Security policy management, threat alleviation and trusted platforms for embedded computing systems

Security guarantees are a measure of trust that can be placed on computing services in the safeguarding of digital assets. These security goals and guarantees coupled with known and modeled threats to the digital assets shape the security policies for the computing service. In this PhD thesis we establish a causal relationship of security policies with threats, provide an industry standard management framework, Six Sigma, for decision making, changes to the constructs of the Trusted Platform Module to create a controllable security framework and finally show how the security framework can be used in a commercial service.;The process of updating and refactoring security policy changes becomes a time consuming and tedious task, especially when threats evolve and computing service constructs change when security policy implementations are implicitly implemented. With the basis of correlation of policies over threats an explicit security policy implementation is proposed such that its adaptability, testability and risk quantification can be achieved without altering the computing service when threats evolve.;We experiment policies threat correlation on a hardware system entrusted with security operations referred to as Trusted Platform Module (IPM). An adaptive TPM architecture is proposed to counter evolving threats by integrating a FPGA block to alter and patch firmware and change ciphering systems. We present how security guarantees in an IT infrastructure can be met with a TPM and thereby should be an integral part of computing services along with other security constructs like firewalls, intrusion detection systems, anti-virus etc.;Adaptive security policy requires a management process wherein the risk management, cost effectiveness principles can be identified such that decisions can be made on the trust criteria of digital assets in an industrial management framework. The security policy creation and management process presented in this thesis is based on Six Sigma model and presents a method to adapt security goals and risk management of a computing service.;As an effective implementation of the security policy the case of application commerce workflow for developers is presented. Secure application distribution and execution guarantees lie in the transfer of trust between various processes in a computing service, also known as Chain of Trust in an embedded system. This study presents application development workflows facilitating secure commerce of digital assets thereby improving consumer trust.