DOCSLIB.ORG

Security Hardened Remote Terminal Units for SCADA Networks

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text

Load more

University of Louisville ThinkIR: The University of Louisville's Institutional Repository Electronic Theses and Dissertations 5-2008 Security hardened remote terminal units for SCADA networks. Jeff Hieb University of Louisville Follow this and additional works at: https://ir.library.louisville.edu/etd Recommended Citation Hieb, Jeff, "Security hardened remote terminal units for SCADA networks." (2008). Electronic Theses and Dissertations. Paper 615. https://doi.org/10.18297/etd/615 This Master's Thesis is brought to you for free and open access by ThinkIR: The University of Louisville's Institutional Repository. It has been accepted for inclusion in Electronic Theses and Dissertations by an authorized administrator of ThinkIR: The University of Louisville's Institutional Repository. This title appears here courtesy of the author, who has retained all other copyrights. For more information, please contact [email protected]. SECURITY HARDENED REMOTE TERMINAL UNITS FOR SCADA NETWORKS By Jeffrey Lloyd Hieb B.S., Furman University, 1992 B.A., Furman University, 1992 M.S., University of Louisville, 2004 A Dissertation Submitted to the Faculty of the Graduate School of the University of Louisville in Partial Fulfillment of the Requirements for the Degree of Doctor of Philosophy Department of Computer Science and Computer Engineering J. B. Speed School of Engineering University of Louisville Louisville, Kentucky May 2008 SECURITY HARDENED REMOTE TERMINAL UNITS FOR SCADA NETWORKS By Jeffrey Lloyd Hieb B.S., Furman University, 1992 B.A., Furman University, 1992 M.S., University of Louisville, 2004 A Dissertation Approved on February 26, 2008 By the following Dissertation Committee members Dr. James H. Graham, Dissertation Director Dr. Adel Elmaghraby Dr. Patricia A. S. Ralston Dr. Dar-jen Chang Dr. Rammohan K. Ragade ii DEDICATION To my wife Jennifer for all of her support, encouragement and patience. 111 ACKNOWLEDGEMENTS I would like to express my deep appreciation to Dr. James Graham, my dissertation director. Collaborating and working with him has been both pleasurable and educational. His technical guidance, perspective and encouragement were essential to the completion of this dissertation. I wish to thank the members of my committee, Dr. Patricia Ralston, Dr. Adel Elmaghraby, Dr. Dar-jen Chang, and Dr. Rammohan K. Ragade for their time, expertise, and support. A special thanks to Dr. Adel Elmaghraby for mentoring me in the future faculty program. I learned a lot from our conversations. I also owe special thanks to my friends and colleagues Sandy Patel, Rob Kelley, Doug Wampler, and Nathan Johnson for distracting me when I need distracting and assuring me when I need assuring. Many thanks to Dr. Walden Laukhuf, Mr. Steve Williamson, and the Chemical Engineering Department. Generous use of their facilities, particularly the Process Control Laboratory and the Unit Operations Laboratory, as well as their time and expertise were greatly appreciated. Thanks also to Ron Lile and his staff for providing technical support. IV ABSTRACT SECURITY HARDENED REMOTE TERMINAL UNITS FOR SCADA NETWORKS Jeffrey L. Hieb February 26, 2008 Remote terminal units (RTUs) are perimeter supervisory control and data acquisition (SCADA) devices that measure and control actual physical devices. Cyber security was largely ignored in SCADA for many years, and the cyber security issues that now face SCADA and DCS, specifically RTU security, are investigated in this research. This dissertation presents a new role based access control model designed specifically for RTUs and process control. The model is developed around the process control specific data element called a point, and point operations. The model includes: assignment constraints that limit the RTU operations that a specific role can be assigned and activation constraints that allow a security administrator to specify conditions when specific RTU roles or RTU permissions cannot be used. RTU enforcement of the new access control model depends on, and is supported by, the protection provided by an RTU's operating system. This dissertation investigates two approaches for using minimal kernels to reduce potential vulnerabilities in RTU protection enforcement and create a security hardened R TU capable of supporting the new RTU access control model. The first approach is to reduce a commercial OS kernel v to only those components needed by the RTU, removing any known or unknown vulnerabilities contained in the eliminated code and significantly reducing the size of the kernel. The second approach proposes using a microkernel that supports partitioning as the basis for an RTU specific operating system which isolates network related RTU software, the R TU attack surface, from critical R TU operational