Date of Award

6-2024

Degree Name

MS in Computer Science

Department/Program

Computer Science

College

College of Engineering

Advisor

Stephen Robert Beard

Advisor Department

Computer Science

Advisor College

College of Engineering

Abstract

Previous work introduced TrustGuard, a design for a containment architecture that allows only the result of the correct execution of approved software to be outputted. A containment architecture prevents results from malicious hardware or software from being communicated externally. At the core of TrustGuard is a trusted, pluggable device that sits on the path between an untrusted processor and the outside world. This device, called the Sentry, is responsible for validating the correctness of all communication before it leaves the system. This thesis seeks to leverage the correctness guarantees that the Sentry provides to enable efficient secure communication between two systems each protected by their own Sentry. This thesis reviews the literature for methods of enabling secure communication between two computer-Sentry pairs. It categorizes the pieces of the solution into three sections: attestation, establishing a tunnel, and communicating securely. Attestation in this context provides evidence of identity. It proposes a new configurable design for a secure network architecture, which includes a new version of the Sentry with a hardware accelerator for secure symmetric encryption, ring oscillator-based physically unclonable functions, and random number generators for attestation and key generation. These design elements are then evaluated based on how they might affect the overall system in terms of resource constraints, performance impacts, and scalability.

Download

Share

COinS