DC Field | Value | Language |
---|---|---|
dc.contributor.advisor | Kang, Brent Byunghoon | - |
dc.contributor.advisor | 강병훈 | - |
dc.contributor.author | Lee, Seungyeop | - |
dc.date.accessioned | 2021-05-12T19:34:42Z | - |
dc.date.available | 2021-05-12T19:34:42Z | - |
dc.date.issued | 2020 | - |
dc.identifier.uri | http://library.kaist.ac.kr/search/detail/view.do?bibCtrlNo=910001&flag=dissertation | en_US |
dc.identifier.uri | http://hdl.handle.net/10203/283897 | - |
dc.description | 학위논문(석사) - 한국과학기술원 : 정보보호대학원, 2020.2,[iv, 30 p. :] | - |
dc.description.abstract | Most of today’s computing systems are connected to the network and they constantly communicate with each other using standardized protocols. The protocols’ detailed specifications are open to the public, and many applications based on those protocols are open-sourced, like the OpenSSL project. Unfortunately, there have been continuous attempts to find and exploit vulnerabilities in such applications and Heartbleed is a striking example. Heartbleed shows open protocol standards and their applications are under the risk of a zero-day vulnerability, and that addresses the necessity of defense mechanisms. We propose to use protocol dialect to address the problem. Protocol dialect is a revised version of the existing protocol to encode additional information in the protocol using pre-established secrets. The goal of protocol dialect is to reject communication attempts made by unauthorized users who do not speak our dialect. The protocol dialect should be located at the earliest stage possible of a connection to reduce the risk surface. We define two techniques to convert a protocol into dialect: nonce encoding and order shuffle. Also, we propose two network protocol dialect prototypes. Then we present DialectFilter, a system that uses the proposed protocol dialects to filter out unauthorized packets. We protected the pre-established secrets used in protocol dialects with Intel Software Guard Extensions (SGX). We show that DialectFilter provides security measures against possible zero-day vulnerability. | - |
dc.language | eng | - |
dc.publisher | 한국과학기술원 | - |
dc.subject | Computer System▼aNetwork Security▼aProtocol Dialect▼aVector Packet Processor▼aSoftware Guard Extensions | - |
dc.subject | 컴퓨터 시스템▼a네트워크 보안▼a프로토콜 방언▼a벡터 패킷 프로세서▼a소프트웨어 가드 익스텐션 | - |
dc.title | Early filter catches the worm | - |
dc.title.alternative | 네트워크 시스템 보안을 위한 SGX 활용 프로토콜 방언 기법 | - |
dc.type | Thesis(Master) | - |
dc.identifier.CNRN | 325007 | - |
dc.description.department | 한국과학기술원 :정보보호대학원, | - |
dc.contributor.alternativeauthor | 이승엽 | - |
dc.title.subtitle | using protocol dialect for early stage filtering in SGX | - |
Items in DSpace are protected by copyright, with all rights reserved, unless otherwise indicated.