software such as control algorithms and analog and digital input and output. In experimental analysis of a prototype hardened RTU connected to real SCADA hardware, a reduction of over 50% was obtained in reducing a 2.4 Linux kernel to run on actual RTU hardware. Functional testing demonstrated that different users were able to carryout assigned tasks with the limited set of permissions provided by the security hardened RTU and a series of simulated insider attacks were prevented by the RTU role based access control system. Analysis of communication times indicated response times would be acceptable for many SCADA and DCS application areas. Investigation of a partitioning microkernel for an RTU identified the L4 microkernel as an excellent candidate. Experimental evaluation of L4 on real hardware found the IPC overhead for simulated critical RTU operations protected by L4 partitioning to be sufficiently small to warrant continued investigation of the approach. VI TABLE OF CONTENTS PAGE ACKNOWLEDGEMENTS ............................................................................................... iv ABSTRACT ........................................................................................................................ v LIST OF TABLES ............................................................................................................ xii LIST OF FIGURES ......................................................................................................... xiv CHAPTER I INTRODUCTION ........................................................................................ 1 1.1 Organization of Dissertation ............................................................................... 5 CHAPTER II LITERATURE SURVERY ........................................................................ 7 2.1 SCADA systems ................................................................................................. 7 2.1.1 SCADA Components ...................................................................................... 8 2.1.2 SCADA architectures .................................................................................... 12 2.1.3 SCADA protocols ......................................................................................... 15 2.2 SCADA cyber security threats and vulnerabilities ........................................... 16 2.3 Securing SCADA systems ................................................................................ 23 2.3.1 Securing SCADA with standard IT technologies ......................................... 23 2.3.2 Differences between SCADA and Traditional IT environment ................... 28 2.3.3 SCADA research challenges and current research ....................................... 29 2.4 The Role based access control model ............................................................... 36 2.4.1 RBAC constraints ......................................................................................... 38 2.4.2 Specifying constraints on RBAC models ................................................. 42 2.5 Operating system security, reliability and reduced kernels .............................. 52 VII 2.5.1 Minimal kernels ............................................................................................ 56 2.5.2 Separation kernel and the MILS architecture ............................................... 58 CHAPTER III SECURITY HARDENING RTUS .......................................................... 61 3.1 RTU security vulnerabilities ............................................................................. 62 3.2 A security hardened R TU ................................................................................. 66 3.2.1 Secure SCADA protocol ............................................................................... 66 3.2.2 RTU role based access controL ................................................................... 68 3.2.3 Reduced kernel OS ....................................................................................... 71 3.3 A security hardened RTU architecture ............................................................. 73 3.4 Conclusions ....................................................................................................... 75 CHAPTER IV RTU ACCESS CONTROL MODEL ...................................................... 76 4.1 Core elements of the RTU access control modeL ............................................ 76 4.1.1 Sets ................................................................................................................ 77 4.1.2 Relations ....................................................................................................... 80 4.1.3 Core model definition ..................................................................................
Recommended publications
  • Using the Intel® LXT973 Ethernet Transceiver Application Note

