Abstract
Significant efforts are put in defining and implementing strong security measures for all components of the comput-ing environment. It is equally important to be able to evaluate the strength and robustness of these measures and establish trust among the components of the computing environment based on parameters and attributes of these elements and best practices associated with their production and deployment. Today the inventory of techniques used for security assurance and to establish trust -- audit, security-conscious development process, cryptographic components, external evaluation – is somewhat limited. These methods have their indisputable strengths and have contributed significantly to the advancement in the area of security assurance. However, shorter product and tech-nology development cycles and the sheer complexity of modern digital systems and processes have begun to decrease the efficiency of these techniques. Moreover, these approaches and technologies address only some aspects of security assurance and, for the most part, evaluate assurance in a general design rather than an instance of a product. Additionally, various components of the computing environment participating in the same processes enjoy different levels of security assurance, making it difficult to ensure adequate levels of protection end-to-end. Finally, most evaluation methodologies rely on the knowledge and skill of the evaluators, making reliable assessments of trustworthiness of a system even harder to achieve. The paper outlines some issues in security assurance that apply across the board, with the focus on the trustworthiness and authenticity of hardware components and evaluates current approaches to assurance.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Austin, T. DIVA: A Dynamic Approach to Microprocessor Verification, May 2000.
Alves-Foss, J., Oman, P. W., Taylor, C, nad Harrison, S. The MILS architecture for high-assurance embedded systems. IJES 2(3/4): 239-247 (2006)
Benzel, T, Irvine, C, Levin, T, Bhaskara, G.,. Nguyen, T, and Clark, P. Design principles for security. ISI-TR-605, Information Sciences Institute, Santa Monica, California, and NPS-CS-05-010, Naval Postgraduate School, Monterey, California, 2005.
Beznosov, K. and Kruchten, P. 2004. Towards agile security assurance. In Proceedings of the 2004 Workshop on New Security Paradigms (Nova Scotia, Canada, September 20 – 23, 2004). NSPW ‘04. ACM, New York, NY, 47-54.
Dodis, Y, Reyzin, M., Smith, A.: Fuzzy extractors: How to generate strong keys from biometrics and other noisy data. In Cachin, C, Camenisch, J., eds.: Advances in Cryptology – EUROCRYPT 2004. Volume 3027 of LNCS., Springer-Verlag (2004) 523-540
Gassend, B., Clarke, D.E., van Dijk, M., Devadas, S.: Silicon physical unknown functions. In Atluri, V, ed.: ACM Conference on Computer and Communications Security – CCS 2002, ACM (November 2002) 148-160
Guajardo, J., Kumar, S.S., Schrijen, G.J., Tuyls, P.: FPGA Intrinsic PUFs and Their Use for IP Protection. In Paillier, P., Verbauwhede, I., eds.: Cryptographic Hardware and Embedded Systems – CHES 2007. Volume 4727 of LNCS., Springer (September 10-13, 2007) 63-80
Greve, D. and M. Wilding and W.M. Vanfleet.. A Separation Kernel Formal Scurity Policy, In Proceeding of the ACL2 Workshop 2003, July 2003.
Hardin, D. S. 2008. Considerations in the design and verification of microprocessors for safety-critical and security-critical applications: invited tutorial. In Proceedings of the 2008 international Conference on Formal Methods in Computer-Aided Design (Portland, Oregon, November 17 – 20, 2008). A. Ci-matti and R. B. Jones, Eds. Formal Methods in Computer Aided Design. IEEE Press, Piscataway, NJ, 1-8.
International Chamber of Commerce, Business Action to stop Counterfeiting and Piracy, United States Trade Representative, 2005, Special Report
Irvine, C. and Leavitt, K. Trusted Hardware: Can It Be Trustworthy?
Koushanfar, F AND Potkonjak, M. 2007. CAD-based security, cryptography, and digital rights management. In Proceedings of the Design Automation Conference (DAC).
