University of Canterbury Home
    • Admin
    UC Research Repository
    UC Library
    JavaScript is disabled for your browser. Some features of this site may not work without it.
    View Item 
    1. UC Home
    2. Library
    3. UC Research Repository
    4. Faculty of Engineering | Te Kaupeka Pūhanga
    5. Engineering: Theses and Dissertations
    6. View Item
    1. UC Home
    2.  > 
    3. Library
    4.  > 
    5. UC Research Repository
    6.  > 
    7. Faculty of Engineering | Te Kaupeka Pūhanga
    8.  > 
    9. Engineering: Theses and Dissertations
    10.  > 
    11. View Item

    Trustworthy Clients: Extending TNC for Integrity Checks in Web-Based Environments (2008)

    Thumbnail
    View/Open
    Thesis_fulltext.pdf (4.020Mb)
    Code and online resources.zip (35.99Mb)
    Type of Content
    Theses / Dissertations
    UC Permalink
    http://hdl.handle.net/10092/2369
    http://dx.doi.org/10.26021/3330
    
    Thesis Discipline
    Computer Science
    Degree Name
    Master of Science
    Publisher
    University of Canterbury. Computer Science and Software Engineering
    Collections
    • Engineering: Theses and Dissertations [2907]
    Authors
    Rehbock, Sasha
    show all
    Abstract

    Web-based services are vulnerable to a number of attacks. While providers of these services employ countermeasures (such as firewalls, encryption, and authentication systems) to reduce security risks, some of these security measures can be rendered useless if the PC of a user that accesses such a web-based service is not properly secured. Malicious software that is installed on a user’s PC, for example, can potentially circumvent existing protection measures by recording login credentials and impersonating the victim. To counter threats that are arising through client PCs, many providers of security sensitive web-based services have introduced usage policies for their services. These policies require users to ensure that their PCs are in a proper security state (e.g. the PC is equipped with an up-to-date anti-virus application, a personal firewall, and all security updates have been installed). However, service providers have no possible means of enforcing these policies and they have to rely on users to check the security state of their PCs manually. This thesis presents a mechanism that allows a service provider to remotely measure the security state of a user’s PC. This mechanism is based on Trusted Network Connect (TNC). TNC is a network access control mechanism that takes the security state of an access requesting party into account before making an access decision. However, TNC is currently limited to closed environments such as LANs and VPNs. This thesis proposes solutions based on authentication standards for enabling TNC in open, web-based scenarios. In particular, an architectural model for TNC is proposed that takes additional security and privacy requirements into account. Furthermore, a communication scheme is proposed that is based on standardised protocols and message formats. These protocols and message formats have been leveraged to allow web-based TNC checks to be triggered through aWeb browser and TNC messages to be exchanged. These building blocks have been combined into a prototype implementation which has been evaluated using a test bed approach. This prototype successfully demonstrated that TNC can be adapted to web-based environments where it provides assurance as to the security state of clients accessing security sensitive web-based services.

    Rights
    Copyright Sasha Rehbock
    https://canterbury.libguides.com/rights/theses

    Related items

    Showing items related by title, author, creator and subject.

    • Towards disaster resilience: A scenario-based approach to co-producing and integrating hazard and risk knowledge 

      Davies, T.R.; Beaven, S.; Conradson, D.; Densmore, A.; Gaillard, J.C.; Johnston, D.; Milledge, D.; Oven, K.; Petley, D.; Rigg, J.; Robinson, T.; Rosser, N.; Wilson, T.M. (University of Canterbury. GeographyUniversity of Canterbury. Geological Sciences, 2015)
      Quantitative risk assessment and risk management processes are critically examined in the context of their applicability to the statistically infrequent and sometimes unforeseen events that trigger major disasters. While ...
    • Reservoir computing approaches to EEG-based detection of microsleeps. 

      Ayyagari, Sudhanshu (University of Canterbury, 2017)
      Long-haul truck drivers, train drivers, and commercial airline pilots routinely experience monotonous and extended driving periods in a sedentary position, which has been associated with drowsiness, microsleeps, and serious ...
    • A Framework for Web-based E-Learning of Discrete Event Simulation Concepts 

      Page, B.; Kreutzer, W. (University of Canterbury. Computer Science and Software Engineering., 2006)
      This paper describes selected e-learning materials developed as part of a cooperative simulationsupported learning initiative for university courses on discrete event simulation. These materials include Java applets for ...
    Advanced Search

    Browse

    All of the RepositoryCommunities & CollectionsBy Issue DateAuthorsTitlesSubjectsThesis DisciplineThis CollectionBy Issue DateAuthorsTitlesSubjectsThesis Discipline

    Statistics

    View Usage Statistics
    • SUBMISSIONS
    • Research Outputs
    • UC Theses
    • CONTACTS
    • Send Feedback
    • +64 3 369 3853
    • ucresearchrepository@canterbury.ac.nz
    • ABOUT
    • UC Research Repository Guide
    • Copyright and Disclaimer
    • SUBMISSIONS
    • Research Outputs
    • UC Theses
    • CONTACTS
    • Send Feedback
    • +64 3 369 3853
    • ucresearchrepository@canterbury.ac.nz
    • ABOUT
    • UC Research Repository Guide
    • Copyright and Disclaimer