Ändra sökning
Avgränsa sökresultatet
1 - 5 av 5
RefereraExporteraLänk till träfflistan
Permanent länk
Referera
Referensformat
  • apa
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Annat format
Fler format
Språk
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Annat språk
Fler språk
Utmatningsformat
  • html
  • text
  • asciidoc
  • rtf
Träffar per sida
  • 5
  • 10
  • 20
  • 50
  • 100
  • 250
Sortering
  • Standard (Relevans)
  • Författare A-Ö
  • Författare Ö-A
  • Titel A-Ö
  • Titel Ö-A
  • Publikationstyp A-Ö
  • Publikationstyp Ö-A
  • Äldst först
  • Nyast först
  • Skapad (Äldst först)
  • Skapad (Nyast först)
  • Senast uppdaterad (Äldst först)
  • Senast uppdaterad (Nyast först)
  • Standard (Relevans)
  • Författare A-Ö
  • Författare Ö-A
  • Titel A-Ö
  • Titel Ö-A
  • Publikationstyp A-Ö
  • Publikationstyp Ö-A
  • Äldst först
  • Nyast först
  • Skapad (Äldst först)
  • Skapad (Nyast först)
  • Senast uppdaterad (Äldst först)
  • Senast uppdaterad (Nyast först)
Markera
Maxantalet träffar du kan exportera från sökgränssnittet är 250. Vid större uttag använd dig av utsökningar.
  • 1.
    Abbasi, Abdul Ghafoor
    KTH, Skolan för informations- och kommunikationsteknik (ICT), Kommunikationssystem, CoS.
    CryptoNET: Generic Security Framework for Cloud Computing Environments2011Doktorsavhandling, monografi (Övrigt vetenskapligt)
    Abstract [en]

    The area of this research is security in distributed environment such as cloud computing and network applications. Specific focus was design and implementation of high assurance network environment, comprising various secure and security-enhanced applications. “High Assurance” means that

    -               our system is guaranteed to be secure,

    -               it is verifiable to provide the complete set of security services,

    -               we prove that it always functions correctly, and

    -               we justify our claim that it can not be compromised without user neglect and/or consent.

     

    We do not know of any equivalent research results or even commercial security systems with such properties. Based on that, we claim several significant research and also development contributions to the state–of–art of computer networks security.

    In the last two decades there were many activities and contributions to protect data, messages and other resources in computer networks, to provide privacy of users, reliability, availability and integrity of resources, and to provide other security properties for network environments and applications. Governments, international organizations, private companies and individuals are investing a great deal of time, efforts and budgets to install and use various security products and solutions. However, in spite of all these needs, activities, on-going efforts, and all current solutions, it is general belief that the security in today networks and applications is not adequate.

    At the moment there are two general approaches to network application’s security. One approach is to enforce isolation of users, network resources, and applications. In this category we have solutions like firewalls, intrusion–detection systems, port scanners, spam filters, virus detection and elimination tools, etc. The goal is to protect resources and applications by isolation after their installation in the operational environment. The second approach is to apply methodology, tools and security solutions already in the process of creating network applications. This approach includes methodologies for secure software design, ready–made security modules and libraries, rules for software development process, and formal and strict testing procedures. The goal is to create secure applications even before their operational deployment. Current experience clearly shows that both approaches failed to provide an adequate level of security, where users would be guaranteed to deploy and use secure, reliable and trusted network applications.

    Therefore, in the current situation, it is obvious that a new approach and a new thinking towards creating strongly protected and guaranteed secure network environments and applications are needed. Therefore, in our research we have taken an approach completely different from the two mentioned above. Our first principle is to use cryptographic protection of all application resources. Based on this principle, in our system data in local files and database tables are encrypted, messages and control parameters are encrypted, and even software modules are encrypted. The principle is that if all resources of an application are always encrypted, i.e. “enveloped in a cryptographic shield”, then

    -               its software modules are not vulnerable to malware and viruses,

    -               its data are not vulnerable to illegal reading and theft,

    -               all messages exchanged in a networking environment are strongly protected, and

    -               all other resources of an application are also strongly protected.