    Using the Intel® LXT973 Ethernet Transceiver Application Note

    Intel® IXP42X Product Line and IXC1100 Control Plane Processor: Using the Intel® LXT973 Ethernet Transceiver Application Note July 2004 Document Number: 253429-002 Intel® IXP42X Product Line and IXC1100 Control Plane Processor: Using the Intel® LXT973 Ethernet Transceiver INFORMATION IN THIS DOCUMENT IS PROVIDED IN CONNECTION WITH INTEL® PRODUCTS. EXCEPT AS PROVIDED IN INTEL'S TERMS AND CONDITIONS OF SALE FOR SUCH PRODUCTS, INTEL ASSUMES NO LIABILITY WHATSOEVER, AND INTEL DISCLAIMS ANY EXPRESS OR IMPLIED WARRANTY RELATING TO SALE AND/OR USE OF INTEL PRODUCTS, INCLUDING LIABILITY OR WARRANTIES RELATING TO FITNESS FOR A PARTICULAR PURPOSE, MERCHANTABILITY, OR INFRINGEMENT OF ANY PATENT, COPYRIGHT, OR OTHER INTELLECTUAL PROPERTY RIGHT. Intel Corporation may have patents or pending patent applications, trademarks, copyrights, or other intellectual property rights that relate to the presented subject matter. The furnishing of documents and other materials and information does not provide any license, express or implied, by estoppel or otherwise, to any such patents, trademarks, copyrights, or other intellectual property rights. Intel products are not intended for use in medical, life saving, life sustaining, critical control or safety systems, or in nuclear facility applications. Intel may make changes to specifications and product descriptions at any time, without notice. Designers must not rely on the absence or characteristics of any features or instructions marked "reserved" or "undefined." Intel reserves these for future definition and shall have no responsibility whatsoever for conflicts or incompatibilities arising from future changes to them. Contact your local Intel sales office or your distributor to obtain the latest specifications and before placing your product order.
  • Ebook - Informations About Operating Systems Version: August 15, 2006 | Download

    Ebook - Informations About Operating Systems Version: August 15, 2006 | Download

    eBook - Informations about Operating Systems Version: August 15, 2006 | Download: www.operating-system.org AIX Internet: AIX AmigaOS Internet: AmigaOS AtheOS Internet: AtheOS BeIA Internet: BeIA BeOS Internet: BeOS BSDi Internet: BSDi CP/M Internet: CP/M Darwin Internet: Darwin EPOC Internet: EPOC FreeBSD Internet: FreeBSD HP-UX Internet: HP-UX Hurd Internet: Hurd Inferno Internet: Inferno IRIX Internet: IRIX JavaOS Internet: JavaOS LFS Internet: LFS Linspire Internet: Linspire Linux Internet: Linux MacOS Internet: MacOS Minix Internet: Minix MorphOS Internet: MorphOS MS-DOS Internet: MS-DOS MVS Internet: MVS NetBSD Internet: NetBSD NetWare Internet: NetWare Newdeal Internet: Newdeal NEXTSTEP Internet: NEXTSTEP OpenBSD Internet: OpenBSD OS/2 Internet: OS/2 Further operating systems Internet: Further operating systems PalmOS Internet: PalmOS Plan9 Internet: Plan9 QNX Internet: QNX RiscOS Internet: RiscOS Solaris Internet: Solaris SuSE Linux Internet: SuSE Linux Unicos Internet: Unicos Unix Internet: Unix Unixware Internet: Unixware Windows 2000 Internet: Windows 2000 Windows 3.11 Internet: Windows 3.11 Windows 95 Internet: Windows 95 Windows 98 Internet: Windows 98 Windows CE Internet: Windows CE Windows Family Internet: Windows Family Windows ME Internet: Windows ME Seite 1 von 138 eBook - Informations about Operating Systems Version: August 15, 2006 | Download: www.operating-system.org Windows NT 3.1 Internet: Windows NT 3.1 Windows NT 4.0 Internet: Windows NT 4.0 Windows Server 2003 Internet: Windows Server 2003 Windows Vista Internet: Windows Vista Windows XP Internet: Windows XP Apple - Company Internet: Apple - Company AT&T - Company Internet: AT&T - Company Be Inc. - Company Internet: Be Inc. - Company BSD Family Internet: BSD Family Cray Inc.
  • 8130 Remote Terminal Unit

