polito.it
Politecnico di Torino (logo)

Use of trusted computing techniques to counteract cybersecurity attacks in critical infrastructures

Enrico Bravi

Use of trusted computing techniques to counteract cybersecurity attacks in critical infrastructures.

Rel. Antonio Lioy, Diana Gratiela Berbecaru, Ignazio Pedone. Politecnico di Torino, Corso di laurea magistrale in Ingegneria Informatica (Computer Engineering), 2022

[img]
Preview
PDF (Tesi_di_laurea) - Tesi
Licenza: Creative Commons Attribution Non-commercial No Derivatives.

Download (2MB) | Preview
Abstract:

Nowadays to manage critical infrastructures there are largely adopted paradigms such as Cloud Computing, Fog Computing, and Edge Computing. They introduce several advantages, like ensuring great flexibility, availability and reducing management costs. These goals are mostly achieved thanks to the advantages of virtualization technologies. Despite these techniques introduce several advantages in terms of performance, they introduce also several security threats like attacks against software integrity. To mitigate these kinds of threats can be used Trusted Computing techniques like Remote Attestation (RA) which permits a third party (Verifier) to verify the software and configurations' integrity of a platform (Attester) to determine its trustworthiness. To perform RA there are several techniques that can be based on some secure hardware (e.g. TPM and TEE based) or based only on software solutions (e.g. Pioneer). The problem addressed by this work is the lack of a generic model for remote attestation which makes it difficult to attest different objects and aggregate different attestation technologies. The proposed solution consists of a new version of an already proposed system called Trust Monitor. The purpose of this thesis is to propose a new design and a new implementation of this platform in order to can reach the highest level of flexibility that this system can offer and to be able to integrate this platform into the largest number of possible scenarios. The solution proposed permits to be independent of the objects on which performing RA (physical nodes, virtual machines, containers, pods, enclaves), introducing an object model completely general in order to can save the necessary information for each kind of possible entity. In addition, it permits to reach the independence of the platform from the RA technologies (e.g. Keylime, Open Attestation, Intel SGX) used, thanks to a dynamic loading of ad hoc plugins for each technology.

Relators: Antonio Lioy, Diana Gratiela Berbecaru, Ignazio Pedone
Academic year: 2022/23
Publication type: Electronic
Number of Pages: 90
Subjects:
Corso di laurea: Corso di laurea magistrale in Ingegneria Informatica (Computer Engineering)
Classe di laurea: New organization > Master science > LM-32 - COMPUTER SYSTEMS ENGINEERING
Aziende collaboratrici: Politecnico di Torino
URI: http://webthesis.biblio.polito.it/id/eprint/24553
Modify record (reserved for operators) Modify record (reserved for operators)