Datenschutz und Datensicherheit - DuD

, Volume 36, Issue 9, pp 657–661 | Cite as

Plattformsicherheit — wie aktuell sind jahrzehntealte Konzepte heute?

  • Kai Martius
  • Alexander Senier
Schwerpunkt
  • 96 Downloads

Zusammenfassung

Viele Aspekte sicherer Plattformen sind bereits lange bekannt — seien es leistungsfähige Berechtigungsmodelle, Probleme von verdeckten Kanälen und deren Minimierung, sichere Programmiersprachen und formale Methoden in Entwurf und Implementierung von Systemen. Wenig ist davon in der Masse der ITSysteme zu finden. Warum ist das so und welche Ansätze sind heute möglich und notwendig, um wirklich vertrauenswürdige Systeme zu erhalten?

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

Literatur

  1. [AFTO04]
    J. Alves-Foss, C. Taylor, and P. Oman. A multi-layered approach to security in high assurance systems. In System Sciences, 2004. Proceedings of the 37th Annual Hawaii International Conference on, pages 10-pp. IEEE, 2004.Google Scholar
  2. [And72]
    J.P. Anderson. Computer Security Technology Planning Study Vol I. Prepared for Electronic Systems Division, October, pages 758–206, 1972.Google Scholar
  3. [ARI11]
    ARINC Incorporated. 653P1-3: Avionics Application Software Standard Interface, Part 1, Required Services, November 2011.Google Scholar
  4. [BDRS08]
    C. Boettcher, R. DeLong, J. Rushby, and W. Sifre. The MILS component integration approach to secure information sharing. In Digital Avionics Systems Conference, 2008. DASC 2008. IEEE/AIAA 27th, pages 1-C. IEEE, 2008.Google Scholar
  5. [CEM09]
    Common Methodology for Information Technology Security Evaluation — Evaluation methodology, July 2009.Google Scholar
  6. [FH05]
    N. Feske and C. Helmuth. A Nitpicker’s guide to a minimal-complexity secure GUI. 2005.Google Scholar
  7. [HPHS04]
    Michael Hohmuth, Michael Peter, Hermann Härtig, and Jonathan S. Shapiro. Reducing TCB size by using untrusted components — small kernels versus virtual-machine monitors. In IN PROC. OF THE 11TH ACM SIGOPS EUROPEAN WORKSHOP, page 22. ACM Press, 2004.Google Scholar
  8. [HWS03]
    C. Helmuth, A. Westfeld, and M. Sobirey. μSINA — Eine mikrokernbasierte Systemarchitektur fur sichere Systemkomponenten. In Deutscher IT-Sicherheitskongress des BSI, Volume 8, IT-Sicherheit im verteilten Chaos, page 439–453. Secumedia-Verlag Ingelsheim, 2003.Google Scholar
  9. [ISO11]
    ISO. Information Technology — Programming Languages — Guidance to Avoiding Vulnerabilities in Programming Languages through Language Selection and Use. Technical report ISO/IEC TR 24772, Baseline Edition-2, WG 23/N 0352 (DRAFT), International Organization for Standardization, Geneva, Switzerland, 2011.Google Scholar
  10. [Lie95]
    J. Liedtke. On micro-kernel construction. ACM SIGOPS Operating Systems Review, 29(5):237–250, 1995.CrossRefGoogle Scholar
  11. [OST06]
    D. Osvik, A. Shamir, and E. Tromer. Cache attacks and countermeasures: The case of AES. Topics in Cryptology-CT-RSA 2006, pages 1–20, 2006.Google Scholar
  12. [Per05]
    C. Percival. Cache missing for fun and profit. BSDCan 2005, 2005.Google Scholar
  13. [Rus81]
    John Rushby. The Design and Verification of Secure Systems. In Eighth ACM Symposium on Operating System Principles (SOSP), pages 12–21, Asilomar, CA, December 1981. (ACM Operating Systems Review, Vol. 15, No. 5).Google Scholar
  14. [ZJOR11]
    Y. Zhang, A. Juels, A. Oprea, and M.K. Reiter. HomeAlone: Co-Residency Detection in the Cloud via Side-Channel Analysis. In Proceedings of the 2011 IEEE Symposium on Security and Privacy (Oakland), pages 313–328, May 2011.Google Scholar

Copyright information

© Springer Fachmedien Wiesbaden 2012

Authors and Affiliations

  • Kai Martius
  • Alexander Senier

There are no affiliations available

Personalised recommendations