Type of Document Master's Thesis Author Deng, Yipan URN etd-05162011-230143 Title DeviceGuard: External Device-Assisted System And Data Security Degree Master of Science Department Computer Science Advisory Committee
Advisor Name Title Yao, Danfeng Committee Chair Butt, Ali R. A. Committee Member Kafura, Dennis G. Committee Member Keywords
- Host Security
- System Security
- Data Security
Date of Defense 2011-05-02 Availability unrestricted AbstractThis thesis addresses the threat that personal computer faced from malware when the personal computer is connected to the Internet. Traditional host-based security approaches, such as anti-virus scanning protect the host from virus, worms, Trojans and other malwares. One of the issues of the host-based security approaches is that when the operating system is compromised by the malware, the antivirus software also becomes vulnerable.
In this thesis, we present a novel approach through using an external device to enhance the host security by offloading the security solution from the host to the external device. We describe the design of the DeviceGuard framework that separate the security solution from the host and offload it to the external device, a Trusted Device. The architecture of the DeviceGuard consists of two components, the DeviceGuard application on the Trusted Device and a DeviceGuard daemon on the host.
Our prototype based on Android Development Phone (ADP) shows the feasibilities and efficiency of our approach to provide security features including system file and user data integrity monitoring, secure signing and secure decryption. We use Bluetooth as the communication protocol between the host and the Trusted Device. Our experiment results indicates a practical Bluetooth throughput at about 2M Bytes per second is sufficient for short range communication between the host and the Trusted Device; Message digest with SHA-512, digital signing with 1024 bits signature and secure decryption with AES 256 bits on the Trusted device takes only the scale of 〖10〗^1 and 〖10〗^3 ms for 1K bytes and 1M bytes respectively which are also shows the feasibility and efficiency of the DeviceGuard solution.
We also investigated the use of embedded system as the Trusted Device. Our solution takes advantage of the proliferation of devices, such as Smartphone, for stronger system and data security.
Filename Size Approximate Download Time (Hours:Minutes:Seconds)
28.8 Modem 56K Modem ISDN (64 Kb) ISDN (128 Kb) Higher-speed Access Deng_Y_T_2011.pdf 915.88 Kb 00:04:14 00:02:10 00:01:54 00:00:57 00:00:04
If you have questions or technical problems, please Contact DLA.