Trustworthy adaptive quality balancing through temporal decoupling

01.02.2008 - 31.01.2011
Forschungsförderungsprojekt
The auctioning of bonds is one of the finance systems in a country with the highest volume in a single transaction. One of the problems with current solutions is that clients of the auctioning system typically deliver a vast number of bids in the very last seconds of an auction phase. Outages due to excessive load, security attacks, node, or link failures may result in significant financial losses for the auctioneer, not even to mention the immeasurable damage of customer confidence. The solution approach of TRADE is based on the general concept of temporal decoupling: By relaxing the requirements for timeliness, the system properties integrity and availability can be adaptively balanced or traded against each other, thereby increasing the reliability of the system. In order to actually achieve the temporal decoupling, the client has to be provided with a facility for secure, accurate, and tamper-proof timestamps. For this purpose, smart cards with clocks will be used as secure client within the untrusted client platform and deploy a secure clock synchronization protocol. The major research contributions of TRADE are well focused around three significant innovations: First, to provide a secure client within a given timeframe by focusing on the optimal software partitioning between smart card and untrusted operating system. Second, to provide for secure time synchronization between a server and a smart card by focusing on malicious middleman attacks with unknown and arbitrary message delays, new randomized approaches to delude the (deterministic) adversary, and with a novel concept of encapsulation of secure timestamp authorities in smart cards. Third, to provide for adaptive run-time balancing of performance, availability, and integrity, in order to foster the true potential of the integration of dependability and security concepts. Two relevant risks may endanger parts of the project¿s outcome: The unfeasibility of the secure client approach and unacceptable solution complexity. Effective mitigation plans may result in additional effort and/or a delay in product/service development. However, the huge market potential will provide a sound basis for amortization of this additional effort in the mid term.

Personen

Projektleiter_in

Projektmitarbeiter_innen

Institut

Contract/collaboration

  • IRIAN Solutions Softwareentwicklungs- & Beratungsgesellschaft mbH

Grant funds

  • FFG - Österr. Forschungsförderungs- gesellschaft mbH (National) Austrian Research Promotion Agency (FFG)

Forschungsschwerpunkte

  • Distributed and Parallel Systems: 100%

Schlagwörter

DeutschEnglisch
Sicherer ClientSecure client
Sicherer ZeitstempelSecure timestamps
Adaptive Balance zwischen Zuverlässigkeit und SicherheitAdaptive balancing of dependability and security
Smart CardSmart card

Externe Partner_innen

  • IRIAN Solutions Softwareentwicklungs- & Beratungsgesellschaft mbH

Publikationen