Excerpts from "The Design and Verification of a Cryptographic Security Architecture" available
Peter Gutmann
pgut001 at cs.auckland.ac.nz
Tue Nov 28 14:13:14 PST 2000
In August I finally submitted my PhD thesis, coming close to wrapping up my
long career as a tenured graduate student. Although the work hasn't been
accepted yet, there has been some interest expressed in portions of it so I've
put a few chapters online. Note that these chapters represent a draft only and
are not the completed work.
The main part of the thesis, Chapters 1-5, is available from
http://www.cs.auckland.ac.nz/~pgut001/pubs/thesis.html. These chapters look at
an alternative way of building what people have been trying to do with Orange
Book B3/A1-type systems, but in a way which is feasible and practical for an
open source system where you don't have tens of millions of dollars and 5-10
years available to produce a product.
The chapters are (from the web page, where they're links to the docs):
The software architecture, wherein the cryptlib software architecture is
presented
The security architecture, wherein the cryptlib security architecture is
presented
The kernel implementation, wherein the implementation details of the cryptlib
security kernel are examined
Verification techniques, wherein existing methods for building secure systems
are examined and found wanting
Verification of the cryptlib kernel, wherein a new method for building a
secure system is presented.
Peter.
More information about the cypherpunks-legacy
mailing list