Techniques for validation and controlled execution of processes, codes and data: A survey

Various security mechanisms are available to validate, authenticate and permit codes, data and scripts for executing in a computing device. Accordingly, different techniques and tools have been developed to preserve integrity and confidentiality at the process, protocol, system and communication levels. For example, Trusted Platform Module, Intel Trusted Execution Technology and Windows Vista Kernel Mode security ensure system level integrity and security, whereas, Digital Signature, Code Signing, Watermarking, Integrity Checker and Magic Cookies address integrity of data and executables in transit. A brief survey of these techniques is described here with how these techniques help to secure computing environment.

[1]  A WaldspurgerCarl Memory resource management in VMware ESX server , 2002 .

[2]  Michael K. Reiter,et al.  How low can you go?: recommendations for hardware-supported minimal TCB code execution , 2008, ASPLOS.

[3]  Robert A. Martin Transformational Vulnerability Management Through Standards , 2005 .

[4]  Edward J. Delp,et al.  Perceptual watermarks for digital images and video , 1999, Electronic Imaging.

[5]  Bryan Parno,et al.  Bootstrapping Trust in a "Trusted" Platform , 2008, HotSec.

[6]  Joachim Gebauer Code Signing , 2012, Datenschutz und Datensicherheit - DuD.

[7]  Michael C. Loui,et al.  Taking the byte out of cookies: privacy, consent, and the Web , 1998, ACM POLICY '98.

[8]  Matthew Conover Analysis of the Windows Vista Security Model , 2006 .

[9]  Ingemar J. Cox,et al.  Digital Watermarking and Steganography , 2014 .

[10]  Anna Lysyanskaya,et al.  Signature schemes and applications to cryptographic protocol design , 2002 .

[11]  Li Gong,et al.  Inside Java 2 Platform Security: Architecture, API Design, and Implementation , 1999 .

[12]  Robert D Austin,et al.  The myth of secure computing. , 2003, Harvard business review.

[13]  Li Gong,et al.  Signing, Sealing, and Guarding Java Objects , 1998, Mobile Agents and Security.

[14]  Andrew Warfield,et al.  Xen and the art of virtualization , 2003, SOSP '03.

[15]  Tal Garfinkel,et al.  Traps and Pitfalls: Practical Problems in System Call Interposition Based Security Tools , 2003, NDSS.

[16]  John Rushby A Trusted Computing Base for Embedded Systems , 1984 .

[17]  Zhenkai Liang,et al.  Isolated program execution: an application transparent approach for executing untrusted programs , 2003, 19th Annual Computer Security Applications Conference, 2003. Proceedings..

[18]  Andrew W. Appel,et al.  Formal aspects of mobile code security , 1999 .

[19]  Sun Fire V20z Sun Microsystems , 1996 .

[20]  Siani Pearson,et al.  Trusted Computing Platforms: TCPA Technology in Context , 2002 .

[21]  Crispin Cowan,et al.  Linux security modules: general security support for the linux kernel , 2002, Foundations of Intrusion Tolerant Systems, 2003 [Organically Assured and Survivable Information Systems].

[22]  Ian Goldberg,et al.  A secure environment for untrusted helper applications confining the Wily Hacker , 1996 .

[23]  Carl A. Waldspurger,et al.  Memory resource management in VMware ESX server , 2002, OSDI '02.