2005/237.
Full textAbstract:
Security systems are gaining increasing importance in recent times to protect life and valuable resources. Many advanced methods of providing security have been developed and are in use in the last few decades. Of these, one important area is the security system required for military/strategic applications, which has advanced greatly. But, such systems being complex and expensive are useful in high-end applications only. However, with the recent progress in technology and the growing need for increased security in civilian and other applications, many low cost solutions for security systems have now emerged. As a result, many applications where only a simple intruder alarm was the means of providing security in earlier days are now able to associate with more advanced and foolproof access control techniques. And the field of Access Control Systems (ACSs) using modern approaches has become a major means of providing security in all applications, both military and civilian.
20
Alzomai, Mohammed Hamad. "Identity management : strengthening one-time password authentication through usability." Thesis, Queensland University of Technology, 2011. https://eprints.qut.edu.au/46213/1/Mohammed_Alzomai_Thesis.pdf.
Full textAbstract:
Usability in HCI (Human-Computer Interaction) is normally understood as the simplicity and clarity with which the interaction with a computer program or a web site is designed. Identity management systems need to provide adequate usability and should have a simple and intuitive interface. The system should not only be designed to satisfy service provider requirements but it has to consider user requirements, otherwise it will lead to inconvenience and poor usability for users when managing their identities. With poor usability and a poor user interface with regard to security, it is highly likely that the system will have poor security. The rapid growth in the number of online services leads to an increasing number of different digital identities each user needs to manage. As a result, many people feel overloaded with credentials, which in turn negatively impacts their ability to manage them securely. Passwords are perhaps the most common type of credential used today. To avoid the tedious task of remembering difficult passwords, users often behave less securely by using low entropy and weak passwords. Weak passwords and bad password habits represent security threats to online services. Some solutions have been developed to eliminate the need for users to create and manage passwords. A typical solution is based on generating one-time passwords, i.e. passwords for single session or transaction usage. Unfortunately, most of these solutions do not satisfy scalability and/or usability requirements, or they are simply insecure. In this thesis, the security and usability aspects of contemporary methods for authentication based on one-time passwords (OTP) are examined and analyzed. In addition, more scalable solutions that provide a good user experience while at the same time preserving strong security are proposed.
21
Kekely, Lukáš. "Hardwarová akcelerace aplikací pro monitorování a bezpečnost vysokorychlostních sítí." Master's thesis, Vysoké učení technické v Brně. Fakulta informačních technologií, 2013. http://www.nusl.cz/ntk/nusl-236345.
Full textAbstract:
This master's thesis deals with the design of software controlled hardware acceleration system for high-speed networks. The main goal is to provide easy access to acceleration for various network security and monitoring applications. The proposed system is designed for 100 Gbps networks. It enables high-speed processing on an FPGA card together with flexible software control. The combination of hardware speed and software flexibility allows easy creation of complex high-performance network applications. Achievable performance improvement of three chosen monitoring and security applications is shown using simulation model of the designed system.
22
Juránek, Karel. "Posouzení stávajícího informačního systému firmy a návrh změn." Master's thesis, Vysoké učení technické v Brně. Fakulta podnikatelská, 2010. http://www.nusl.cz/ntk/nusl-222497.
Full textAbstract:
This diploma thesis deals with the information system in company VUES Brno plc. To examination its characteristics are used various methods and analyses. Following results of analyses are proposed the most acceptable changes and improvements regarding to company‘s requirements and economics possibilities.
23
Ružička, Silvestr. "Návrh informačního systému." Master's thesis, Vysoké učení technické v Brně. Fakulta podnikatelská, 2016. http://www.nusl.cz/ntk/nusl-241415.
Full textAbstract:
The object of this diploma thesis is to analyze current status of information system of company Tower. As a result of this analysis will be propsal of new information system based on the requirements of the company.
24
Zvolánek, Milan. "Posouzení informačního systému firmy, procesů a návrh změn." Master's thesis, Vysoké učení technické v Brně. Fakulta podnikatelská, 2014. http://www.nusl.cz/ntk/nusl-224725.
Full textAbstract:
This master thesis deals with the analysis of information system and selected processes linked to the information system. It contains teoretical foundations of the selected problem, analysis and information system assessment and proposes several changes in order to make the information system and processes more efficient.
25
Kekely, Lukáš. "Softwarově řízené monitorování síťového provozu." Doctoral thesis, Vysoké učení technické v Brně. Fakulta informačních technologií, 2017. http://www.nusl.cz/ntk/nusl-412592.