    8130 Remote Terminal Unit

    8130 Remote Terminal Unit Collect and transmit data from multiple storage tanks to a central system or host using a single tank gauge interface for inventory, alarm and control. Highlights •Easily expandable through the use of plug‐in interface modules ‐ reduces cost by integrating all analog, digital and serial data inputs and outputs •Multiple host ports ‐ adapts to your needs and redundancy requirements • Supports multiple tank gauge protocols ‐ connect your existing equipment at less cost • Digital and analog I/O connectivity ‐ allows simple tank farm alarm integration •Fully compatible with FuelsManager ‐ tank inventory management made easy • 8130 RTU and gauge configuration data can be exported to other applications, such as Microsoft Excel® or Access® ‐ document all tank gauge equipment Host Communication •Remote configuration of your tank gauges ‐ means less on‐tank The 8130 RTU connects to most types of sensors or actuators on activities, resulting in less personnel risk your site, and to PLCs and DCS computers. It combines with FuelsManager software to provide an extremely cost efficient and FuelsManager® reliable tank inventory system. It also provides fully redundant host ports and is compatible with a variety of other host systems through the industry standard MODBUS™ protocol. Configuration and Programming Remote programming can be accomplished from the host or locally Network using a PC with the Windows‐based configuration program Communications Field ViewRTU. This tool simplifies configuration and diagnostics, Instruments
  • Intel Corporation 2000 Annual Report

    Intel Corporation 2000 Annual Report

    silicon is in 2000 Annual Report i n t e l .c o m i n t c . c o m Intel facts and figures Net revenues Diluted earnings per share Dollars in billions Dollars, adjusted for stock splits 35 1.6 33.7 1.51 30 29.4 1.2 26.3 25 25.1 Intel revenues 1.05 20.8 20 grew 15% in 2000, 0.97 0.86 0.8 giving us our 14th 16.2 15 0.73 consecutive year of 11.5 10 0.50 0.4 8.8 revenue growth. 0.33 0.33 5.8 5 4.8 0.12 0.16 0 0 91 92 93 94 95 9697 98 99 00 91 92 93 94 95 9697 98 99 00 Geographic breakdown of 2000 revenues Return on average stockholders’ equity Percent Percent 100 40 38.4 35.5 35.6 33.3 North America 41% Intel has 30 75 30.2 experienced strong 27.3 28.4 26.2 international growth, 21.6 20 50 with 59% of revenues 20.4 Asia-Pacific 26% outside North America in 2000. 10 25 Europe 24% 0 Japan 9% 91 92 93 94 95 9697 98 99 00 0 Capital additions to property, Stock price trading ranges by fiscal year plant and equipment † Dollars, adjusted for stock splits Dollars in millions 75 8,000 Capital invest- 6,674 ments reflect Intel’s 6,000 50 commitment to building leading-edge manu- 4,501 4,000 4,032 facturing capacity for 3,550 3,403 25 3,024 state-of-the-art 2,441 2,000 silicon products.
  • Panel PC 670 Computing Unit Connecting and Switching on the Computing Unit 3

    Panel PC 670 Computing Unit Connecting and Switching on the Computing Unit 3

    Preface, Contents Product Overview SIMATIC PC 1 Starting Up the Computing Unit 2 Panel PC 670 Computing Unit Connecting and Switching on the Computing Unit 3 Equipment Manual Maintaining and Extending the Computing Unit 4 Configuring the Computing Unit in BIOS Setup 5 Fault Diagnosis 6 Hardware Information 7 Distributed Configuration 8 A Appendices C Glossary, Index This manual is only valid for computing units with Order No. 6AV77xx-... Release 04/02 Safety Guidelines This manual contains notices which you should observe to ensure your own personal safety, as well as to protect the product and connected equipment. These notices are marked as follows according to the level of danger: Danger ! indicates an imminently hazardous situation which, if not avoided, will result in death or serious injury. Warning ! indicates a potentially hazardous situation which, if not avoided, could result in death or serious injury. Caution ! used with the safety alert symbol indicates a potentially hazardous situation which, if not avoided, may result in minor or moderate injury. Caution used without the safety alert symbol indicates a potentially hazardous situation which, if not avoided, may result in property damage. Notice indicates that unwanted events or status can occur if the relevant information is not observed. Note draws your attention to particularly important information on the product, handling the product, or to a particular part of the documentation. Qualified Personnel Equipment may be commissioned and operated only by qualified personnel. Quali- fied personnel within the meaning of the safety notices in this manual are persons who are authorized to commission, ground and identify equipment, systems and circuits in accordance with safety engeneering standards.
  • Occupational Health and Safety Risks in the Healthcare Sector