     

    Thus, we strongly protect applications and their resources before they are installed, after they are deployed, and also all the time during their use.

    Furthermore, our methodology to create such systems and to apply total cryptographic protection was based on the design of security components in the form of generic security objects. First, each of those objects – data object or functional object, is itself encrypted. If an object is a data object, representing a file, database table, communication message, etc., its encryption means that its data are protected all the time. If an object is a functional object, like cryptographic mechanisms, encapsulation module, etc., this principle means that its code cannot be damaged by malware. Protected functional objects are decrypted only on the fly, before being loaded into main memory for execution. Each of our objects is complete in terms of its content (data objects) and its functionality (functional objects), each supports multiple functional alternatives, they all provide transparent handling of security credentials and management of security attributes, and they are easy to integrate with individual applications. In addition, each object is designed and implemented using well-established security standards and technologies, so the complete system, created as a combination of those objects, is itself compliant with security standards and, therefore, interoperable with exiting security systems.

    By applying our methodology, we first designed enabling components for our security system. They are collections of simple and composite objects that also mutually interact in order to provide various security services. The enabling components of our system are:  Security Provider, Security Protocols, Generic Security Server, Security SDKs, and Secure Execution Environment. They are all mainly engine components of our security system and they provide the same set of cryptographic and network security services to all other security–enhanced applications.

    Furthermore, for our individual security objects and also for larger security systems, in order to prove their structural and functional correctness, we applied deductive scheme for verification and validation of security systems. We used the following principle: “if individual objects are verified and proven to be secure, if their instantiation, combination and operations are secure, and if protocols between them are secure, then the complete system, created from such objects, is also verifiably secure”. Data and attributes of each object are protected and secure, and they can only be accessed by authenticated and authorized users in a secure way. This means that structural security properties of objects, upon their installation, can be verified. In addition, each object is maintained and manipulated within our secure environment so each object is protected and secure in all its states, even after its closing state, because the original objects are encrypted and their data and states stored in a database or in files are also protected.

    Formal validation of our approach and our methodology is performed using Threat Model. We analyzed our generic security objects individually and identified various potential threats for their data, attributes, actions, and various states. We also evaluated behavior of each object against potential threats and established that our approach provides better protection than some alternative solutions against various threats mentioned. In addition, we applied threat model to our composite generic security objects and secure network applications and we proved that deductive approach provides better methodology for designing and developing secure network applications. We also quantitatively evaluated the performance of our generic security objects and found that the system developed using our methodology performs cryptographic functions efficiently.

    We have also solved some additional important aspects required for the full scope of security services for network applications and cloud environment: manipulation and management of cryptographic keys, execution of encrypted software, and even secure and controlled collaboration of our encrypted applications in cloud computing environments. During our research we have created the set of development tools and also a development methodology which can be used to create cryptographically protected applications. The same resources and tools are also used as a run–time supporting environment for execution of our secure applications. Such total cryptographic protection system for design, development and run–time of secure network applications we call CryptoNET system. CrytpoNET security system is structured in the form of components categorized in three groups: Integrated Secure Workstation, Secure Application Servers, and Security Management Infrastructure Servers. Furthermore, our enabling components provide the same set of security services to all components of the CryptoNET system.

    Integrated Secure Workstation is designed and implemented in the form of a collaborative secure environment for users. It protects local IT resources, messages and operations for multiple applications. It comprises four most commonly used PC applications as client components: Secure Station Manager (equivalent to Windows Explorer), Secure E-Mail Client, Secure Web Browser, and Secure Documents Manager. These four client components for their security extensions use functions and credentials of the enabling components in order to provide standard security services (authentication, confidentiality, integrity and access control) and also additional, extended security services, such as transparent handling of certificates, use of smart cards, Strong Authentication protocol, Security Assertion Markup Language (SAML) based Single-Sign-On protocol, secure sessions, and other security functions.