Full textAbstract:
Tato disertační práce se zabývá návrhem nového způsobu softwarově řízené (definované) hardwarové akcelerace pro moderní vysokorychlostní počítačové sítě. Hlavním cílem práce je formulace obecného, flexibilního a jednoduše použitelného konceptu akcelerace použitelného pro různé bezpečnostní a monitorovací aplikace, který by umožnil jejich reálné nasazení ve 100 Gb/s a rychlejších sítích. Disertační práce začíná rozborem aktuálního stavu poznání v oborech síťového monitorování, bezpečnosti a způsobů akcelerace zpracování vysokorychlostních síťových dat. Na základě tohoto rozboru je formulován a navržen zcela nový koncept s názvem Softwarově definované monitorování (SDM). Klíčová funkcionalita uvedeného konceptu je postavená na hardwarově akcelerované, aplikačně specifické (řízené), na tocích založené, informované redukci a distribuci zachycených síťových dat. Toto je zajištěno spojením vysokorychlostního hardwarového zpracování s flexibilním softwarovým řízením, které tak společně umožňují jednoduchou tvorbu různých komplexních a vysoce výkonných síťových aplikací. Pokročilé optimalizace a vylepšení základního SDM konceptu a jeho vybraných komponent jsou v práci též zkoumány, což vede k návrhu zcela unikátní a obecně použitelné FPGA architektury modulárního analyzátoru hlaviček paketů a vysoce výkonného klasifikátoru paketů založeného na kukaččím hashovaní. Nakonec je vytvořen vysokorychlostní SDM prototyp postavený nad FPGA akcelerační síťovou kartou, který je podrobně ověřen v podmínkách nasazení do reálných sítí. Jsou změřeny a diskutovány dosažitelné zlepšení výkonností v několika vybraných monitorovacích a bezpečnostních případech užití. Vytvořený SDM prototyp je rovněž nasazen v produkčním monitorování reálné páteřní sítě sdružení Cesnet a byl komercializován společností Netcope Technologies.
26
Parolek, Pavel. "Posouzení informačního systému firmy a návrh změn." Master's thesis, Vysoké učení technické v Brně. Fakulta podnikatelská, 2012. http://www.nusl.cz/ntk/nusl-223500.
Full textAbstract:
My thesis focuses on information system analysis of local municipalities, specifically on Břeclav Municipal Office information system. My thesis evaulates the information system's efficiency, identifies its weak points and suggests measures eliminating these weak points.
27
Hiscock, Thomas. "Microcontrôleur à flux chiffré d'instructions et de données." Thesis, Université Paris-Saclay (ComUE), 2017. http://www.theses.fr/2017SACLV074/document.
Full textAbstract:
Un nombre important et en constante augmentation de systèmes numériques nous entoure. Tablettes, smartphones et objets connectés ne sont que quelques exemples apparents de ces technologies omniprésentes, dont la majeure partie est enfouie, invisible à l'utilisateur. Les microprocesseurs, au cœur de ces systèmes, sont soumis à de fortes contraintes en ressources, sûreté de fonctionnement et se doivent, plus que jamais, de proposer une sécurité renforcée. La tâche est d'autant plus complexe qu'un tel système, par sa proximité avec l'utilisateur, offre une large surface d'attaque.Cette thèse, se concentre sur une propriété essentielle attendue pour un tel système, la confidentialité, le maintien du secret du programme et des données qu'il manipule. En effet, l'analyse du programme, des instructions qui le compose, est une étape essentielle dans la conception d'une attaque. D'autre part, un programme est amené à manipuler des données sensibles (clés cryptographiques, mots de passes, ...), qui doivent rester secrètes pour ne pas compromettre la sécurité du système.Cette thèse, se concentre sur une propriété essentielle attendue pour un tel système, la confidentialité, le maintien du secret du programme et des données qu'il manipule. Une première contribution de ces travaux est une méthode de chiffrement d'un code, basée sur le graphe de flot de contrôle, rendant possible l'utilisation d'algorithmes de chiffrement par flots, légers et efficaces. Protéger les accès mémoires aux données d'un programme s'avère plus complexe. Dans cette optique, nous proposons l'utilisation d'un chiffrement homomorphe pour chiffrer les données stockées en mémoire et les maintenir sous forme chiffrée lors de l'exécution des instructions. Enfin, nous présenterons l'intégration de ces propositions dans une architecture de processeur et les résultats d'évaluation sur logique programmable (FPGA) avec plusieurs programmes d'exemplesEmbedded processors are today ubiquitous, dozen of them compose and orchestrate every technology surrounding us, from tablets to smartphones and a large amount of invisible ones. At the core of these systems, processors gather data, process them and interact with the outside world. As such, they are excepted to meet very strict safety and security requirements. From a security perspective, the task is even more difficult considering the user has a physical access to the device, allowing a wide range of specifically tailored attacks.Confidentiality, in terms of both software code and data is one of the fundamental properties expected for such systems. The first contribution of this work is a software encryption method based on the control flow graph of the program. This enables the use of stream ciphers to provide lightweight and efficient encryption, suitable for constrained processors. The second contribution is a data encryption mechanism based on homomorphic encryption. With this scheme, sensible data remain encrypted not only in memory, but also during computations. Then, the integration and evaluation of these solutions on Field Programmable Gate Array (FPGA) with some example programs will be discussed
28
Neuwirth, Bernard. "Problematika hodnocení optimality a vyváženosti podnikových IS." Doctoral thesis, Vysoké učení technické v Brně. Fakulta podnikatelská, 2009. http://www.nusl.cz/ntk/nusl-233719.
