Search: onr:"swepub:oai:DiVA.org:mdh-22270" >
Continuous Security...
Continuous Security Evaluation and Auditing of Remote Platforms by Combining Trusted Computing and Security Automation Techniques
-
- Aslam, Mudassar (author)
- RISE,SICS,SICS Swedish ICT, Sweden,IS (Embedded Systems)
-
- Gehrmann, Christian (author)
- RISE,Security Lab,SICS Swedish ICT, Sweden
-
- Björkman, Mats (author)
- Mälardalens högskola,Akademin för innovation, design och teknik,IS (Embedded Systems),Mälardalen University, Sweden
-
(creator_code:org_t)
- 2013-11-26
- 2013
- English.
-
In: SIN 2013 - Proceedings of the 6th International Conference on Security of Information and Networks. - New York, NY, USA : ACM. - 9781450324984 ; , s. 136-143
- Related links:
-
https://urn.kb.se/re...
-
show more...
-
https://doi.org/10.1...
-
https://urn.kb.se/re...
-
show less...
Abstract
Subject headings
Close
- In many new distributed systems paradigms such a cloud computing, Internet of Things (IoT), electronic banking, etc. the security of the host platforms is very critical which is managed by the platform owner. The platform administrators use security automation techniques such as those provided by Security Content Automation Protocol (SCAP) standards to ensure that the outsourced platforms are set up correctly and follow the security recommendations (governmental or industry). However, the remote platform users still have to trust the platform administrators. The third party security audits, used to shift the required user trust from the platform owner to a trusted entity, are scheduled and are not very frequent to deal with the daily reported vulnerabilities which can be exploited by the attackers. In this paper we propose a remote platform evaluation mechanism which can be used by the remote platform users themselves, or by the auditors to perform frequent platform security audits for the platform users. We analyze the existing SCAP and trusted computing (TCG) standards for our solution, identify their shortcomings, and suggest ways to integrate them. Our proposed platform security evaluation framework uses the synergy of TCG and SCAP to address the limitations of each technology when used separately
Subject headings
- NATURVETENSKAP -- Data- och informationsvetenskap (hsv//swe)
- NATURAL SCIENCES -- Computer and Information Sciences (hsv//eng)
Publication and Content Type
- ref (subject category)
- kon (subject category)
Find in a library
To the university's database