A Trustworthy Assurance-as-a-Service Architecture
نویسندگان
چکیده
Increasing complexity and inter-dependency of information systems (IS), and the lack of transparency regarding system components and policies, have rendered traditional security mechanisms (applied at different OSI levels) inadequate to provide convincing confidentiality-integrity-availability (CIA) assurances regarding any IS. We present an architecture for a generic, trustworthy assurance-as-a-service IS, which can actively monitor the integrity of any IS, and provide convincing system-specific CIA assurances to users of the IS. More importantly no component of the monitored IS itself is trusted in order to provide assurances regarding the monitored IS.
منابع مشابه
Engineering Trustworthy Self-Adaptive Software with Dynamic Assurance Cases
Building on concepts drawn from control theory, self-adaptive software handles environmental and internal uncertainties by dynamically adjusting its architecture and parameters in response to events such as workload changes and component failures. Self-adaptive software is increasingly expected to meet strict functional and non-functional requirements in applications from areas as diverse as ma...
متن کاملTrustworthy services through attestation
Remote attestation is a promising mechanism for assurance of distributed systems. It allows users to identify the software running on a remote system before trusting it with an important task. This functionality is arriving at exactly the right time as security-critical systems, such as healthcare and financial services, are increasingly being hosted online. However, attestation has limitations...
متن کاملBeyond Kernel-Level Integrity Measurement: Enabling Remote Attestation for the Android Platform
Increasing adoption of smartphones in recent times has begun to attract more and more malware writers towards these devices. Among the most prominent and widely adopted open source software stacks for smartphones is Android that comes with a strong security infrastructure for mobile devices. However, as with any remote platform, a service provider or device owner needs assurance that the device...
متن کاملFECloud: A Trustworthy Forensics-Enabled Cloud Architecture
The rapid migration from traditional computing and storage model to the cloud model creates the necessity of supporting reliable forensics in the cloud. However, today’s cloud computing architectures often lack support for forensic investigations because many of the assumptions that are taken for granted in traditional digital forensics do not apply to clouds. Hence, the existing digital forens...
متن کاملOn Achieving Trustworthy SOA-Based Web Services
This work is inspired by the intend to construct SOABased E-Government. We first emphasize the importance of taking measures for solving security problems facing Web Services, we then have an in-depth look at SOA-Based Web Services, including its architecture, underlying technologies, transmission model, and SOAP message. By leveraging the understanding of securing Web Services, we conclude tha...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
عنوان ژورنال:
دوره شماره
صفحات -
تاریخ انتشار 2014