Design and implementation of a trust calculation method for network components
Turetta, Saverio (2021-05-19)
Design and implementation of a trust calculation method for network components
(19.05.2021)
Julkaisu on tekijänoikeussäännösten alainen. Teosta voi lukea ja tulostaa henkilökohtaista käyttöä varten. Käyttö kaupallisiin tarkoituksiin on kielletty.
avoin
Julkaisun pysyvä osoite on:
https://urn.fi/URN:NBN:fi-fe2021052832130
https://urn.fi/URN:NBN:fi-fe2021052832130
Tiivistelmä
Today’s organizations rely on internal or cloud-infrastructures to manage their data and their products. Due to the increasing importance and complexity of these infrastructures, there is the need to implement a reliable way to monitor the trustworthiness of the devices that are part of it. It is important to establish trust within the nodes of a single or multiple security domains to enhance the security of an enterprise’s infrastructure.
This thesis aims to develop and evaluate a method to measure and calculate a trust score for each node and security domain of a network infrastructure. This method will be based on a centralized verifier that collects and verifies all the security and performance-based evidence from the nodes that compose the infrastructure. The evidence verification process is based on remote attestation through the use of a hardware root of trust. Moreover, this method allows the exchange of trust scores with other security domains: this enhances inter-domain communication trustworthiness.
The main advantages of this method compared to similar ones found in the literature are the possibility of an inter-domain trust exchange, the use of remote attestation, and its adaptability to work with different kinds of infrastructure. Furthermore, the tests confirmed that the method responds quickly in case of a vulnerable node.
This thesis aims to develop and evaluate a method to measure and calculate a trust score for each node and security domain of a network infrastructure. This method will be based on a centralized verifier that collects and verifies all the security and performance-based evidence from the nodes that compose the infrastructure. The evidence verification process is based on remote attestation through the use of a hardware root of trust. Moreover, this method allows the exchange of trust scores with other security domains: this enhances inter-domain communication trustworthiness.
The main advantages of this method compared to similar ones found in the literature are the possibility of an inter-domain trust exchange, the use of remote attestation, and its adaptability to work with different kinds of infrastructure. Furthermore, the tests confirmed that the method responds quickly in case of a vulnerable node.