Full textAbstract:
This doctoral thesis deals with the aspects of evaluation of balance and optimality of corporate information systems. The initiative for this specialization was given by the increasing importance that is being laid on the perception of information systems from the point of view of a business company. More and more resources are being invested in the domain of information systems, but afterwards, it is not always ascertained that the information system is such a system, one could characterize as balanced and optimal for the company today as well as in the future. Often this is because there does not exist for the company an available and easily applicable methodic how to evaluate the system. As one of the main starting points of this doctoral thesis I have chosen the methodic HOS8 that was published 5 years ago on our faculty. The newly proposed methodic HOS2009 is trying to clear up the weak points of the original HOS8 methodic that were discovered during its practical use. This is done mainly by using the information feedback from the applicants of the methodic. Within the scope of this thesis the factors influencing the level of the particular areas of the system and the influence of these areas on its general balance are being examined. With regard to the evaluation of the balance and optimality of the information system, in this thesis the problematic of determination of a balanced and optimal state of information system for a company nowadays as well in the future are being examined. As a part of the methods output the thesis presents also charts representing the general state of the system, the imbalance of the particular parts of the IS and the relationship between the areas of hardware and software. Based on the evaluation of the current state and its comparison to the balanced optimal state for the present day as well for the future, the new possible directions and strategies of further development of the IS in the company are being proposed. I see the best exploitation of the methodic HOS2009 in the company in the support of managerial decisions with impact on: the discovery of potentially problems within the scope of IS of the company, the design of a possible course of development useful for their solution, but also the usage of the methodic as a simple control mechanism.
29
Kůgel, Roman. "Posouzení informačního systému firmy a návrh změn." Master's thesis, Vysoké učení technické v Brně. Fakulta podnikatelská, 2012. http://www.nusl.cz/ntk/nusl-223433.
Full textAbstract:
This master thesis is aimed at information systems and a correct method of their selection. The theoretical part introduces the dilemma within information systems especially description types of the systems and their examination and selection. An own solution consists of information strategy determination and the selection of convenient information system.
30
Armstrong, Janell. "State of Secure Application Development for 802.15.4." BYU ScholarsArchive, 2009. https://scholarsarchive.byu.edu/etd/1776.
Full textAbstract:
A wireless sensor network consists of small, limited-resource embedded systems exchanging environment data and activating controls. These networks can be deployed in hostile environments to monitor wildlife habitats, implemented in factories to locate mobile equipment, and installed in home environments to optimize the use of utilities. Each of these scenarios requires network security to protect the network data. The IEEE 802.15.4 standard is designed for WSN communication, yet the standard states that it is not responsible for defining the initialization, distribution, updating, or management of network public keys. Individuals seeking to research security topics will find that there are many 802.15.4-compliant development hardware kits available to purchase. However, these kits are not easily compared to each other without first-hand experience. Further, not all available kits are suitable for research in WSN security. This thesis evaluates a broad spectrum of 802.15.4 development kits for security studies. Three promising kits are examined in detail: Crossbow MICAz, Freescale MC1321x, and the Sun SPOT. These kits are evaluated based on their hardware, software, development environment, additional libraries, additional tools, and cost. Recommendations are made to security researchers advising which kits to use depending on their design needs and priorities. Suggestions are made to each company on how to further improve their kits for security research.
31
Tselekounis, Ioannis. "Cryptographic techniques for hardware security." Thesis, University of Edinburgh, 2018. http://hdl.handle.net/1842/33148.
