Please use this identifier to cite or link to this item: https://www.um.edu.mt/library/oar/handle/123456789/99377
Title: RV-TEE-based trustworthy secure shell deployment : an empirical evaluation
Authors: Curmi, Axel
Colombo, Christian
Vella, Mark Joseph
Keywords: Computer programs -- Verification
Cryptography
Computer software -- Security measures
Malware (Computer software)
Computer engineering
Issue Date: 2022
Publisher: Chair of Software Engineering
Citation: Curmi, A., Colombo, C., & Vella, M. (2022). RV-TEE-based trustworthy secure shell deployment : an empirical evaluation. Journal of Object Technology, 21(2), 1-15.
Abstract: Incorrect cryptographic protocol implementation and malware attacks targeting its runtime may lead to insecure execution even if the protocol design has been proven safe. This research focuses on adapting a runtime-verification-centric trusted execution environment (RV-TEE) solution to a cryptographic protocol deployment — particularly that of the Secure Shell Protocol (SSH). We aim to show that through a concrete realization of RV-TEE, which is neither tied to specific CPU mode nor requires the consequential operating system support, SSH execution can be rendered trustworthy. We provide: (i) An RV-TEE setup for a popular SSH implementation based on a widely-adopted RV tool, and a USB-connected hardware security module (ii) An overview of the property extraction process through a methodical analysis of the SSH protocol specifications (iii) Security vulnerabilities identified as a result of RV-TEE adoption (iv) An overhead analysis delineating what SSH applications can benefit from our proposed setup in a practical manner.
URI: https://www.um.edu.mt/library/oar/handle/123456789/99377
Appears in Collections:Scholarly Works - FacICTCS

Files in This Item:
File Description SizeFormat 
RV-TEE-Based_trustworthy_secure_shell_deployment__An_empirical_evaluation(2022).pdf486.07 kBAdobe PDFView/Open


Items in OAR@UM are protected by copyright, with all rights reserved, unless otherwise indicated.