Visible to the public Biblio

Filters: Keyword is functional state  [Clear All Filters]
2020-08-17
De Oliveira Nunes, Ivan, ElDefrawy, Karim, Rattanavipanon, Norrathep, Tsudik, Gene.  2019.  PURE: Using Verified Remote Attestation to Obtain Proofs of Update, Reset and Erasure in low-End Embedded Systems. 2019 IEEE/ACM International Conference on Computer-Aided Design (ICCAD). :1–8.
Remote Attestation ( RA) is a security service that enables a trusted verifier ( Vrf) to measure current memory state of an untrusted remote prover ( Prv). If correctly implemented, RA allows Vrf to remotely detect if Prv's memory reflects a compromised state. However, RA by itself offers no means of remedying the situation once P rv is determined to be compromised. In this work we show how a secure RA architecture can be extended to enable important and useful security services for low-end embedded devices. In particular, we extend the formally verified RA architecture, VRASED, to implement provably secure software update, erasure, and system-wide resets. When (serially) composed, these features guarantee to Vrf that a remote Prv has been updated to a functional and malware-free state, and was properly initialized after such process. These services are provably secure against an adversary (represented by malware) that compromises Prv and exerts full control of its software state. Our results demonstrate that such services incur minimal additional overhead (0.4% extra hardware footprint, and 100-s milliseconds to generate combined proofs of update, erasure, and reset), making them practical even for the lowest-end embedded devices, e.g., those based on MSP430 or AVR ATMega micro-controller units (MCUs). All changes introduced by our new services to VRASED trusted components are also formally verified.
2018-11-14
Pavlenko, P., Tavrov, D., Temnikov, V., Zavgorodniy, S., Temnikov, A..  2018.  The Method of Expert Evaluation of Airports Aviation Security Using Perceptual Calculations. 2018 IEEE 9th International Conference on Dependable Systems, Services and Technologies (DESSERT). :406–410.

One of the effective ways to improve the quality of airport security (AS) is to improve the quality of management of the state of the system for countering acts of unlawful interference by intruders into the airports (SCAUI), which is a set of AS employees, technical systems and devices used for passenger screening, luggage, other operational procedures, as well as to protect the restricted areas of the airports. Proactive control of the SCAUI state includes ongoing conducting assessment of airport AS quality by experts, identification of SCAUI elements (functional state of AS employees, characteristics of technical systems and devices) that have a predominant influence on AS, and improvement of their performance. This article presents principles of the model and the method for conducting expert quality assessment of airport AS, whose application allows to increase the efficiency and quality of AS assessment by experts, and, consequently, the quality of SCAUI state control.