Full textAbstract:
Traditionally, cryptographic algorithms are designed under the so-called black-box model, which considers adversaries that receive black-box access to the hardware implementation. Although a "black-box" treatment covers a wide range of attacks, it fails to capture reality adequately, as real-world adversaries can exploit physical properties of the implementation, mounting attacks that enable unexpected, non-black-box access, to the components of the cryptographic system. This type of attacks is widely known as physical attacks, and has proven to be a significant threat to the real-world security of cryptographic systems. The present dissertation is (partially) dealing with the problem of protecting cryptographic memory against physical attacks, via the use of non-malleable codes, which is a notion introduced in a preceding work, aiming to provide privacy of the encoded data, in the presence of adversarial faults. In the present thesis we improve the current state-of-the-art on non-malleable codes and we provide practical solutions for protecting real-world cryptographic implementations against physical attacks. Our study is primarily focusing on the following adversarial models: (i) the extensively studied split-state model, which assumes that private memory splits into two parts, and the adversary tampers with each part, independently, and (ii) the model of partial functions, which is introduced by the current thesis, and models adversaries that access arbitrary subsets of codeword locations, with bounded cardinality. Our study is comprehensive, covering one-time and continuous, attacks, while for the case of partial functions, we manage to achieve a stronger notion of security, that we call non-malleability with manipulation detection, that in addition to privacy, it also guarantees integrity of the private data. It should be noted that, our techniques are also useful for the problem of establishing, private, keyless communication, over adversarial communication channels. Besides physical attacks, another important concern related to cryptographic hardware security, is that the hardware fabrication process is assumed to be trusted. In reality though, when aiming to minimize the production costs, or whenever access to leading-edge manufacturing facilities is required, the fabrication process requires the involvement of several, potentially malicious, facilities. Consequently, cryptographic hardware is susceptible to the so-called hardware Trojans, which are hardware components that are maliciously implanted to the original circuitry, having as a purpose to alter the device's functionality, while remaining undetected. Part of the present dissertation, deals with the problem of protecting cryptographic hardware against Trojan injection attacks, by (i) proposing a formal model for assessing the security of cryptographic hardware, whose production has been partially outsourced to a set of untrusted, and possibly malicious, manufacturers, and (ii) by proposing a compiler that transforms any cryptographic circuit, into another, that can be securely outsourced.
32
Kaltoun, Jan. "Elektronické volby v podmínkách VŠE Praha a ČR." Master's thesis, Vysoká škola ekonomická v Praze, 2010. http://www.nusl.cz/ntk/nusl-81981.
Full textAbstract:
The focus of this paper is research of electronic voting topics applied to conditions of University of Economics, Prague and the Czech Republic. It therefore consists of not only theoretical research but also of applied work. First goal of this paper was to provide information base both about (especially electronic) voting and significant electronic voting projects realized throughout the world. Consequent second goal was analysis and design of electronic voting solution for chosen elections type at the University of Economics, Prague and proposal of possible process changes in chosen type of elections in the Czech republic should electronic voting be implemented. In it's first part the paper gathers, summarizes and presents information about (especially electronic) voting and chosen electronic voting implementations. The second part then describes chosen types of elections at the University of Economics, Prague and in the Czech Republic and analyzes their processes. In former case the analysis is followed by proposition and evaluation of possible electronic voting implementation variants of chosen elections type and detailed elaboration of the most suitable one. In latter case the paper goes on to describe possible process changes that could arise should electronic voting be implemented for chosen elections type in the Czech Republic. Author's contribution lies in fulfilling the goals of this thesis and performing the necessary activities leading to them. Following the (electronic) voting research the author has provides the reader with information base needed to quickly orientate tehmselves in the field of electronic voting. The author then leverages this information to research and process-analyze chosen types of elections at the University of Economics, Prague and in the Czech Republic, propose changes in mapped processes needed for eventual electronic voting implementation, present alternatives of electronic voting implementation of chosen elections type at the University of Economics, Prague and elaborate on the chosen most suitable one.
33
Taylor, Ramsay G. "Verification of hardware dependent software." Thesis, University of Sheffield, 2012. http://ethos.bl.uk/OrderDetails.do?uin=uk.bl.ethos.575744.
