Nikiforov
Vladimir O.
D.Sc., Prof.
doi: 10.17586/2226-1494-2015-15-6-1115-1121
INTEGRITY MONITORING IMPLEMENTATION FOR THE OPERATING SYSTEM IMAGE LOADED THROUGH A NETWORK TO THE THIN CLIENT
Read the full article
';
For citation: Gatchin Yu.A., Teploukhova O.A. Integrity monitoring implementation for the operating system image loaded through a network to the thin clients. Scientific and Technical Journal of Information Technologies, Mechanics and Optics, 2015, vol. 15, no. 6, pp. 1115–1121.
Abstract
The paper deals with the problem of protection for the process of operating system loading from the server to the diskless workstation through a network and the analysis of the existing ways of integrity monitoring for information transferred under network protocols. Within the scope of research, solution is proposed making it possible to perform integrity monitoring of the operating system loaded image before control is transferred to it. For security protection of loading, key information elements are marked which integrity needs to be guaranteed. The developed solution, as an information security product, should meet the requirements of information security and at the same time be compatible to other hardware and software tools used for protection of the automated systems. The proposed solution implements the algorithm of integrity monitoring for an operating system designed with the use of public key infrastructure. Analysis of hardware configuration for the projected solution from the point of view of its usability and administration ease is provided, and possibilities of intruder’s attacks to the protected information are estimated, as well.
Acknowledgements. The winner of "Participation of Youth Research and Innovation Competition" ("UMNIK") program with diploma "For the Best Report" at the IV All-Russian Congress of Young Scientists (2015).
References
1. Novikov S.V., Zima V.M., Andrushkevich D.V. Approach to building securer distributed networks of data processing based on trusted infrastructure. SPIIRAS Proceedings, 2015, vol. 38, no. 1, pp. 34–51. (In Russian)
2. Shpunt Ya. Using thin clients. Benefits, costs, and pitfalls. Intelligent Enterprise/RE, 2011, no. 5(227), pp. 54–55. (In Russian)
3. Smith R. Managing EFI Boot Loaders for Linux: Dealing with Secure Boot. Available at: http://www.rodsbooks.com/efi-bootloaders/secureboot.html (accessed 26.05.2015).
4. Wilkins R., Richardson B. UEFI Secure Boot in Modern Computer Security Solutions. Available at: http://www.uefi.org/sites/default/files/resources/UEFI_Secure_Boot_in_Modern_Computer_Security_Solutions_2013.pdf (accessed 26.05.2015).
5. Manan V., van der Hoeven A. Windows 8.1 Secure Boot Key Creation and Management Guidance. Available at: https://msdn.microsoft.com/en-gb/en-en/library/dn747883.aspx (accessed 26.05.2015)
6. iPXE – Open Source Boot Firmware. Available at: http://ipxe.org (accessed 26.05.2015).
7. Cherepenin S., Chubin I. Zagruzka Bezdiskovykh Linux-Stantsii s Pomoshch'yu PXE. Available at: http://www.opennet.ru/base/sys/pxe_diskless.txt.html (accessed 26.05.2015).
8. Secure Boot-Compatible UEFI Netboot Over IPv4 and IPv6. Available at: https://wiki.kubuntu.org/UEFI/SecureBoot-PXE-IPv6 (accessed 26.05.2015).
9. Gatchin Yu.A., Teploukhova O.A. Developing of controls of the operating system integrity with network load on the thin clients. Trudy Kongressa po Intellektual'nym Sistemam i Iinformatsionnym Tekhnologiyam IS&IT'14 [Proc. Congress on Intelligent Systems and Information Technology IS&IT'14]. Moscow, 2014, vol. 3, pp. 243–248.
10. Gatchin Yu.A., Teploukhova O.A. Monitoring methods for the operating system integrity image at startup on a remote thin client terminal access systems. Sbornik Tezisov Dokladov II Vserossiiskogo Kongressa Molodykh Uchenykh [Proc. II All-Russian Congress of Young Scientists]. St. Petersburg, 2013, pp. 52–53. (In Russian)
11. Nesteruk F.G. To develop the technology of adaptive security systems based on intelligent agents. Voprosy Zashchity Informatsii, 2009, no. 1, pp. 50–56. (In Russian)
12. Gaidamakin N.A. Zone access control model in distributed computer systems. Nauchno-Tekhnicheskaya Informatsiya. Seriya 2: Informatsionnye Protsessy i Sistemy, 2002, no. 12, pp. 15–22
13. Alferov A.P., Zubov A.Yu., Kuz'min A.S., Cheremushkin A.V. Osnovy Kriptografii [Basics of Cryptography]. Moscow, Gelios ARV, 2005, 480 p.
14. Ivanov M.A. Kriptograficheskie Metody zZashchity Informatsii v Komp'yuternykh Sistemakh i Setyakh [Cryptographic Methods of Information Protection in Computer Systems and Networks]. Moscow, Kudits-Obraz, 2001, 363 p.
15. Panasenko S.P. Obzor Atak na Algoritm Kheshirovaniya MD5: Poisk Kollizii. Chast' 1. Available at: http://daily.sec.ru/2012/11/09/Obzor-atak-na-algoritm-heshirovaniya-MD5-poisk-kolliziy-CHast-1.html (accessed 18.02.2015).
16. Mukha M.D. Integrity and authenticity control system of operating system loaded through the network. Sbornik Materialov XII Mezhdunarodnoi Konferentsii Kompleksnaya Zashchita Informatsii [Proc. XII Int. Conf. Comprehensive Information Protection]. Yaroslavl', 2008, pp. 139–140. (In Russian)
17. Moldovyan N.A., Moldovyan A.A. Vvedenie v Kriptosistemy s Otkrytym Klyuchom [Introduction to Public Key Cryptosystems]. St. Petersburg, BKhV-Peterburg Publ, 2005, 288 p.
18. Cheremushkin A.V. Kriptograficheskie Protokoly. Osnovnye Svoistva i Uyazvimosti [Cryptographic Protocols. The Basic Properties and Vulnerability]. Moscow, Izdatel'skii Tsentr "Akademiya", 2009, 272 p.
19. Teploukhova O.A. Building a model of security threats operating system image loaded over the network to the thin client terminal access systems. Sbornik Tezisov Dokladov III Vserossiiskogo Kongressa Molodykh Uchenykh [Proc. III All-Russian Congress of Young Scientists]. St. Petersburg, 2014, no. 1, pp. 235–237. (In Russian)
