TECHNIQUES FOR VALIDATION AND CONTROLLED EXECUTION OF PROCESSES, CODES AND DATA - A Survey

Dipankar Dasgupta, Sudip Saha, Aregahegn Negatu

Abstract

Various security mechanisms are available to validate, authenticate and permit codes, data and scripts for executing in a computing device. Accordingly, different techniques and tools have been developed to preserve integrity and confidentiality at the process, protocol, system and communication levels. For example, Trusted Platform Module, Intel Trusted Execution Technology and Windows Vista Kernel Mode security ensure system level integrity and security, whereas, Digital Signature, Code Signing, Watermarking, Integrity Checker and Magic Cookies address integrity of data and executables in transit. A brief survey of these techniques is described here with how these techniques help to secure computing environment.

References

  1. Austin , R. D., Darby, C. A., 2003. The Myth of Secure Computing. Harv Bus Rev. ed 81(6).
  2. Bajikar, S., 2002. Trusted platform module (TPM) based security on notebook PCs, Intel White Paper.
  3. Conover, M., 2006. Assessment of Windows Vista Kernel-Mode Security, Symantec Advanced threat research.
  4. Conover, M., 2006. Analysis of the Windows Vista Security Model,
  5. Cox, I. J., Miller, M. L., Bloom, J. A., Fridrich, J., Kalker, T., 2008. Digital Watermarking and Steganography, Morgan Kaufmann, 2nd Edition.
  6. Dean, R. D., 1999. Formal Aspects of Mobile Code Security," PhD thesis, Princeton University.
  7. Dean, S., 2006. Integrity Checker, http://www. sdean12.org/IntegrityChecker.htm
  8. Dragovic, B., Fraser, K., Hand, S., Harris, T., Ho, A., Pratt, I., Warfield, A., Barham, P., Neugebauer, R., 2003. Xen and the art of virtualization. In Proceedings of the ACM Symposium on Operating Systems Principles.
  9. Fleischman, E., Code Signing, The Internet Protocol Journal, Vol 5, No 1.
  10. Garfinkel, T., 2003. Traps and pitfalls: Practical problems in system call interposition based security tools. In Proc. Network and Distributed Systems Security Symposium.
  11. Goldberg, I., Wagner, D., Thomas, R., Brewer, E. A., 1996. A secure environment for untrusted helper applications (confining the wily hacker). In Proc. of the USENIX Security Symposium, San Jose, California.
  12. Gong, L., Schemers, R., 1998. Signing, Sealing, and Guarding Java™ Objects, Book chapter, Springer Verlag.
  13. Gong, L., Ellison, G., Dageford, M., 2003. Inside Java 2 Platform Security: Architecture, API Design and Implementation, 2nd Edition.
  14. Liang, Z., Venkatakrishnan, V. N., Sekar, R., 2003. Isolated program execution: An application transparent approach for executing untrusted programs. In ACSAC, pp 182-191.
  15. Lin, D., Loui M. C., 1998. Taking the bite out of cookies: privacy, consent, and the Web, ACM SIGCAS Computers and Society, Volume 28 , Issue 2 pp. 39 - 51.
  16. Lysyanskaya, A., 2002. Signature Schemes and Applications to Cryptographic Protocol Design, PhD thesis, MIT.
  17. Martin, R. A., 2005. Transformational Vulnerability Management Through Standards.
  18. McCune, J. M., Parno, B., Perrig, A., Reiter, M., Seshadri, A., 2008. How Low Can You Go? Recommendations for Hardware-Supported Minimal TCB Code Execution, In Proceedings of the ACM Conference on Architectural Support for Programming Languages and Operating Systems (ASPLOS), ACM.
  19. Microsoft, 2006, First Look: New Security Features in Windows Vista, TechNet, http://www.microsoft.com/ technet/technetmag/issues/2006/05/FirstLook/default.a spx
  20. Parno, B., 2008. Bootstrapping trust in a "trusted" platform. In Proceedings of the 3rd Conference on Hot Topics in Security (San Jose, CA), USENIX Association, Berkeley, CA, 1-6.
  21. Pearson S., 2003. Trusted Computing Platforms: TCPA Technology in Context, Prentice Hall PTR.
  22. Rushby, J., 1984. A Trusted Computing Base for Embedded Systems. In Proceedings of the 7th DoD/NBS Computer Security Conference, Gaithersburg, Maryland, pp. 294-311
  23. Singh, A., 2004. A Taste of Computer Security.
  24. Sun Microsystems, 1997. Java Security Model.
  25. Waldspurger, C., 2002. Memory resource management in VMware ESX server. In Fifth Symposium on Operating Systems Design and Implementation.
  26. Wolfgang, R. B., Podilchuk, C. I., 1999. Perceptual Watermarks for Digital Images and Video, In Proceedings of the IEEE, Vol 87, No 7.
  27. Wright, M., Cowan, C., Morris, J., Smalley, S., KroahHartman G., 2002. Linux Security Modules: General Security Support for the Linux Kernel, In Proceedings of the 11th USENIX Security Symposium.
Download


Paper Citation


in Harvard Style

Dasgupta D., Saha S. and Negatu A. (2010). TECHNIQUES FOR VALIDATION AND CONTROLLED EXECUTION OF PROCESSES, CODES AND DATA - A Survey . In Proceedings of the International Conference on Security and Cryptography - Volume 1: SECRYPT, (ICETE 2010) ISBN 978-989-8425-18-8, pages 77-85. DOI: 10.5220/0002889800770085


in Bibtex Style

@conference{secrypt10,
author={Dipankar Dasgupta and Sudip Saha and Aregahegn Negatu},
title={TECHNIQUES FOR VALIDATION AND CONTROLLED EXECUTION OF PROCESSES, CODES AND DATA - A Survey},
booktitle={Proceedings of the International Conference on Security and Cryptography - Volume 1: SECRYPT, (ICETE 2010)},
year={2010},
pages={77-85},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0002889800770085},
isbn={978-989-8425-18-8},
}


in EndNote Style

TY - CONF
JO - Proceedings of the International Conference on Security and Cryptography - Volume 1: SECRYPT, (ICETE 2010)
TI - TECHNIQUES FOR VALIDATION AND CONTROLLED EXECUTION OF PROCESSES, CODES AND DATA - A Survey
SN - 978-989-8425-18-8
AU - Dasgupta D.
AU - Saha S.
AU - Negatu A.
PY - 2010
SP - 77
EP - 85
DO - 10.5220/0002889800770085