    Occupational Health and Safety Risks in the Healthcare Sector

    Occupational health and safety risks in the healthcare sector Guide to prevention and good practice This publication is supported by the European Union Programme for Employment and Social Solidarity - PROGRESS (2007-2013). This programme is implemented by the European Commission. It was established to financially support the implementation of the objectives of the European Union in the employment, social affairs and equal oppor- tunities area, and thereby contribute to the achievement of the Europe 2020 Strategy goals in these fields. The seven-year Programme targets all stakeholders who can help shape the development of appropriate and effective employment and social legislation and policies, across the EU-27, EFTA-EEA and EU candidate and pre-candidate countries. For more information see: http://ec.europa.eu/progress Occupational health and safety risks in the healthcare sector European Commission Directorate-General for Employment, Social Affairs and Inclusion Unit B.3 Manuscript completed in December 2010 Neither the European Commission nor any person acting on behalf of the Commission may be held responsible for the use that may be made of the information contained in this publication. © Cover photos: iStock For any use or reproduction of photos which are not under European Union copyright, permission must be sought directly from the copyright holder(s). This guide has been produced by the Bundesanstalt für Arbeitsschutz und Arbeitsmedizin (BAuA), Berufsgenossenschaft für Gesundheitsdienst und Wohlfahrtspflege (BGW), contec Gesellschaft für Organisationsentwicklung mbH, Deutsches Netz Gesundheitsfördernder Krankenhäuser (DNGfK) and BAD/ Team Prevent GmbH. Europe Direct is a service to help you find answers to your questions about the European Union Freephone number (*): 00 800 6 7 8 9 10 11 (*) Certain mobile telephone operators do not allow access to 00 800 numbers or these calls may be billed.
  • Remote Terminal Unit ENCS-3M

    Remote Terminal Unit ENCS-3M

    Remote terminal unit ENCS-3m Manual ENCS.403500.001. Rev 3.2016 Table of contents Table of contents Introduction .................................................................................................. 3 Glossary .................................................................................................... 4 1 General information .......................................................................... 5 2 Design, dimension, naming convention ..................................................... 6 3 Features ......................................................................................... 8 3.1 Device poll and sync time ............................................................. 8 3.2 Telecontrol .............................................................................. 8 3.3 Spontaneous transmission ............................................................. 8 3.4 Cyclic transmission ..................................................................... 8 3.5 Background scan ........................................................................ 8 3.6 IEC 60870-5-101–2006 and IEC 60870-5-104-2004 support ........................ 8 3.7 GOOSE (IEC 61850 8-1) ................................................................. 9 3.8 Configuration ............................................................................ 9 4 Specification .................................................................................. 10 4.1 Interfaces .............................................................................
  • Rights Reserved. Permission to Make Digital Or Hard Copies of All Or Part Of

    Rights Reserved. Permission to Make Digital Or Hard Copies of All Or Part Of

    Copyright © 1994, by the author(s). All rights reserved. Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. To copy otherwise, to republish, to post on servers or to redistribute to lists, requires prior specific permission. MICROSOFT WINDOWS NT AND THE COMPETITION FOR DESKTOP COMPUTING by Brad Peters, William R. Bush, and A. Richard Newton Memorandum No. UCB/ERL M94/3 31 January 1994 MICROSOFT WINDOWS NT AND THE COMPETITION FOR DESKTOP COMPUTING by Brad Peters, William R. Bush, and A. Richard Newton Memorandum No. UCB/ERL M94/3 31 January 1994 MICROSOFT WINDOWS NT AND THE COMPETITION FOR DESKTOP COMPUTING by Brad Peters, William R. Bush, and A. Richard Newton Memorandum No. UCB/ERL M94/3 31 January 1994 ELECTRONICS RESEARCH LABORATORY College ofEngineering University ofCalifornia, Berkeley 94720 MICROSOFT WINDOWS NT AND THE COMPETITION FOR DESKTOP COMPUTING by Brad Peters, William R. Bush, and A. Richard Newton Memorandum No. UCB/ERL M94/3 31 January 1994 ELECTRONICS RESEARCH LABORATORY College ofEngineering University ofCalifornia, Berkeley 94720 Microsoft Windows NT And The Competition for Desktop Computing January 1994 Department ofElectrical Engineering and Computer Sciences University ofCalifornia Berkeley, California 94720 Abstract This report contains two papers, An Introduction to Microsoft Windows NT And Its Competitors, and The Status ofWindows NT and Its Competitors At The End of1993. The first paper, written in April 1993,presents an overview of the technology of Windows NT, and analyzes the competitors and competitive factors in the desktop operating system race.
  • IXP400 Software's Programmer's Guide