Full textAbstract:
Many good processes exist for ensuring the integrity of software systems, Some are analysis processes that seek to confirm that cer- tain properties hold for the system, and these rely on the ability to infer a correct model of the behaviour of the software, To ensure that such inference is possible many high-integrity systems are writ- ten in "safe" language subsets that restrict the program to constructs whose behaviour is sufficiently abstract and well defined that it can be determined independent of the execution environment. This nec- essarily prevents any assumptions about the system hardware. but consequently makes it impossible to use these techniques on software that must interact with the hardware. such as device drivers. This thesis addresses this shortcoming by taking the opposite approach: if the analyst accepts absolute hardware dependence - that the analysis will only be valid for a particular target system: the hardware that the driver is intended to control -- then the specifica- tion of the system can be used to infer the behaviour of the software that interacts with it, An analysis process is developed that operates on disassembled executable files and formal system specifications to produce CSP-OZ formal models of the software's behaviour, This analysis process is implemented in a prototype called Spurinna. that is then used in conjunction with the verification tools Z2SAL, the SAL suite, and IsabelleHOL. to demonstrate the verification of prop- erties of the software.
34
Hilton, Adrian J. "High integrity hardware-software codesign." Thesis, Open University, 2004. http://ethos.bl.uk/OrderDetails.do?uin=uk.bl.ethos.402249.
Full text
35
Blaha, Vít. "Hardware a software inteligentního spotřebiče." Master's thesis, Vysoké učení technické v Brně. Fakulta elektrotechniky a komunikačních technologií, 2015. http://www.nusl.cz/ntk/nusl-221136.
Full textAbstract:
Nowadays, the interest in smart appliances, which enable consumption reduction or consumption shifting approach, grows up. Such appliances can react to actual situation in the distributional network. From the energy distributor point of view, the activity of these appliances brings improvement of stability in the distribution network, while for the end customer there is possibility of the saving money. This thesis describes a transformation of standard fridge to smart fridge controlled by microcomputer Raspberry Pi. The smart fridge can communicate with supervisor system and according to its instructions change its behavior (temperature set point). The appliance can be manually controlled by a group of buttons, while its state can be visualized on the alphanumeric display. Last but not least way to control the appliance is through a web interface. The thesis also describes design of printed circuit board (PCB), which is designed for connection of all necessary sensors and actuators to Raspberry Pi. Software equipment is designed in the C++ program language.
36
BATISTA, CARLOS FREUD ALVES. "SOFTWARE SECURITY METRICS." PONTIFÍCIA UNIVERSIDADE CATÓLICA DO RIO DE JANEIRO, 2007. http://www.maxwell.vrac.puc-rio.br/Busca_etds.php?strSecao=resultado&nrSeq=10990@1.
Full textAbstract:
PETRÓLEO BRASILEIRO S. A.A dependência cada vez maior da tecnologia de informação (TI) torna software seguro um elemento chave para a continuidade dos serviços de nossa sociedade atual. Nos últimos anos, instituições públicas e privadas aumentaram seus investimentos em segurança da informação, mas a quantidade de ataques vem crescendo mais rapidamente do que a nossa capacidade de poder enfrentálos, colocando em risco a propriedade intelectual, a relação de confiança de clientes e a operação de serviços e negócios apoiados pelos serviços de TI. Especialistas em segurança afirmam que atualmente boa parte dos incidentes de segurança da informação ocorrem a partir de vulnerabilidades encontradas no software, componente presente em boa parte dos sistemas de informação. Para tornar o software fidedigno em relação à segurança, a criação e o uso de métricas de segurança serão fundamentais para gerenciar e entender o impacto dos programas de segurança nas empresas. Porém, métricas de segurança são cobertas de mistério e consideradas bastante difíceis de serem implementadas. Este trabalho pretende mostrar que hoje ainda não é possível termos métricas quantitativas capazes de indicar o nível de segurança que o software em desenvolvimento virá a ter. Necessitam-se, então, outras práticas para assegurar níveis de segurança a priori, ou seja, antes de se por o software em uso.
Today`s growing dependency on information technology (IT) makes software security a key element of IT services. In recent years public and private institutions raised the investment on information security, however the number of attacks is growing faster than our power to face them, putting at risk intellectual property, customer`s confidence and businesses that rely on IT services. Experts say that most information security incidents occur due to the vulnerabilities that exist in software systems in first place. Security metrics are essential to assess software dependability with respect to security, and also to understand and manage impacts of security initiatives in organizations. However, security metrics are shrouded in mystery and very hard to implement. This work intends to show that there are no adequate metrics capable of indicating the security level that a software will achieve. Hence, we need other practices to assess the security of software while developing it and before deploying it.
37
Bilzor, Michael B. "Defining and enforcing hardware security requirements." Monterey, California. Naval Postgraduate School, 2011. http://hdl.handle.net/10945/10741.
