GroupSecure Systems

Secure Systems

Convenience, cost reductions, and ubiquitous connectivity provided by new networks and services come with new problems. Reliable information and communication services require reliable software and hardware. At the same time, new methods for infecting systems with various types of malware are growing in sophistication and require minimal barriers to entry for attackers. We can say that we pay a price for technological innovation by creating new security concerns as new attacks surfaces are introduced. The threats increase as the systems become more distributed and as devices and networks with varying levels of security protections frequently participate in the same processes. Widespread usage of common software and hardware platforms considerably simplifies the spread of malware. Frequent updates and change of software and system states can also be exploited. Hence, there is an urgent need to address these security concerns and we see increased global secure computing research efforts.

SICS addresses many of these security issues through a new research group, the Secure Systems group, primarily working with platform and network security issues.

People

No matches

Software: AssertionServer

The AssertionServer is an open source library providing lightweight identity management functions based on the SAML standard.

Background: Identity management systems are used to manage and provide security relevant attributes about users and resources. Such attributes are used in modern access control systems, like e.g. XACML, both in the description and during the evaluation of access control policies. When such an attribute is used, the access control system has to verify the correctness of attribute values. In a distributed system most attributes are external to the access control system, therefore a secure service is needed that manages and provides these attributes.

Example:

Example use of AssertionServer

Our AssertionServer allows users to create, update, delete, and query attributes. Attributes can be retrieved in the form of SAML assertions. All functions of the assertion server can be protected by pluggable authentication and authorization modules. Example modules for password-based authentication and XACML authorization are provided.

Caveat emptor: This assertion server is provided as is, it is not intended as commercial tool and has not be extensively tested. Documentation is rudimentary (but present).

Technical: AssertionServer is implemented in Java 6. It uses the Log4j library for logging, MySQL and the MySQL JDBC are used in the example database connector. The example XACML authorization module uses SunXACML.

AssertionServer uses our own SAML attribute assertion library that can be used to create, read and verify SAML attribute assertions.

We also provide an Android version of this library. This library requires Apache Santuario for XML digital signatures.

Related links:

Download:

License: The SICS AssertionServer is available under the BSD license. You can check the text of the license here

Feedback: We are happy to receive your comments and contributions, please send them to:

ludwig [at] sics.se

Note: A previous version of the AssertionServer provided by the Security Policy and Trust laboratory existed, note that the present version radically differs from the old one (we think it's much improved).

Copyright 2011 Swedish Institute of Computer Science. All rights reserved. Use is subject to license terms.

Porting Linux to a Hypervisor Based Embedded System

Background

Embedded systems are spreading more and more and can be found nearly everywhere in our modern life, not only but especially in mobile phones. However, security issues are often not the first addressed during development, even though their importance is growing while systems are getting more and more complex and mobile phones offer more and more functionality. Virtualization techniques made it possible to insert extra software layers underneath software that previously ran at the lowest system level, such as OS kernels. As such virtualization can offer a way of securing software systems “from the outside”, that is as a provider of security services such as isolation or monitoring. SICS is working on a virtualization solution, a so called hypervisor, that runs on embedded platforms and can provide more confidentiality in terms of security than classical solutions as its complexity is much less than the one of an operating system. To underline the usability and power of our solution we are searching for a master student who ports a Linux system to an embedded platform which is protected by the hypervisor.

Objective

In his/her thesis the master student will port Linux to a system with an ARM processor and our hypervisor. This system will be simulated on the OVP platform emulator. The work consists of:

  • Finding a suitable Linux derivative
  • An analysis of what is necessary for the porting
  • The porting itself
  • Performance (and security) tests

Hence, the project includes

  • Elements of theoretical studies
  • Software development and testing
  • A written report

Competence

We are looking for a bright MSc student who brings the following requirements:

  • Basic knowledge in C and assembly (advanced knowledge is a plus)
  • Knowledge of operating system architectures, preferably of Linux
  • A good spoken and written English
  • Knowledge on virtualization is a plus

Applications

Applications should include a brief personal letter, your CV with your education, professional experience and specific skills and recent grades. In your application, make sure to give examples of previous programming or other projects that you consider relevant for the position. Candidates are encouraged to send in their application as soon as possible, in paper form or via e-mail. Suitable applicants will be interviewed as applications are received.

About SICS

The Swedish Institute of Computer Science (SICS) is a non-profit research organization focusing on applied computer science. SICS employs approx. 100 researchers, including 45 PhDs plus approx. 20 students working on their Master Thesis.
The Secure Systems Group at SICS is performing applied security research in close co-operation with our industry partners such as Ericsson, SonyEricsson, Saab Systems and TeliaSonera.

Work environment

We offer you a challenging task in an upcoming area, a good working environment and a supervision which makes sure that both the project and your academic thesis will be successful.

Regularly presence throughout the week is required.
The extent of this project is suitable for two MSc students to carry out in collaboration.

Contact

Oliver Schwarz

oliver [at] sics.se

SICS, Box 1263, SE-164 29 Kista, Sweden

+46 72 2207954

Master Thesis proposals (Exjobb)

The Secure Systems Group offers master theses (exjobb) to interested students. We currently do not pay thesis work (except for some theses where an industrial partners pays) but we do reward very good theses.

Open Projects

The currently open Master Thesis projects are listed in the menu to the left. Click on them for more information about the individual projects. Contact info is posted for each project with the project description.

If you write an application, please provide us with a

  • CV with your education, professional experience, and specific skills
  • your courses and grades
  • an article, paper, thesis or other relevant documents you have written in your education in order to judge your ability to express yourself in English.

You are also welcome with your own project ideas, such as attempts to improve on shortcomings in systems that you have studied in your courses or in your work by applying new results from research.

Skills

Projects in the Secure Systems Group are typically most suited for students at datavetenskapliga programmet (DVP) and D-teknologer, but can also suit students at matematiska programmet med datainriktning, E/F-teknologer or students at international master programs.

The Master Thesis is executed within one of the research projects that the group is participating in together with Swedish and European industry. The Secure Systems Group also has close collaboration with several Swedish universities. The connection to both industry and academia gives the projects a strong industrial relevance while maintaining a high academic standard.

Doing your Master Thesis at SICS will give you insight into the latest developments in Computer Science and Systems, and is an excellent entry point for doctoral research.