Skip to content

oProjects

This page is in progress due to awaiting feedbacks from community. These projects are open to community and anyone can participate.

µTSS

(Free and open source trusted software stack for mobile platforms.)

Overview

During my contracts with SERG we were working on remote attestation and using IBM TrouSerS as the trusted software stack. It was more then what we needed and we needed something lighter and faster. This project aims to complete that work, which was out of the scope in DBAMP. µTSS aims at providing operations like PCR_Extend, PCR_Read, the Quote operation and some key management routines in the first phase, while sealing and binding will be followed as a phase 2 of this project. This will be a C language implementation with wrappers/bindings for Python and probably Java if someone would like to help here.

It is to be noted that compliance to the specification is a secondary objective and the foremost objectives are practical effectiveness and efficiency.

Progress

PCR_Read and PCR_Extend implemented. Code will be made available as soon as the implementation is tested and completed for multiple applications’ usability. Students from academia are highly encourage to take up some work on this project for their final year projects. Please contact me on shazalive -at- gmail.com or shahbaz.khan – at – imciences.edu.pk for further details and availability of code.

Please note that all this will be licensed as GPL. No patents allowed.

Low and High Level Measurement and Verification agents

(The kernel and initrd verified by uBoot and then the kernel with the help of initrd measures and verifies early boot components like µTPM Emulator)

Overview

This concept has been proved and presented by multiple researchers and practitioners but I was unable to find FOSS versions so this needs to be made available. Bootloader of the mobile device implements the sister agents and so does the kernel and initrd together for the early boot components like µtpm emulator. Once µtpm emulator is loaded and started then the rest is taken care off by sister user-space agents.

Progress

The designs and the strategies are clearly available. Coding, the real part, needs to be accomplished. Students from academia are highly encourage to take up some work on this project for their final year projects. Please contact me on shazalive -at- gmail.com or shahbaz.khan – at – imciences.edu.pk for further details and availability of code if you want to contribute. Please note that all this will be licensed as GPL. No patents allowed.

µTPM Emulator

(A trimmed down version of TPM emulator statically linked with required libraries so that it can be measured and verified by kernel and initrd together)

Overview

During my contracts with SERG we were working on remote attestation and using TPM emulator as the trusted platform module. It was extremely difficult to build a chain of trust as TPM Emulator would start much later during the boot time. In the context of hardware security modules for mobile platforms I realized, with the help of Mimi Zohar of IBM Watson Lab and my supervisors (Dr. Masoom Alam and Dr. Tamleek Ali), that some of the tpm functionality was not required and if statically linked built with required libraries than it would be easier and efficient to build a chain of trust for the mobile platforms with no real TPM, i.e. only support a small ROM/Flash memory based cryptographic key. This project aims to provide this feature, which was out of scope in DBAMP.

It is to be noted that compliance to the specification is a secondary objective and the foremost objective are practical effectiveness and efficiency.

Progress

The design is in progress and it will take some time due to lack of contributers. Students from academia are highly encourage to take up some work on this project for their final year projects. Please contact me on shazalive -at- gmail.com or shahbaz.khan – at – imciences.edu.pk for further details and availability of code.

Please note that all this will be licensed as GPL. No patents allowed.

DDbus

(In extension to the desktop bus for runtime revocation of permissions)

Overview

Existing Dbus implementation requires to restart the dbus busses to revoke or reset permissions. This project will provide runtime facilitation of the lacking feature.

Progress

The design phase is complete but we need contributers to pace up the implementation. Students from academia are highly encourage to take up some work on this project for their final year projects. Please contact me on shazalive -at- gmail.com or shahbaz.khan – at – imciences.edu.pk for further details and availability of code.

Please note that all this will be licensed as GPL. No patents allowed.

Security Manager

(A negotiating and managing agent with root privileges)

Overview

In this project we make sure that there is only one root user who works on behalf of all the stakeholders to manage rights on the platform. This service also provides privacy protection of data and security attributes. The above projects will support this project and end our efforts for the required security framework for mobile platforms in a multi-stakeholder environment.

Progress

The design is in progress and almost complete. Students from academia are highly encourage to take up some work on this project for their final year projects. Please contact me on shazalive -at- gmail.com or shahbaz.khan – at – imciences.edu.pk  or shahbaz.khan – at – zoho.com for further details and availability of design.

Please note that all this will be licensed as GPL. No patents allowed.

Others

For undergraduates I have some other pieces of work that will be sufficient for their final year projects as well. The above are tougher for undergraduates but might be possible in groups. Such as mandatory access policies for different implementations of mandatory access control mechanism like SELinux, SMACK, Tomoyo and RSBAC.

Advertisements
One Comment leave one →
  1. March 9, 2013 6:13 AM

    nice

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: