System Design for Import and Export of Classified Information Over Less Secure Systems
| Autor: | Eneroth, Daniel, Åberg Lindell, Pontus |
|---|---|
| Jazyk: | angličtina |
| Rok vydání: | 2023 |
| Předmět: |
Computer science
computer communication information security cyber security system design Datavetenskap datakommunikation informationssäkerhet cybersäkerhet systemdesign Natural Sciences Naturvetenskap Computer Engineering Datorteknik Computer Sciences Datavetenskap (datalogi) Information Systems Systemvetenskap informationssystem och informatik |
| Druh dokumentu: | Text |
| Popis: | This thesis aims to define a secure system design for reducing the security classification of a document. A reduced security classification makes it possible for the document to traverse an intermediate system with lower security measures before reaching a system with sufficient security measures to manage the original document. A pressing requirement for companies and governments to secure their digital assets arises with the digitization of societal functions and the continuously escalating tensions in world politics. Digital security as a software implementation is no longer sufficient due to the ongoing race between digital offense and defense. It has become imperative for security to be an integral consideration at every stage of system design, such that it is implemented in a manner that prevents software from being transformed into a liability. In Sweden, actors in both the private and public sectors that are deemed of national importance are required to comply with several laws and regulations if they possess an IT system. A key principle in most of these regulations is the requirement for military-approved signal protection if an actor intends to transmit classified information through an intermediary system that does not conform with the system´s implemented security measures. Our design proposes using an information manager and a secret sharing scheme, the contents of the original document are encrypted in such a way that no decryption key is required while still achieving information-theoretic security. We can ensure integrity and confidentiality by using a dual-diode configuration for import- and export systems. This implies that as long as an antagonist does not have the resources to eavesdrop on all communication, the integrity and confidentiality of the sending and the receiving systems, as well as the transported document, can be ensured. |
| Databáze: | Networked Digital Library of Theses & Dissertations |
| Externí odkaz: |
|