Bootstrapping Trust in Commodity Computers

Parno, Bryan; McCune, Jonathan M.; Perrig, Adrian

doi:10.1109/sp.2010.32

Cited by 126 publications

(74 citation statements)

References 52 publications

(68 reference statements)

Supporting

Mentioning

Contrasting

Order By: Relevance

“…The high level concept of Trusted Computing as defined by the TCG introduces different roots of trust in the system design providing complementary security functions (see also [4]). To attest on the health of a system each software component needs to be measured beginning from the initialization of the device.…”

Section: Roots Of Trustmentioning

confidence: 99%

On the Secure Distribution of Vendor-Specific Keys in Deployment Scenarios

Kuntze

Fuchs

Rudolph

2015

ICT Systems Security and Privacy Protection

View full text Add to dashboard Cite

Abstract. Product counterfeit is a tremendous challenge for vendors in many areas. Particularly important is a prevention of product counterfeit where products like telecommunication devices interact with other systems and thus a malfunctioning of a single device can jeopardize the complete system. This can also deteriorate the reputation of the vendor. Furthermore, violation of intellectual properties can cause financial losses. Detection of product counterfeit can be based on tracking back each device to the production process of the vendor to ensure the product origin. Devices without a verified source can then be considered counterfeit with a high potential to be malicious or of low quality. Vendors already apply vendor-specific security technologies protecting the distribution. These often employ special hardware-based security mechanisms specifically designed for a particular range of products. This publication shows the usage of the already available Trusted Platform Module to allow for distribution channel protection and to leverage overall security by allowing the secure identification of a specific device. It also explains a few additional Trusted Platform Module functionalities that can be used.

show abstract

Section: Roots Of Trustmentioning

confidence: 99%

On the Secure Distribution of Vendor-Specific Keys in Deployment Scenarios

Kuntze

Fuchs

Rudolph

2015

ICT Systems Security and Privacy Protection

View full text Add to dashboard Cite

show abstract

“…We offer these guarantees by means of a remote attestation protocol, which users run when they claim their accounts. Our protocol is based on a standard attestation protocol [30], which transmits the boot time measurements (hash) of the TCB components signed by the TPM. We then extend it to include the MTS identities as well as the user account report (see Section 5.3).…”

Section: Enforcing the System Integrity Invariantmentioning

confidence: 99%

Enhancing the OS against Security Threats in System Administration

Santos

Rodrigues

Ford

2012

Lecture Notes in Computer Science

View full text Add to dashboard Cite

Abstract. The consequences of security breaches due to system administrator errors can be catastrophic. Software systems in general, and OSes in particular, ultimately depend on a fully trusted administrator whom is granted superuser privileges that allow him to fully control the system. Consequently, an administrator acting negligently or unethically can easily compromise user data in irreversible ways by leaking, modifying, or deleting data. In this paper we propose a new set of guiding principles for OS design that we call the broker security model. Our model aims to increase OS security without hindering manageability. This is achieved by a two-step process that (1) restricts administrator privileges to preclude inspection and modification of user data, and (2) allows for management tasks that are mediated by a layer of trusted programs-brokersinterposed between the management interface and system objects. We demonstrate the viability of this approach by building BrokULOS, a Linux-based OS that suppresses superuser privileges and exposes a narrow management interface consisting of a set of tailor-made brokers. Our evaluation shows that our modifications to Linux add negligible overhead to applications while preserving system manageability.

show abstract

“…The Web currently protects against this type of attack (via techniques to prevent cross-site request forgery), but Android does not. Other researchers focus on addressing this type of problem with code attestation [27] or by bringing the Web model to mobile operating systems [35].…”

Section: Securitymentioning

confidence: 99%

User interface toolkit mechanisms for securing interface elements

Roesner

Fogarty

Kohno

2012

Proceedings of the 25th Annual ACM Symposium on User Interface Software and Technology

View full text Add to dashboard Cite

User interface toolkit research has traditionally assumed that developers have full control of an interface. This assumption is challenged by the mashup nature of many modern interfaces, in which different portions of a single interface are implemented by multiple, potentially mutually distrusting developers (e.g., an Android application embedding a third-party advertisement). We propose considering security as a primary goal for user interface toolkits. We motivate the need for security at this level by examining today's mashup scenarios, in which security and interface flexibility are not simultaneously achieved. We describe a security-aware user interface toolkit architecture that secures interface elements while providing developers with the flexibility and expressivity traditionally desired in a user interface toolkit. By challenging trust assumptions inherent in existing approaches, this architecture effectively addresses important interface-level security concerns.

show abstract

Bootstrapping Trust in Commodity Computers

Cited by 126 publications

References 52 publications

On the Secure Distribution of Vendor-Specific Keys in Deployment Scenarios

On the Secure Distribution of Vendor-Specific Keys in Deployment Scenarios

Enhancing the OS against Security Threats in System Administration

User interface toolkit mechanisms for securing interface elements

Contact Info

Product

Resources

About