Contributions to Preventive Measures in Cyber Security

Abstract: Organizations and individuals maintain and use an ever increasing amount of computer systems, either deployed locally, or in the cloud.These systems often store and handle vast amounts of data, some of which is sensitive and should be kept private.Regardless of where the data is located, there is a need to prevent data from falling into the wrong hands.To this end, this dissertation presents contributions to preventive measures in cyber security.Trusted computing can be used to attest the integrity of code running on a remote computer, and to store data securely using secure storage, for example in a cloud setting.This dissertation presents contributions regarding the use of the Trusted Platform Module (TPM) in high-availability systems, both for TPM 1.2 and TPM 2.0.It also discusses migration of keys from TPM 1.2 to the backwards-incompatible TPM 2.0, while maintaining the same behaviour with regard to authorization mechanisms.Contributions also include the use of trusted computing to attest the integrity of network elements before they are enrolled into a Software Defined Network, as well as protecting important assets of such network elements by using isolated execution environments.In the field of cryptography, the dissertation contains contributions regarding the Maximum Degree Monomial (MDM) test, which is related to the construction of distinguishers and nonrandomness detectors.A new generalized algorithm to find subsets for the MDM test is presented, together with evaluations of the algorithm on several different stream ciphers.The dissertation also contains contributions in the field of vulnerability assessment using recommender systems.First, a recommender system for user-specific vulnerability scoring is presented, which scores vulnerabilities based on implicit and explicit user preferences, together with domain-based information unique to the field of vulnerability assessment.Finally, the dissertation also contains contributions regarding privacy of such recommender systems, by protecting the privacy of user preferences even from the provider of the recommender service.