draft-moran-suit-architecture-03

Slides:

Advertisements

Similar presentations

Wei Lu 1, Kate Keahey 2, Tim Freeman 2, Frank Siebenlist 2 1 Indiana University, 2 Argonne National Lab

Advertisements

Key Management And Key Distribution The essential problems addressed by all cryptosystems is how to safely exchange keys and how to easily manage the.

Operating System Security

A Unified Approach to Combat Counterfeiting: Use of the Digital Object Architecture and ITU-T Recommendation X.1255 Robert E. Kahn President & CEO CNRI,

Introduction to Database Management  Department of Computer Science Northern Illinois University January 2001.

Chapter 1 – Introduction

DBMS Functions Data, Storage, Retrieval, and Update

Figure 1.1 Interaction between applications and the operating system.

Cloud Usability Framework

Domain Name System Security Extensions (DNSSEC) Hackers 2.

Network Security. Trust Relationships (Trust Zones) High trust (internal) = f c (once you gain access); g p Low trust ( ) = more controls; fewer privileges.

Pay As You Go – Associating Costs with Jini Leases By: Peer Hasselmeyer and Markus Schumacher Presented By: Nathan Balon.

Wolfgang Schneider NSI: A Client-Server-Model for PKI Services.

Database Management System Lecture 2 Introduction to Database management.

Database Environment 1.  Purpose of three-level database architecture.  Contents of external, conceptual, and internal levels.  Purpose of external/conceptual.

Wireless and Security CSCI 5857: Encoding and Encryption.

Architectural Considerations for GEOPRIV/ECRIT Presentation given by Hannes Tschofenig.

Social Networking with Frientegrity: Privacy and Integrity with an Untrusted Provider Prateek Basavaraj April 9 th 2014.

General Key Management Guidance. Key Management Policy  Governs the lifecycle for the keying material  Hope to minimize additional required documentation.

SEC835 Practical aspects of security implementation Part 1.

Doc.: IEEE 802 ec-12/0006r0 Submission Liaison presentation to SC6 regarding Internet Security Date: 2012-February-13 Authors: IEEE 802 LiaisonSlide 1.

Chapter 01: Introduction to Network Security. Network  A Network is the inter-connection of communications media, connectivity equipment, and electronic.

Intro – Part 2 Introduction to Database Management: Ch 1 & 2.

ACM 511 Introduction to Computer Networks. Computer Networks.

Database Systems DBMS Environment Data Abstraction.

Security Requirements of NVO3 draft-hartman-nvo3-security-requirements-01 S. Hartman M. Wasserman D. Zhang 1.

INFO1408 Database Design Concepts Week 15: Introduction to Database Management Systems.

Securing Data in Transit and Storage Sanjay Beri Co-Founder & Senior Director of Product Management Ingrian Networks.

Amit Warke Jerry Philip Lateef Yusuf Supraja Narasimhan Back2Cloud: Remote Backup Service.

3-Tier Architecture Chandrasekaran Rajagopalan Cs /01/99.

Module 2: Database Environment

1 Chapter 1 – Background Computer Security T/ Tyseer Alsamany - Computer Security.

Introduction and Overview of Information Security and Policy By: Hashem Alaidaros 4/10/2015 Lecture 1 IS 332.

Sponsored by the U.S. Department of Defense © 2008 by Carnegie Mellon University page 1 Pittsburgh, PA The Implications of a Single Mobile Computing.

Basic Security Concepts University of Sunderland CIT304 Harry R Erwin, PhD.

Lecture1.1(Chapter 1) Prepared by Dr. Lamiaa M. Elshenawy 1.

Database Environment Chapter 2. The Three-Level ANSI-SPARC Architecture External Level Conceptual Level Internal Level Physical Data.

Draft way Forward on Access Control Model and associated Terminology Group Name: SEC Source: Dragan Vujcic, Oberthur Technologies,

RANDY MODOWSKI COSC Cloud Computing. Road Map What is Cloud Computing? History of “The Cloud” Cloud Milestones How Cloud Computing is being used.

Building Preservation Environments with Data Grid Technology Reagan W. Moore Presenter: Praveen Namburi.

