An analysis of a secure system based on trusted components
Paper in proceedings, 1996

The paper presents a practical security analysis of a beta implementation of a commercial system based on existing trusted hardware components, such as advanced cryptographic building blocks. The system was designed to securely store and handle both sensitive and insensitive data records on individuals in such a way that it would be impossible for unauthorized parties to link sensitive records to the corresponding individuals. The analysis was performed by means of document reviews, interviews and some practical tests with the intention of finding and listing potential vulnerabilities for the knowledge of the design team. The vulnerabilities revealed are classified with respect to their cause, and possible remedies are discussed. The classification shows that the most important problem was that some system components were incorrectly handled as trusted. Finally, we observed that the problems were to a surprisingly high degree non technical, reflecting organisational and management issues and human insufficiencies.

penetration test

security evaluation

Author

Ulf Lindqvist

Tomas Olovsson

Department of Computer Engineering

Erland Jonsson

Department of Computer Engineering

IEEE Proceedings of the Eleventh Annual Conference on Computer Assurance, COMPASS '96

213-223

Subject Categories

Computer Engineering

Information Science

Areas of Advance

Information and Communication Technology

DOI

10.1109/CMPASS.1996.507889

More information

Created

10/8/2017