Title :
An analysis of a secure system based on trusted components
Author :
Lindqvist, Ulf ; Olovsson, Tomas ; Jonsson, Erland
Author_Institution :
Dept. of Comput. Eng., Chalmers Univ. of Technol., Goteborg, Sweden
Abstract :
The paper presents a practical security analysis of a beta implementation of a commercial system based on existing trusted hardware components, such as advanced cryptographic building blocks. The system was designed to securely store and handle both sensitive and insensitive data records on individuals in such a way that it would be impossible for unauthorized parties to link sensitive records to the corresponding individuals. The analysis was performed by means of document reviews, interviews and some practical tests with the intention of finding and listing potential vulnerabilities for the knowledge of the design team. The vulnerabilities revealed are classified with respect to their cause, and possible remedies are discussed. The classification shows that the most important problem was that some system components were incorrectly handled as trusted. Finally, we observed that the problems were to a surprisingly high degree non technical, reflecting organisational and management issues and human insufficiencies
Keywords :
data privacy; human factors; security of data; systems analysis; advanced cryptographic building blocks; beta implementation; document reviews; human insufficiencies; management issues; potential vulnerabilities; secure systems analysis; security analysis; sensitive data records; trusted components; trusted hardware components; Application software; Computer aided manufacturing; Computer security; Data privacy; Data security; Databases; Hardware; Humans; Protection; Testing;
Conference_Titel :
Computer Assurance, 1996. COMPASS '96, Systems Integrity. Software Safety. Process Security. Proceedings of the Eleventh Annual Conference on
Conference_Location :
Gaithersburg, MD
Print_ISBN :
0-7803-3390-X
DOI :
10.1109/CMPASS.1996.507889
