Change search
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf
Automatic secret synchronisation across heterogeneous IT environments
KTH, School of Engineering Sciences in Chemistry, Biotechnology and Health (CBH), Biomedical Engineering and Health Systems, Health Informatics and Logistics.
KTH, School of Engineering Sciences in Chemistry, Biotechnology and Health (CBH), Biomedical Engineering and Health Systems, Health Informatics and Logistics.
2019 (English)Independent thesis Basic level (university diploma), 10 credits / 15 HE creditsStudent thesisAlternative title
Automatisk hemlighetssynkronisering mellan heterogena IT-miljöer och plattformar (Swedish)
Abstract [en]

Following circumstances such as mergers and acquisitions, the IT systemsassociated with the participating organisations may need to share access towardsservices and systems with eachother. Access towards systems and services is oftencontrolled using secret information such as passwords or keys. This implies thatsharing access between IT systems is achieved by sharing secret information.

This thesis proposes new methods for automatic synchronization of secretsbetween different secret management systems that may not be natively compatiblewith one another. After examining how the already existing secret managementsystems function as well as created a data centric threat model, a system design wasproposed. A secret proxy connects to each secret management system which in turnconnects to a central secret distributor that handles and updates the other proxies.

The results indicate that such a system can be implemented and securely distributesecrets automatically. By synchronizing secrets automatically, the work involvedwith supporting several secret management systems in parallel which all needaccess to some common secrets could be reduced.

Abstract [sv]

Under omständigheter så som sammanslagning av organisationer kan ett flertalseparata IT-system tilhörande de olika organisationerna behöva dela åtkomst mottjänster med varandra. Åtkomst mot tjänster regleras ofta med hjälp av hemliginformation så som lösenord eller nycklar. Detta innebär att delning av åtkomstmellan IT-system uppnås genom delning av hemlig information mellan dessasystem.

Detta arbetet föreslår nya metoder för att automatiskt synkronisera lösenord ochhemligheter mellan flera hemlighetshanteringssystem som normalt sett inte ärkompatibla med varandra.

En arkitekturell modell togs fram efter att en utvärdering av redan existerandehemlighetshanteringssystems funktionalitet samt en analys av den framtagna hotmodellengjorts. En proxy ansluter till det lokala hemlighets-hanteringssystemetsom i sin tur ansluts till ett centralt distribueringssystem vars jobb är att hanteraoch uppdatera alla proxys.

Resultatet påvisar att ett system för att automatiskt synkronisera hemligheter påett säkert sätt går att bygga både i teorin och i praktiken. Automatisk synkroniseringkan minska det arbete som krävs för att hantera flera parallella system däralla behöver ha tillgång till gemensamma hemligheter.

Place, publisher, year, edition, pages
2019. , p. 76
Series
TRITA-CBH-GRU ; 2019:029
Keywords [en]
security, secrets, secret management, system integration, cryptography, computer security
Keywords [sv]
säkerhet, hemligheter, hemlighetshantering, systemintegration, kryptografi, datasäkerhet
National Category
Computer Engineering
Identifiers
URN: urn:nbn:se:kth:diva-252815OAI: oai:DiVA.org:kth-252815DiVA, id: diva2:1322258
Subject / course
Computer Technology, Networks and Security
Educational program
Bachelor of Science in Engineering - Computer Engineering
Supervisors
Examiners
Available from: 2019-06-11 Created: 2019-06-10 Last updated: 2019-06-11Bibliographically approved

Open Access in DiVA

Automatic secret synchronisation across heterogeneous IT environments(1140 kB)12 downloads
File information
File name FULLTEXT01.pdfFile size 1140 kBChecksum SHA-512
0483ff629cb1a610d216777496db47597266edbc9bce44b52d9994cf2b55cc727b42182ff4fef5c82b3d089cf206b2dcaccdb7b8a724ec5b285a697799afa871
Type fulltextMimetype application/pdf

By organisation
Health Informatics and Logistics
Computer Engineering

Search outside of DiVA

GoogleGoogle Scholar
Total: 12 downloads
The number of downloads is the sum of all downloads of full texts. It may include eg previous versions that are now no longer available

urn-nbn

Altmetric score

urn-nbn
Total: 88 hits
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf