Dampier, David A.
Allen, Edward B.
Dandass, Yoginder S.
Date of Degree
Dissertation - Open Access
Doctor of Philosophy
James Worth Bagley College of Engineering
Department of Computer Science and Engineering
Hidden undesired functionality is an unavoidable reality in any complex hardware or software component. Undesired functionality — deliberately introduced Trojan horses or accidentally introduced bugs — in any component of a system can be exploited by attackers to exert control over the system. This poses a serious security risk to systems — especially in the ever growing number of systems based on networks of computers. The approach adopted in this dissertation to secure systems seeks immunity from hidden functionality. Specifcally, if a minimal trusted computing base (TCB) for any system can be identifed, and if we can eliminate hidden functionality in the TCB, all desired assurances regarding the operation of the system can be guaranteed. More specifcally, the desired assurances are guaranteed even if undesired functionality may exist in every component of the system outside the TCB. A broad goal of this dissertation is to characterize the TCB for various systems as a set of functions executed by a trusted security kernel. Some constraints are deliberately imposed on the security kernel functionality to reduce the risk of hidden functionality inside the security kernel. In the security model adopted in this dissertation, any system is seen as an interconnection of subsystems, where each subsystem is associated with a security kernel. The security kernel for a subsystem performs only the bare minimal tasks required to assure the integrity of the tasks performed by the subsystem. Even while the security kernel functionality may be different for each system/subsystem, it is essential to identify reusable components of the functionality that are suitable for a wide range of systems. The contribution of the research is a versatile data-structure — Ordered Merkle Tree (OMT), which can act as the reusable component of various security kernels. The utility of OMT is illustrated by designing security kernels for subsystems participating in, 1) a remote fle storage system, 2) a generic content distribution system, 3) generic look-up servers, 4) mobile ad-hoc networks and 5) the Internet’s routing infrastructure based on the border gateway protocol (BGP).
Mohanty, Somya Darsan, "Ordered Merkle Tree a Versatile Data-Structure for Security Kernels" (2013). Theses and Dissertations MSU. 3413.