    IXP400 Software's Programmer's Guide

    Intel® IXP400 Software Programmer’s Guide June 2004 Document Number: 252539-002c Intel® IXP400 Software Contents INFORMATION IN THIS DOCUMENT IS PROVIDED IN CONNECTION WITH INTEL® PRODUCTS. EXCEPT AS PROVIDED IN INTEL'S TERMS AND CONDITIONS OF SALE FOR SUCH PRODUCTS, INTEL ASSUMES NO LIABILITY WHATSOEVER, AND INTEL DISCLAIMS ANY EXPRESS OR IMPLIED WARRANTY RELATING TO SALE AND/OR USE OF INTEL PRODUCTS, INCLUDING LIABILITY OR WARRANTIES RELATING TO FITNESS FOR A PARTICULAR PURPOSE, MERCHANTABILITY, OR INFRINGEMENT OF ANY PATENT, COPYRIGHT, OR OTHER INTELLECTUAL PROPERTY RIGHT. Intel Corporation may have patents or pending patent applications, trademarks, copyrights, or other intellectual property rights that relate to the presented subject matter. The furnishing of documents and other materials and information does not provide any license, express or implied, by estoppel or otherwise, to any such patents, trademarks, copyrights, or other intellectual property rights. Intel products are not intended for use in medical, life saving, life sustaining, critical control or safety systems, or in nuclear facility applications. The Intel® IXP400 Software v1.2.2 may contain design defects or errors known as errata which may cause the product to deviate from published specifications. Current characterized errata are available on request. MPEG is an international standard for video compression/decompression promoted by ISO. Implementations of MPEG CODECs, or MPEG enabled platforms may require licenses from various entities, including Intel Corporation. This document and the software described in it are furnished under license and may only be used or copied in accordance with the terms of the license. The information in this document is furnished for informational use only, is subject to change without notice, and should not be construed as a commitment by Intel Corporation.
  • Integrated Report 2019

    Integrated Report 2019

    Integrated Report 2019 JP TOWER, 2-7-2 Marunouchi, Chiyoda-ku, Tokyo 100-7015, Japan Phone: +81-3-6250-2111 https://konicaminolta.com CONTENTS On the Release of Integrated Report 2019 1 On the Release of Integrated Report 2019 2 CONTENTS Konica Minolta’s Strengths 03 Since fiscal 2015, Konica Minolta has released annual reports (the name of these reports was changed to the and Value Creation 3 Konica Minolta Philosophy integrated report in 2017) that provide a comprehensive look at the Company's activities and philosophies. 7 Value Creation Process The fifth report is now available. We made this integrated report to be a communication tool to better 9 Konica Minolta's Strengths 1. Customer base familiarize stakeholders, including shareholders and investors, with Konica Minolta by systematically 11 Konica Minolta’s Strengths 2. Technical expertise organizing both financial and non-financial information. 13 Konica Minolta’s Strengths 3. Business Model The 2018 integrated report was externally well-received, winning recognition and awards that included Growth Strategy 15 the Special Award in the Nikkei Annual Report Awards conducted by Nikkei Inc., and the Excellence in 15 Medium Term Business Plan Integrated Reporting Prize at the 6th WICI Japan Awards for Excellence in Integrated Reporting. 17 Message from the CEO Integrated Report 2019 clarifies the Konica Minolta Group's strengths and value creation processes 25 Message from the CFO 29 while explaining the Group's medium- to long-term business strategy and pathway to value creation with a Special Topics Building High Value-Added Businesses focus on SHINKA 2019, the new Medium Term Business Plan formulated in 2017.
  • Intel® Technology Journal the Original 45Nm Intel Core™ Microarchitecture

