Research on Linux Trusted Boot Method Based on Reverse Integrity Verification

Huang, Chenlin; Hou, Chuanwang; Dai, Huadong; Ding, Yan; Fu, Songling; Ji, Mengluo

doi:10.1155/2016/4516596

Cited by 3 publications

(5 citation statements)

References 16 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Although a number of existing studies only suggest that the three technical approaches of virtualization, walled gardens, and limited separation should be included in a policy-based framework, it is presently also highly recommended that trusted boot should be considered for inclusion in a BYOD policy. This is because trusted boot techniques can help to achieve lower-level protection [60]. This means that lower-level programs can ensure the security of higher-level programs that are to be activated [61].…”

Section: Virtualization Walled Garden Limited Separation Andmentioning

confidence: 99%

A Policy-Based Framework for Preserving Confidentiality in BYOD Environments: A Review of Information Security Perspectives

Vorakulpipat

Sirapaisan

Rattanalerdnusorn

et al. 2017

Security and Communication Networks

View full text Add to dashboard Cite

Today, many organizations allow their employees to bring their own smartphones or tablets to work and to access the corporate network, which is known as a bring your own device (BYOD). However, many such companies overlook potential security risks concerning privacy and confidentiality. This paper provides a review of existing literature concerning the preservation of privacy and confidentiality, with a focus on recent trends in the use of BYOD. This review spans a large spectrum of information security research, ranging from management (risk and policy) to technical aspects of privacy and confidentiality in BYOD. Furthermore, this study proposes a policy-based framework for preserving data confidentiality in BYOD. This framework considers a number of aspects of information security and corresponding techniques, such as policy, location privacy, centralized control, cryptography, and operating system level security, which have been omitted in previous studies. The main contribution is to investigate recent trends concerning the preservation of confidentiality in BYOD from the perspective of information security and to analyze the critical and comprehensive factors needed to strengthen data privacy in BYOD. Finally, this paper provides a foundation for developing the concept of preserving confidentiality in BYOD and describes the key technical and organizational challenges faced by BYOD-friendly organizations.

show abstract

Section: Virtualization Walled Garden Limited Separation Andmentioning

confidence: 99%

A Policy-Based Framework for Preserving Confidentiality in BYOD Environments: A Review of Information Security Perspectives

Vorakulpipat

Sirapaisan

Rattanalerdnusorn

et al. 2017

Security and Communication Networks

View full text Add to dashboard Cite

show abstract

“…It is the element which is considered as de facto secure. In the case of secure boot this element can be a piece of software like a first stage bootloader [109], [110] or a hardware module like a TPM [46], [50], [111], [112], a smartcard [112], [113] or another hardware module [114], [115]. The next layer is measured by the current one then this measurement is verified.…”

Section: A Backgroundmentioning

confidence: 99%

“…The attacks that the attacker is allowed to perform depend directly on the privilege level of the protection. The protections proposed in the literature use either dedicated hardware (for instance [55], [112], [114], [116]) or a software extension (for instance [46], [109], [117]), see Table 5 for more information. Software level approaches do not protect against an attacker with hardware to the However, even the approaches using some dedicated hardware do not address all hardware attacks.…”

Section: ) Adversary Modelmentioning

confidence: 99%

“…TPM can be used as storage for cryptographic material and only allow its reading under certain conditions as in the approach of Hudson et al [46]. It can also be used to measure the integrity of the boot chain layers [50], [112], [124]. TPM have the advantage of being factory-integrated on recent generalpurpose computers and can be implemented on a large number of others.…”

Section: ) Special Hardware Requiredmentioning

confidence: 99%

“…This solution has then been extended to add a smartcard support allowing to store sensitive data in a removable component bound to the user [113]. The approach of Huang et al [112] also uses this method but uses a USB security module instead of a smartcard. These information can also be stored in fuses which ensures that these data cannot be modified even by an attacker with physical access to the system.…”

Section: ) Measurement Algorithmmentioning

confidence: 99%

See 2 more Smart Citations

Firmware Integrity Protection: A Survey

Marchand,

Imine,

Ouarnoughi

et al. 2023

IEEE Access

View full text Add to dashboard Cite

Over the last years, firmware integrity protection has significantly been addressed in various contexts such as internet of things, vehicles, wireless sensor networks and other systems. However, due to variety of studied systems, the proposed approaches often make divergent and sometimes even conflicting security assumptions. In this regard, we propose in this article a complete survey of the most relevant approaches addressing the firmware integrity protection regardless the considered system or field of application. We first organize the approaches in three main categories, depending on the protection type: 1. secure update, 2. attestation, and 3. secure boot. We then propose two new taxonomies, the first one concerns secure update mechanisms and the second one considers secure boot. Moreover, we extend the scope of an existing taxonomy for attestation mechanisms by studying new approaches and discussing limitations. Finally, we identify open research challenges and then give suggestions and guidelines on how to address them.

show abstract