    Secure Application Servers are components of our secure network applications: Secure E-Mail Server, Secure Web Server, Secure Library Server, and Secure Software Distribution Server. These servers provide application-specific services to client components. Some of the common security services provided by Secure Application Servers to client components are Single-Sign-On protocol, secure communication, and user authorization. In our system application servers are installed in a domain but it can be installed in a cloud environment as services. Secure Application Servers are designed and implemented using the concept and implementation of the Generic Security Server. It provides extended security functions using our engine components. So by adopting this approach, the same sets of security services are available to each application server.

    Security Management Infrastructure Servers provide domain level and infrastructure level services to the components of the CryptoNET architecture. They are standard security servers, known as cloud security infrastructure, deployed as services in our domain level could environment.

    CryptoNET system is complete in terms of functions and security services that it provides. It is internally integrated, so that the same cryptographic engines are used by all applications. And finally, it is completely transparent to users – it applies its security services without expecting any special interventions by users. In this thesis, we developed and evaluated secure network applications of our CryptoNET system and applied Threat Model to their validation and analysis. We found that deductive scheme of using our generic security objects is effective for verification and testing of secure, protected and verifiable secure network applications.

    Based on all these theoretical research and practical development results, we believe that our CryptoNET system is completely and verifiably secure and, therefore, represents a significant contribution to the current state-of-the-art of computer network security.

  • 2.
    Abbasi, Abdul Ghafoor
    et al.
    KTH, Skolan för industriell teknik och management (ITM), Maskinkonstruktion (Inst.), Maskinelement.
    Muftic, Sead
    KTH, Skolan för informations- och kommunikationsteknik (ICT), Kommunikationssystem, CoS.
    CryptoNET: Security Management Protocols2010Ingår i: ADVANCES IN DATA NETWORKS, COMMUNICATIONS, COMPUTERS / [ed] Mastorakis, NE; Mladenov, V, ATHENS: WORLD SCIENTIFIC AND ENGINEERING ACAD AND SOC , 2010, 15-20 s.Konferensbidrag (Refereegranskat)
    Abstract [en]

    In this paper we describe several network security protocols used by various components of CryptoNET architecture. The protocols are based on the concept of generic security objects and on well-established security standards and technologies. Distinctive features of our security protocols are: (1) they are complete in terms of their functionality, (2) they are easy to integrate with applications, (3) they transparently handle security credentials and protocol-specific attributes using FIPS 201 (PIV) smart cards, and (4) they are based on generic security objects. These protocols are: remote user authentication protocol, single-sign-on protocol, SAML authorization protocol, and secure sessions protocol. Security protocols use our Security Provider as a collection of cryptographic engines implemented either in software or using FIPS 201 (NV) smart cards. It also manages protocols' attributes using security applets stored in Ply smart card.

  • 3.
    Abbasi, Abdul Ghafoor
    et al.
    KTH, Skolan för informations- och kommunikationsteknik (ICT), Kommunikation: Infrastruktur och tjänster (Stängd 20120101), Kommunikationssystem, CoS (stängd 2012-01-01).
    Muftic, Sead
    KTH, Skolan för informations- och kommunikationsteknik (ICT), Kommunikation: Infrastruktur och tjänster (Stängd 20120101), Kommunikationssystem, CoS (stängd 2012-01-01).
    Hotamov, I.
    Web contents protection, secure execution and authorized distribution2010Ingår i: Proceedings - 5th International Multi-Conference on Computing in the Global Information Technology, ICCGI 2010, 2010, 157-162 s.Konferensbidrag (Refereegranskat)
    Abstract [en]

    This paper describes the design and implementation of a comprehensive system for protection of Web contents. In this design, new security components and extended security features are introduced in order to protect Web contents ageist various Web attacks. Components and extended security features are: protection of Web pages using strong encryption techniques, encapsulation of Web contents and resources in PKCS#7, extended secure execution environment for Java Web Server, eXtensible Access Control Markup Language (XACML) based authorization policies, and secure Web proxy. Design and implementation of our system is based on the concepts of generic security objects and component-based architecture that makes it compatible with exiting Web infrastructures without any modification.

  • 4.
    Abbasi, Abdul Ghafoor
    et al.
    KTH, Skolan för informations- och kommunikationsteknik (ICT), Kommunikation: Infrastruktur och tjänster (Stängd 20120101), Kommunikationssystem, CoS (stängd 2012-01-01).
    Muftic, Sead
    KTH, Skolan för informations- och kommunikationsteknik (ICT), Kommunikation: Infrastruktur och tjänster (Stängd 20120101), Kommunikationssystem, CoS (stängd 2012-01-01).
    Mumtaz, Shahzad Ahmed
    KTH, Skolan för informations- och kommunikationsteknik (ICT), Kommunikation: Infrastruktur och tjänster (Stängd 20120101), Kommunikationssystem, CoS (stängd 2012-01-01).
    Security extensions of windows environment based on FIPS 201 (PIV) smart card2011Ingår i: World Congr. Internet Secur., WorldCIS, 2011, 86-92 s.Konferensbidrag (Refereegranskat)
    Abstract [en]

    This paper describes security extensions of various Windows components based on usage of FIPS 201 (PIV) smart cards. Compared to some other similar solutions, this system has two significant advantages: first, smart cards are based on FIPS 201 standard and not on some proprietary technology; second, smart card security extensions represent an integrated solution, so the same card is used for security of several Microsoft products. Furthermore, our smart card system uses FIPS 201 applet and middleware with smart card APIs, so it can also be used by other developers to extend their own applications with smart card functions in a Windows environment. We support the following security features with smart cards: start-up authentication (based on PIN and/or fingerprint), certificate-based domain authentication, strong authentication, and protection of local resources. We also integrated our middleware and smart cards with MS Outlook and MS Internet Explorer.

  • 5.
    Imran, Syed Khalid
    et al.
    KTH, Skolan för industriell teknik och management (ITM), Energiteknik.
    Raza, Rizwan
    KTH, Skolan för industriell teknik och management (ITM), Energiteknik.
    Abbas, Ghazanfar
    KTH, Skolan för industriell teknik och management (ITM), Energiteknik.
    Zhu, Bin
    KTH, Skolan för industriell teknik och management (ITM), Energiteknik.
    Characterization and Development of Bio-Ethanol Solid Oxide Fuel Cell2011Ingår i: Journal of Fuel Cell Science and Technology, ISSN 1550-624X, Vol. 8, nr 6, 061014- s.Artikel i tidskrift (Refereegranskat)
    Abstract [en]

    Bio-ethanol based fuel cell is an energy source with a promising future. The low temperature solid oxide fuel cell fed by direct bio-ethanol is receiving considerable attention as a clean and highly efficient for the production of both electricity and high grade waste heat. The comparison of fuel cell performance with different metal-oxide based electrodes was investigated. The power densities of 584 mW cm(-2) and 514 mW cm(-2) at 520 degrees C and 570 degrees C respectively were found. The effect of electrode catalyst function, ethanol concentration on the electrical performance was investigated at different temperature ranged in between 300 degrees C-600 degrees C. The effect of deposited carbon on the electrode was investigated by energy-dispersive X-ray spectroscopy and scanning electron microscope after testing the cell with bio-ethanol.

1 - 5 av 5
RefereraExporteraLänk till träfflistan
Permanent länk
Referera
Referensformat
  • apa
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Annat format
Fler format
Språk
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Annat språk
Fler språk
Utmatningsformat
  • html
  • text
  • asciidoc
  • rtf