Files in this item



application/pdfOkhravi_Hamed.pdf (2MB)
(no description provided)PDF


Title:Trusted and high assurance systems
Author(s):Okhravi, Hamed
Director of Research:Nicol, David M.
Doctoral Committee Chair(s):Nicol, David M.
Doctoral Committee Member(s):Sanders, William H.; Adve, Vikram S.; Vaidya, Nitin H.
Department / Program:Electrical & Computer Eng
Discipline:Electrical & Computer Engr
Degree Granting Institution:University of Illinois at Urbana-Champaign
Subject(s):Trusted systems
High assurance systems
Multilevel security (MLS)
Trusted boot
Trusted networks
Patch management
Trusted graphics
Formal methods
Abstract:High assurance MILS (multiple independent levels of security) and MLS (multilevel security) systems require strict limitation of the interactions between different security compartments based on a security policy. Virtualization can be used to provide a high degree of separation in such systems. This work provides a study of commercial-off-the-shelf (COTS) products to support high assurance MLS systems and designs a candidate architecture based on virtualization and trusted execution to provide strong compartmentalization. We then identify three major security problems in the candidate architecture: the lack of trust in the network, the problem of patch management, and untrusted graphics. We study and solve each of the security gaps in detail. More specifically, we design and evaluate a trusted network architecture for high assurance applications, evaluate an optimal pre-deployment testing time for effective patch management, and finally design, implement, and formally evaluate a trusted graphics subsystem.
Issue Date:2010-05-19
Rights Information:Copyright 2010 Hamed Okhravi
Date Available in IDEALS:2010-05-19
Date Deposited:May 2010

This item appears in the following Collection(s)

Item Statistics