mdh.sePublications
Change search
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf
Continuous Security Evaluation and Auditing of Remote Platforms by Combining Trusted Computing and Security Automation Techniques
SICS Swedish ICT, Sweden. (IS (Embedded Systems))ORCID iD: 0000-0003-3223-4234
SICS Swedish ICT, Sweden.
Mälardalen University, School of Innovation, Design and Engineering. (IS (Embedded Systems))ORCID iD: 0000-0002-2419-2735
2013 (English)In: SIN 2013 - Proceedings of the 6th International Conference on Security of Information and Networks, 2013, p. 136-143Conference paper, Published paper (Refereed)
Abstract [en]

In many new distributed systems paradigms such a cloud computing, Internet of Things (IoT), electronic banking, etc. the security of the host platforms is very critical which is managed by the platform owner. The platform administrators use security automation techniques such as those provided by Security Content Automation Protocol (SCAP) standards to ensure that the outsourced platforms are set up correctly and follow the security recommendations (governmental or industry). However, the remote platform users still have to trust the platform administrators. The third party security audits, used to shift the required user trust from the platform owner to a trusted entity, are scheduled and are not very frequent to deal with the daily reported vulnerabilities which can be exploited by the attackers. In this paper we propose a remote platform evaluation mechanism which can be used by the remote platform users themselves, or by the auditors to perform frequent platform security audits for the platform users. We analyze the existing SCAP and trusted computing (TCG) standards for our solution, identify their shortcomings, and suggest ways to integrate them. Our proposed platform security evaluation framework uses the synergy of TCG and SCAP to address the limitations of each technology when used separately

Place, publisher, year, edition, pages
2013. p. 136-143
National Category
Engineering and Technology
Identifiers
URN: urn:nbn:se:mdh:diva-22270DOI: 10.1145/2523514.2523537Scopus ID: 2-s2.0-84893211730ISBN: 9781450324984 (print)OAI: oai:DiVA.org:mdh-22270DiVA, id: diva2:661141
Conference
6th International Conference on Security of Information and Networks, Nov 26-28, 2013, Aksaray, Turkey
Available from: 2013-10-31 Created: 2013-10-31 Last updated: 2016-03-10Bibliographically approved

Open Access in DiVA

No full text in DiVA

Other links

Publisher's full textScopus

Authority records BETA

Aslam, MudassarBjörkman, Mats

Search in DiVA

By author/editor
Aslam, MudassarBjörkman, Mats
By organisation
School of Innovation, Design and Engineering
Engineering and Technology

Search outside of DiVA

GoogleGoogle Scholar

doi
isbn
urn-nbn

Altmetric score

doi
isbn
urn-nbn
Total: 72 hits
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf