BSc. Thesis hopefully progressing with peer pressure from OUSPG Open.
Research question/problem (Msc.): How to securely deploy/provision Linux installations over insecure network/Internet using trusted starting point?
Research question/problem (BSc.): Smaller subset of the above :)
Layers to consider:
Chain of trust:
What existing software and features there already is?
Implementation
Describe experiments
Describe attack vectors
stuff to read:
Waste of time: Secure Server Provisioning and Communication Mechanism in Cloud
Information security auditing tool for authorities – Katakri 2015
x86 Network Booting: Integrating gPXE and PXELINUX
An Updated Performance Comparison of Virtual Machines and Linux Containers
An Approach for Secure Software Installation
signify: Securing OpenBSD From Us To You
Developing Software in a Hostile Environment
CAIA Testbed for TEACUP Experiments
Operating System Support for Run-Time Security with a Trusted Execution Environment
Fedora's Secure Boot FAQ
Trusted Computing
Android Verified Boot
Device-Mapper's "verity" target
1989: License of Science in Technology. Helsinki University of Technology, department of Electrical Engineering. Hannu H. Kari: "Diskless Workstations in a Local Area Network".
Docker Security Cheat Sheet
CIS CentOS Linux 6 Benchmark
CIS CentOS Linux 7 Benchmark
CIS Distribution Independent Linux
Red Hat Enterprise Linux 6 Security Guide
Red Hat Enterprise Linux 7 Security Guide
Trusted images
ETSI GS NFV-SEC 001 V1.1.1 (2014-10): Network Functions Virtualisation (NFV); NFV Security; Problem Statement
Secure lazy provisioning of virtual desktops to a portable storage device a * https://dl.acm.org/citation.cfm?id=2287068&CFID=641474301&CFTOKEN=92782901
Characterizing and Avoiding Routing Detours Through Surveillance States