Full textAbstract:
Security in computing systems to date has focused mostly on software. In this research, we explore the application and enforceability of well-defined security requirements in hardware designs. The principal threats to hardware systems demonstrated in the academic literature to date involve some type of subversion, often called a Hardware Trojan or malicious inclusion. Detecting these has proved very difficult. We demonstrate a method whereby the dynamic enforcement of a processor's security requirements can be used to detect the presence of some of these malicious inclusions. Although there are theoretical limits on which security properties can be dynamically enforced using the techniques we describe, our research does provide a novel method for expressing and enforcing security requirements at runtime in hardware designs. While the method does not guarantee the detection of all possible malicious inclusions in a given processor, it addresses a large class of inclusions-those detectable as violations of behavioral restrictions in the architectural specification-which provides significant progress against the general case, given a suitably complete set of checkers.
38
Sekar, Sanjana. "Logic Encryption Methods for Hardware Security." University of Cincinnati / OhioLINK, 2017. http://rave.ohiolink.edu/etdc/view?acc_num=ucin1505124923353686.
Full text
39
Xue, Hao. "Hardware Security and VLSI Design Optimization." Wright State University / OhioLINK, 2018. http://rave.ohiolink.edu/etdc/view?acc_num=wright1546466777397815.
Full text
40
Figueiredo, Boneti Carlos Santieri de. "Exploring coordinated software and hardware support for hardware resource allocation." Doctoral thesis, Universitat Politècnica de Catalunya, 2009. http://hdl.handle.net/10803/6018.
Full textAbstract:
Multithreaded processors are now common in the industry as they offer high performance at a low cost. Traditionally, in such processors, the assignation of hardware resources between the multiple threads is done implicitly, by the hardware policies. However, a new class of multithreaded hardware allows the explicit allocation of resources to be controlled or biased by the software. Currently, there is little or no coordination between the allocation of resources done by the hardware and the prioritization of tasks done by the software.This thesis targets to narrow the gap between the software and the hardware, with respect to the hardware resource allocation, by proposing a new explicit resource allocation hardware mechanism and novel schedulers that use the currently available hardware resource allocation mechanisms.
It approaches the problem in two different types of computing systems: on the high performance computing domain, we characterize the first processor to present a mechanism that allows the software to bias the allocation hardware resources, the IBM POWER5. In addition, we propose the use of hardware resource allocation as a way to balance high performance computing applications. Finally, we propose two new scheduling mechanisms that are able to transparently and successfully balance applications in real systems using the hardware resource allocation. On the soft real-time domain, we propose a hardware extension to the existing explicit resource allocation hardware and, in addition, two software schedulers that use the explicit allocation hardware to improve the schedulability of tasks in a soft real-time system.
In this thesis, we demonstrate that system performance improves by making the software aware of the mechanisms to control the amount of resources given to each running thread. In particular, for the high performance computing domain, we show that it is possible to decrease the execution time of MPI applications biasing the hardware resource assignation between threads. In addition, we show that it is possible to decrease the number of missed deadlines when scheduling tasks in a soft real-time SMT system.
41
Lindmark, Fanny, and Hanna Kvist. "Security in software : How software companies work with security during a software development process." Thesis, Linköpings universitet, Institutionen för datavetenskap, 2016. http://urn.kb.se/resolve?urn=urn:nbn:se:liu:diva-130964.
Full textAbstract:
This study is conducted, due to recent interest in privacy and software security, on how a number of software development companies work during a development process to develop secure software to the possible extent. The study is based on four interviews with four software companies located in Linköping, Sweden. The interviews followed a semi-structured format to ensure the possibility to compare the given answers from the companies to each other. This structure was chosen to give each company the liberty to express what they valued and thought were important during a software development process. The aim was to analyze how and if these companies work with security when developing software, and to see what differences and similarities that could be established. We found differences between the companies' perspective of security and on their methods of working. Some valued secure software more than others and performed more measures to ensure it. We also found some similarities on their view on importance of secure software and ways to work with it. The differences and similarities were related to the size of the companies, their resources, the types of products they develop, and the types of clients they have.
42
Kalužík, Jakub. "Posouzení informačního systému firmy a návrh změn." Master's thesis, Vysoké učení technické v Brně. Fakulta podnikatelská, 2012. http://www.nusl.cz/ntk/nusl-223428.
