Trusted-Computing Technologies for the Protection of Critical Information Systems

  title={Trusted-Computing Technologies for the Protection of Critical Information Systems},
  author={Antonio Lioy and Gianluca Ramunno and Davide Vernizzi},
Information systems controlling critical infrastructures are vital elements of our modern society. Purely software-based protection techniques have demonstrated limits in fending off attacks and providing assurance of correct configuration. Trusted computing techniques promise to improve over this situation by using hardware-based security solutions. This paper introduces the foundations of trusted computing and discusses how it can be usefully applied to the protection of critical information… 
Design and Implementation of a Cryptographic File System for Linux Based on Trusted Computing Platform
  • G. Jin, Li Bo
  • Computer Science
    2011 Fourth International Conference on Intelligent Computation Technology and Automation
  • 2011
A prototype system STEFS (Security and Trusted Enhanced File System) of dependability based on trusted computing platform, which can enhanced the security of the file system in Linux, is presented in
Improving data integrity and performance of cryptographic structured log file systems
  • Genti Daci, Megi Shyle
  • Computer Science
    2011 3rd International Congress on Ultra Modern Telecommunications and Control Systems and Workshops (ICUMT)
  • 2011
To improve the performance of the check-summing process, the standard data verification methods are considered, with the main goal to overcome one of its major limitations, low performance of File System check-Summing.
Locking the sky: a survey on IaaS cloud security
The security risks that multitenancy induces to the most established clouds, Infrastructure as a service clouds, are analyzed and the literature available is reviewed to present the most relevant threats, state of the art of solutions that address some of the associated risks.
Attestation of integrity of overlay networks
This work presents a framework that integrates an initial attestation and a continuous node monitoring that strongly separates the software of a node from the attestation system by running them in two virtual machines (VMs).
Semantic Attestation of Node Integrity in Overlays
The architecture of VIMS, its application to P2P and VPN overlays and a preliminary evaluation of the corresponding overhead are presented.
Applying Memory Forensics to Rootkit Detection
A new memory forensic system - Malware Analysis System for Hidden Knotty Anomalies (MASHKA) is described in this paper and it is resilient to popular anti-forensic techniques.


Dynamics of a trusted platform: a building block approach
Security threats are increasing in volume, diversity, and sophistication at the same time that high-value, sensitive data is more commonly being generated, used, and stored on standard business PCs.
Trusted virtual domains: toward secure distributed services
The aim of this work is to extend this solid base by building "bridges" among trusted islands by enabling meaningful trade agreements between islands, enabling migration of individual island inhabitants, and enabling geography-independent affiliation among inhabitants of different islands.
An efficient implementation of trusted channels based on openssl
This paper presents an implementation of a security architecture for establishing Trusted Channels based on OpenSSL that provides the possibility to convey reliable integrity information of the involved endpoints and offers the high security standards of former approaches while being flexible, scalable and efficient to enable widespread deployment.
An Open Trusted Computing Architecture — Secure Virtual Machines Enabling User-Defined Policy Enforcement
Virtualization of computers enables a wide variety of applications ranging from server consolidation to secure sandboxing of malicious content. Today, lack of security of virtual machines is a major
Trusted computing using AMD "Pacifica" and "Presidio" secure virtual machine technology
The success of the computer industry over the last 20 years is also the source of the greatest challenge to the industry. The combination of wide, near-ubiquitous deployment of platforms based on the
Achievement of secure Internet access to fieldbus systems
A hierarchical approach to key derivation is presented and performance measurements of an actual implementation with different cryptographic algorithms are reported on, revealing the applicability of traditional methods like firewalls and security protocols.
Security issues in SCADA networks
The general architecture of SCADA networks and the properties of some of the commonly used SCADA communication protocols are described and the general security threats and vulnerabilities in these networks are discussed followed by a survey of the research challenges facingSCADA networks.
Towards automated provisioning of secure virtualized networks
A secure network virtualization framework that helps realize the abstraction of Trusted Virtual Domains (TVDs), a security-enhanced variant of virtualized network zones that allows groups of related virtual machines to be connected together as though there were on their own separate network fabric.
A Low-Energy Security Algorithm for Exchanging Information in Wireless Sensor Networks
The results have shown that the proposed scheme is scalable and an strong competitors to pure symmetric key schemes, yet, it maintains all security levels provided by public key schemes.
Next generation SCADA security: best practices and client puzzles
SCADA systems are mirroring the rapid changes occurring in the larger information technology and networking industry by becoming more flexible and at the same time more interconnected, and are being migrated to standard data formats and network protocols.