    Intel® Technology Journal the Original 45Nm Intel Core™ Microarchitecture

    Volume 12 Issue 03 Published October 2008 ISSN 1535-864X DOI: 10.1535/itj.1203 Intel® Technology Journal The Original 45nm Intel Core™ Microarchitecture Intel Technology Journal Q3’08 (Volume 12, Issue 3) focuses on Intel® Processors Based on the Original 45nm Intel Core™ Microarchitecture: The First Tick in Intel’s new Architecture and Silicon “Tick-Tock” Cadence The Technical Challenges of Transitioning Original 45nm Intel® Core™ 2 Processor Performance Intel® PRO/Wireless Solutions to a Half-Mini Card Power Management Enhancements Greater Mobility Through Lower Power in the 45nm Intel® Core™ Microarchitecture Improvements in the Intel® Core™ 2 Penryn Processor Family Architecture Power Improvements on 2008 Desktop Platforms and Microarchitecture Mobility Thin and Small Form-Factor Packaging for Intel® Processors Based on Original 45nm The First Six-Core Intel® Xeon™ Microprocessor Intel Core™ Microarchitecture More information, including current and past issues of Intel Technology Journal, can be found at: http://developer.intel.com/technology/itj/index.htm Volume 12 Issue 03 Published October 2008 ISSN 1535-864X DOI: 10.1535/itj.1203 Intel® Technology Journal The Original 45nm Intel Core™ Microarchitecture Articles Preface iii Foreword v Technical Reviewers vii Original 45nm Intel® Core™ 2 Processor Performance 157 Power Management Enhancements in the 45nm Intel® Core™ Microarchitecture 169 Improvements in the Intel® Core™ 2 Penryn Processor Family Architecture 179 and Microarchitecture Mobility Thin and Small Form-Factor Packaging
  • (12) United States Patent (10) Patent No.: US 8,862,870 B2 Reddy Et Al

    (12) United States Patent (10) Patent No.: US 8,862,870 B2 Reddy Et Al

    USOO886287OB2 (12) United States Patent (10) Patent No.: US 8,862,870 B2 Reddy et al. (45) Date of Patent: Oct. 14, 2014 (54) SYSTEMS AND METHODS FOR USPC .......... 713/152–154, 168, 170; 709/223, 224, MULTI-LEVELTAGGING OF ENCRYPTED 709/225 ITEMIS FOR ADDITIONAL SECURITY AND See application file for complete search history. EFFICIENT ENCRYPTED ITEM (56) References Cited DETERMINATION U.S. PATENT DOCUMENTS (75) Inventors: Anoop Reddy, Santa Clara, CA (US); 5,867,494 A 2/1999 Krishnaswamy et al. Craig Anderson, Santa Clara, CA (US) 5,909,559 A 6, 1999 SO (73) Assignee: Citrix Systems, Inc., Fort Lauderdale, (Continued) FL (US) FOREIGN PATENT DOCUMENTS (*) Notice: Subject to any disclaimer, the term of this patent is extended or adjusted under 35 CN 1478348 A 2, 2004 U.S.C. 154(b) by 0 days. EP 1422.907 A2 5, 2004 (Continued) (21) Appl. No.: 13/337.735 OTHER PUBLICATIONS (22) Filed: Dec. 27, 2011 Australian Examination Report on 200728.1083 dated Nov.30, 2010. (65) Prior Publication Data (Continued) US 2012/O17387OA1 Jul. 5, 2012 Primary Examiner — Abu Sholeman (74) Attorney, Agent, or Firm — Foley & Lardner LLP: Related U.S. Application Data Christopher J. McKenna (60) Provisional application No. 61/428,138, filed on Dec. (57) ABSTRACT 29, 2010. The present disclosure is directed towards systems and meth ods for performing multi-level tagging of encrypted items for (51) Int. Cl. additional security and efficient encrypted item determina H04L 9M32 (2006.01) tion. A device intercepts a message from a server to a client, H04L 2L/00 (2006.01) parses the message and identifies a cookie.