Full textAbstract:
This thesis deals with assessment of the company information system and proposal for its changes. The basis of part called Theoretical basis of thesis deals with terms related with information systems which are mainly: used technology and analysis, characteristics of information systems, current trends and brief characteristics of the company. The next part draws from theoretical findings of previous section and deals with analysis of the solved issues. The following part is devoted to proposal for solution connected with project evaluation and also with the brief cost calculation.
43
Nilsson, Per. "Hardware / Software co-design for JPEG2000." Thesis, Linköping University, Department of Electrical Engineering, 2006. http://urn.kb.se/resolve?urn=urn:nbn:se:liu:diva-5796.
Full textAbstract:
For demanding applications, for example image or video processing, there may be computations that aren’t very suitable for digital signal processors. While a DSP processor is appropriate for some tasks, the instruction set could be extended in order to achieve higher performance for the tasks that such a processor normally isn’t actually design for. The platform used in this project is flexible in the sense that new hardware can be designed to speed up certain computations.
This thesis analyzes the computational complex parts of JPEG2000. In order to achieve sufficient performance for JPEG2000, there may be a need for hardware acceleration.
First, a JPEG2000 decoder was implemented for a DSP processor in assembler. When the firmware had been written, the cycle consumption of the parts was measured and estimated. From this analysis, the bottlenecks of the system were identified. Furthermore, new processor instructions are proposed that could be implemented for this system. Finally the performance improvements are estimated.
44
Endresen, Vegard Haugen. "Hardware-software intercommunication in reconfigurable systems." Thesis, Norwegian University of Science and Technology, Department of Electronics and Telecommunications, 2010. http://urn.kb.se/resolve?urn=urn:nbn:no:ntnu:diva-10762.
Full textAbstract:
In this thesis hardware-software intercommunication in a reconfigurable system has been investigated based on a framework for run time reconfiguration. The goal has been to develop a fast and flexible link between applications running on an embedded processor and reconfigurable accelerator hardware in form of a Xilinx Virtex device. As a start the link was broken down into hardware and software components based on constraints from earlier work and a general literature search. A register architecture for reconfigurable modules, a reconfigurable interface and a backend bridge linking reconfigurable hardware with the system bus were identified as the main hardware components whereas device drivers and a hardware operating system were identified as software components. These components were developed in a bottom-up approach, then deployed, tested and evaluated. Synthesis and simulation results from this thesis suggest that a hybrid register architecture, a mix of shift based and addressable register architecture might be a good solution for a reconfigurable module. Such an architecture enables a reconfigurable interface with full duplex capability with an initially small area overhead compared to a full scale RAM implementation. Although the hybrid architecture might not be very suitable for all types of reconfigurable modules it can be a nice compromise when attempting to achieve a uniform reconfigurable interface. Backend bridge solutions were developed assuming the above hybrid reconfigurable interface. Three main types were researched: a software register backend, a data cache backend and an instruction and data cache backend. Performance evaluation shows that the instruction and data cache outperforms the other two with an average acceleration ratio of roughly 5-10. Surprisingly the data cache backend performs worst of all due to latency ratios and design choices. Aside from the BRAM component required for the cache backends, resource consumption was shown to be only marginally larger than a traditional software register solution. Caching using a controller in the backend-bridge can thus provide good speedup for little cost as far as BRAM resources are not scarce. A software-to-hardware interface has been created has been created through Linux character device driver and a hardware operating system daemon. While the device drivers provide a middleware layer for hardware access the HWOS separates applications from system management through a message queue interface. Performance testing shows a large increase in delay when involving the Linux device drivers and the HWOS as compared to calls directly from the kernel. Although this is natural, the software components are very important when providing a high performance platform. As additional work specialized cell handling for reconfigurable modules has been addressed in the context of a MPEG-4 decoder. Some light has also been shed on design of reconfigurable modules in Xilinx ISE which can radically improve development time and decrease complexity compared to a Xilinx Platform Studio flow. In the process of demonstrating run time reconfigurations it was discovered that a clock signal will resist being piped through bus macros. Also broken functionality has been shown when applying run time reconfiguration to synchronous designs using the framework for self reconfiguration.
45
Lu, Yandong. "Hardware/Software Partitioning of Embedded Svstems." Thesis, University of Manchester, 2010. http://ethos.bl.uk/OrderDetails.do?uin=uk.bl.ethos.520747.
Full text
46
King, Myron Decker. "A methodology for hardware-software codesign." Thesis, Massachusetts Institute of Technology, 2013. http://hdl.handle.net/1721.1/84891.
Full textAbstract:
Thesis (Ph. D.)--Massachusetts Institute of Technology, Department of Electrical Engineering and Computer Science, 2013.Cataloged from PDF version of thesis.
