A Method for Patching Interleaving-Replay Attacks in Faulty Security Protocols
Showing items related by title, author, creator and subject.
A Unified Software Security Enhancement Proposal Based on a Thorough Software Security Compendium-Edición ÚnicaArmando de Anda Gonz´alez (Instituto Tecnológico y de Estudios Superiores de Monterrey, 2007-11-01)
Towards a Secure Evaluation Environment For eLearningMarcus Martínez, Alejandro E. (Instituto Tecnológico y de Estudios Superiores de Monterrey, 2008-01-05)This dissertation has the main objective of contributing to the definition of a Agent- based Reference Architecture for a Secure Examination environment in Internet-based Distance Learning. The main hypothesis was that it is possible to define this reference architecture with such a level of confidence as that of a Traditional Examination, where that confidence is measured as the capacity of confront potential cheating methods from foreseeable scenarios that allows the characterization of security dimensions to deal with the possible attack methods. In order to validate the security of such an environment, it was needed to enhance the traditional scenario technique for evaluating a software architecture: Current scenarios on the Software Engineering methodologies are more related to comply with software requirements of mature software domains, rather than with the underlying real world actions that generates them. In addition to this, there are no well-specified guides for de- riving security metrics in an architectural level beyond requirements compliance. Thus, this dissertation presents both a set of hierarchized metrics for calculating Security in eAssessment derived from the components responsabilities in such an environment and a evaluation methodology for relating and deriving those metrics. Those metrics are relevant to both technological and non-technological stakeholders, as they address both the domain analyzed and the architectural components responsabilities. As the Secure eAssessment field is not a matured and well-established software domain, the needed artifacts for validating solutions were not found: There were no referential software architectures that could be used for measuring the completeness and adequacy of a solution, neither a reference model to base on, nor even an structured abstraction of the underlying process. So, in this dissertation was needed to develop these artifacts, starting with a three-phase stage Secure eAssessment Process, that was derived onto a Reference Model and a further Reference Architecture based on a Client-Server Archi- tectural Style. From the traditional requirements compliance analysis, a Quick Security Checklist was also developed. The Reference Architecture presented is validated and compared against four current solutions on the field, that shows it addresses the educational cheating domain with un- especific details, as expectable for a non-matured domain, with better overall security that the solutions evaluated. A proof-of-concept prototyping experiment for a Software Monitoring Agent is also presented. The conclusions of this dissertation are that the contributions presented are significant for the development and maturement of the field. Future work relates to the need of generate implementations for software architectures that provide specific algorithmical details and further integration within existing eLearning platforms.