PREPARED BY: MS. ANGELA R.ICO & MS. AILEEN E. QUITNO (MSE-COE) COURSE TITLE: OPERATING SYSTEM PROF. GISELA MAY A. ALBANO PREPARED BY: MS. ANGELA R.ICO.

Pouya Ostovari and Jie Wu Computer & Information Sciences

OceanStore : An Architecture for Global-Scale Persistent Storage Jaewoo Kim, Youngho Yi, Minsik Cho.

CCNA Exploration v4.0 Network fundamentals CCNA Exploration v4.0 Network fundamentals.

Key management issues in PGP

Unit 3 Virtualization.

Information and documentation media systems.

Grid Computing Security Mechanisms: the state-of-the-art

Database Management.

TASHKENT UNIVERSITY OF INFORMATION TECHNOLOGIES NAMED AFTER MUHAMMAD AL-KHWARIZMI THE SMART HOME IS A BASIC OF SMART CITIES: SECURITY AND METHODS OF.

Data & Network Security

Problem Statement and Requirement: Mobile Multicast

Use Cases and Requirements for I2NSF_

Database Database is a large collection of related data that can be stored, generally describes activities of an organization. An organised collection.

Computer Security Security Concepts September 20, 2018

Ahmet Fatih Mustacoglu

Data Base System Lecture : Database Environment

Hannes Tschofenig Henning Schulzrinne M. Shanmugam

DATABASE SYSTEM UNIT I.

Introduction to Databases Transparencies

A Redundant Global Storage Architecture

Chapter 27 Security Engineering

How to Mitigate the Consequences What are the Countermeasures?

Andrew Hinchley CPL Consulting

Network Architecture By Dr. Shadi Masadeh 1.

Database Management Systems

Aimee Coughlin, Greg Cusack, Jack Wampler, Eric Keller, Eric Wustrow

Cryptography and Network Security

INTRODUCTION A Database system is basically a computer based record keeping system. The collection of data, usually referred to as the database, contains.

A Firmware Update Architecture for Internet of Things Devices

Presentation transcript:

draft-moran-suit-architecture-03

Terminology Manifest: Firmware Image (or firmware): The manifest contains meta-data about the firmware image. The manifest is protected against modification and provides information about the author. Firmware Image (or firmware): The firmware image is a binary that may contain the complete software of a device or a subset of it. … may consist of multiple images. … may consist of a differential update

Terminology Author: Device: Untrusted Storage: The author is the entity that creates the firmware image, signs and/or encrypts it and attaches a manifest to it. Device: The device is the recipient of the firmware image and the manifest. The goal is to update the firmware of the device. Untrusted Storage: Firmware images and manifests are stored on untrusted fileservers or cloud storage infrastructure.

Terminology We had a discussion about the ITU-T terminology. Some terms can be mapped but for others there is no related concept since the ITU-T architecture is broader (e.g., tracker concept).

Requirements Role of post-quantum secure signature mechanisms? Agnostic to how firmware images are distributed Friendly to broadcast delivery Uses state-of-the-art security mechanisms Rollback attacks must be prevented. High reliability Operates with a small bootloader Small Parsers Minimal impact on existing firmware formats Robust permissions Role of post-quantum secure signature mechanisms? What should be stated as “state-of-the-art”? Relationship to bootloader Terminology and architecture does not really talk about bootloader.

Manifest with attached firmware /------------\ /------------\ /Manifest with \ /Manifest with \ |attached | |attached | \firmware image/ \firmware image/ \------------/ +-----------+ \------------/ +--------+ | | +--------+ | |<.................| Untrusted |<................| | | Device | | Storage | | Author | | | | | | | +--------+ +-----------+ +--------+

Independent retrieval of the firmware image /------------\ / \ | Manifest | \ / +--------+ \------------/ +--------+ | |<..............................................>| | | Device | -- | Author | | |<- --- | | +--------+ -- --- +--------+ -- --- --- --- -- +-----------+ -- -- | | -- /------------\ -- | Untrusted |<- /------------\ / \ -- | Storage | / \ | Firmware | | | | Firmware | \ / +-----------+ \ / \------------/ \------------/

Appendix Contains: Threat Model User Stories Security Requirements and Usability Requirements Made appendix easier to read with forward references.