Includes bibliographical references (pages 150-156).
Special purpose hardware is vital to embedded systems as it can simultaneously improve performance while reducing power consumption. The integration of special purpose hardware into applications running in software is difficult for a number of reasons. Some of the difficulty is due to the difference between the models used to program hardware and software, but great effort is also required to coordinate the simultaneous execution of the application running on the microprocessor with the accelerated kernel(s) running in hardware. To further compound the problem, current design methodologies for embedded applications require an early determination of the design partitioning which allows hardware and software to be developed simultaneously, each adhering to a rigid interface contract. This approach is problematic because often a good hardware-software decomposition is not known until deep into the design process. Fixed interfaces and the burden of reimplementation prevent the migration of functionality motivated by repartitioning. This thesis presents a two-part solution to the integration of special purpose hardware into applications running in software. The first part addresses the problem of generating infrastructure for hardware-accelerated applications. We present a methodology in which the application is represented as a dataflow graph and the computation at each node is specified for execution either in software or as specialized hardware using the programmer's language of choice. An interface compiler as been implemented which takes as input the FIFO edges of the graph and generates code to connect all the different parts of the program, including those which communicate across the hardware/software boundary. This methodology, which we demonstrate on an FPGA platform, enables programmers to effectively exploit hardware acceleration without ever leaving the application space. The second part of this thesis presents an implementation of the Bluespec Codesign Language (BCL) to address the difficulty of experimenting with hardware/software partitioning alternatives. Based on guarded atomic actions, BCL can be used to specify both hardware and low-level software. Based on Bluespec SystemVerilog (BSV) for which a hardware compiler by Bluespec Inc. is commercially available, BCL has been augmented with extensions to support more efficient software generation. In BCL, the programmer specifies the entire design, including the partitioning, allowing the compiler to synthesize efficient software and hardware, along with transactors for communication between the partitions. The benefit of using a single language to express the entire design is that a programmer can easily experiment with many different hardware/software decompositions without needing to re-write the application code. Used together, the BCL and interface compilers represent a comprehensive solution to the task of integrating specialized hardware into an application.
by Myron King.
Ph.D.
47
Nagaonkar, Yajuvendra. "FPGA-based Experiment Platform for Hardware-Software Codesign and Hardware Emulation." Diss., CLICK HERE for online access, 2006. http://contentdm.lib.byu.edu/ETD/image/etd1294.pdf.
Full text
48
Bales, Jason M. "Multi-channel hardware/software codesign on a software radio platform." Fairfax, VA : George Mason University, 2008. http://hdl.handle.net/1920/3400.
Full textAbstract:
Thesis (M.S.)--George Mason University, 2008.Vita: p. 89. Thesis director: David D. Hwang. Submitted in partial fulfillment of the requirements for the degree of Master of Science in Electrical Engineering. Title from PDF t.p. (viewed Mar. 9, 2009). Includes bibliographical references (p. 85-88). Also issued in print.
49
Wenhua, Qi, Zhang Qishan, and Liu Hailong. "RESEARCH OF SECURITY HARDWARE IN PKI SYSTEM." International Foundation for Telemetering, 2003. http://hdl.handle.net/10150/606688.
Full textAbstract:
International Telemetering Conference Proceedings / October 20-23, 2003 / Riviera Hotel and Convention Center, Las Vegas, NevadaSecurity hardware based on asymmetric algorithm is the key component of Public Key Infrastructure (PKI), which decides the safety and performance of system. Security device in server or client have some common functions. We designed the client token and cryptographic server to improve the performance of PKI, and got obvious effect.
50
Zhang, Ning. "Attack and Defense with Hardware-Aided Security." Diss., Virginia Tech, 2016. http://hdl.handle.net/10919/72855.
Full textAbstract:
Riding on recent advances in computing and networking, our society is now experiencing the evolution into the age of information. While the development of these technologies brings great value to our daily life, the lucrative reward from cyber-crimes has also attracted criminals. As computing continues to play an increasing role in the society, security has become a pressing issue. Failures in computing systems could result in loss of infrastructure or human life, as demonstrated in both academic research and production environment. With the continuing widespread of malicious software and new vulnerabilities revealing every day, protecting the heterogeneous computing systems across the Internet has become a daunting task. Our approach to this challenge consists of two directions. The first direction aims to gain a better understanding of the inner working of both attacks and defenses in the cyber environment. Meanwhile, our other direction is designing secure systems in adversarial environment.Ph. D.