Lim, W., Lee, J., Gassend, B., Suh, E. G., van Dijk, M., and Devadas, S. Extracting Secret Keys from Integrated Circuits. IEEE Transactions on Very Large Scale Integration (VLSI) Systems, Volume 13, Issue 10, p.1200-1205, October 2005.
Hopkins, D., Kontnik, L, and Turnage, T Counterfeiting exposed: Protecting your Brand and Custom-ers, New York: Wiley, 2003.[LT03] Linnartz, J.P.M.G., Tuyls, P.: New Shielding Functions to Enhance Privacy and Prevent Misuse of Biometric Templates. In Kittler, J., Nixon, M.S., eds.: Audioand Video-Based Biometrie Person Authentication – AVBPA 2003. Volume 2688 of LNCS, Springer (June 9-11, 2003) 393-402
Maes,R., Schellekens, D, Tuyls, P., and Verbauwhede, I. Analysis and Design of Active IC Metering Schemes. In Proc. of the 2nd IEEE International workshop on Hardware-Oriented Security and Trust, San Francisco, CA, July 2009.
Majzoobi, M., Koushanfar, F., and Potkonjak, M. 2008. Lightweight secure PUFs. In Proceedings of the 2008 IEEE/ACM international Conference on Computer-Aided Design (San Jose, California, November 10 – 13, 2008). International Conference on Computer Aided Design. IEEE Press, Piscataway, NJ, 670-673.
Myers, J. P. and Riela, S. 2008. Taming the diversity of information assurance & security. J. Comput. Small Coll. 23, 4 (Apr. 2008), 173-179.
The economic impact of counterfeiting and piracy, executive summary, The OECD 2007, ICC, International Chamber of Commerce
Pappu, R., Recht, B., Taylor, J., and Gershenfeld, N. 2002. Physical one-way functions. Science 297, 2026-2030.
Pfleeger, C.P & Pfleeger, S.L., Security in Computing (4th ed.), Prentice Hall (Upper Saddle River, NJ), 2007.
Pham, N. and Riguidel, M. 2007. Security Assurance Aggregation for IT Infrastructures. In Proceedings of the Second international Conference on Systems and Networks Communications(August 25 – 31, 2007). ICSNC. IEEE Computer Society, Washington, DC, 72.
Pieprzyk, J., Hardjono, T, & Seberry, J., Fundamentals of Computer Security, Springer (New York), 2003.
Skoric, B., Bel, T, Blom, A., de Jong, B., Kretschman, H., Nellissen, A.: Randomized resonators as uniquely identifiable anti-counterfeiting tags. Technical report, Philips Research Laboratories (January 28th, 2008)
Smith, Sean. Trusted Computing Platforms: Design and Applications. Springer-Verlag New York: Seacaucus, NJ, 2005
Tuyls, P., Schrijen, G.J., Skoric, B., van Geloven, J., Verhaegh, N., Wolters, R.: Read-Proof Hardware from Protective Coatings. In Goubin, L., Matsui, M., eds.: Cryptographic Hardware and Embedded Systems – CHES 2006. Volume 4249 of LNCS., Springer (October 10-13, 2006) 369-383
Wagner, I. and Bertacco, V Engineering Trust with Semantic Guardians. Design Automation and Test in Europe (DATE), Nice, France, April 2007
Editor information
Rights and permissions
Copyright information
© 2010 Vieweg+Teubner | GWV Fachverlage GmbH
About this chapter
Cite this chapter
Sadeghi, AR., Verbauwhede, I., Vishik, C. (2010). Future of Assurance: Ensuring that a System is Trustworthy. In: Pohlmann, N., Reimer, H., Schneider, W. (eds) ISSE 2009 Securing Electronic Business Processes. Vieweg+Teubner. https://doi.org/10.1007/978-3-8348-9363-5_34
Download citation
DOI: https://doi.org/10.1007/978-3-8348-9363-5_34
Publisher Name: Vieweg+Teubner
Print ISBN: 978-3-8348-0958-2
Online ISBN: 978-3-8348-9363-5
eBook Packages: Computer ScienceComputer Science (R0)