Fidelius: Protecting User Secrets from Compromised Browsers

Eskandarian, Saba; Cogan, Jonathan; Birnbaum, Sawyer; Brandon, Peh Chang Wei; Franke, Dillon; Fraser, Forest; Garcia, Gaspar; Gong, Eric; Nguyen, Hung T.; Sethi, Taresh K.; Subbiah, Vishal; Backes, Michael; Pellegrino, Giancarlo; Boneh, Dan

doi:10.1109/sp.2019.00036

Cited by 34 publications

(12 citation statements)

References 36 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Trusted Hardware. We believe that using trusted hardware, such as Intel SGX, is a promising direction to protect data [121][122][123][124][125]. Using trusted hardware to hold the cryptographic keys for an encrypted database and limiting the number of records that can be retrieved with the SELECT query using trusted hardware could go a long way towards preventing data breaches.…”

Section: Future Research Directionsmentioning

confidence: 99%

SoK: Anatomy of Data Breaches

Saleem

Naveed

2020

Proceedings on Privacy Enhancing Technologies

View full text Add to dashboard Cite

We systematize the knowledge on data breaches into concise step-by-step breach workflows and use them to describe the breach methods. We present the most plausible workflows for 10 famous data breaches. We use information from a variety of sources to develop our breach workflows, however, we emphasize that for many data breaches, information about crucial steps was absent. We researched such steps to develop complete breach workflows; as such, our workflows provide descriptions of data breaches that were previously unavailable. For generalizability, we present a general workflow of 50 data breaches from 2015. Based on our data breach analysis, we develop requirements that organizations need to meet to thwart data breaches. We describe what requirements are met by existing security technologies and propose future research directions to thwart data breaches.

show abstract

Section: Future Research Directionsmentioning

confidence: 99%

SoK: Anatomy of Data Breaches

Saleem

Naveed

2020

Proceedings on Privacy Enhancing Technologies

View full text Add to dashboard Cite

show abstract

“…The consequences of such attacks might be severe when applications that control remote safety-critical systems are targeted. The attacker can pass the wrong input to TruZ-Droid [17] PROTECTION Uni-dir [5] Overshadow [18] SGXIO [4] Fidelius [9] Fig. 1: Existing trusted path solutions.…”

Section: A Motivation: Secure Io With Remote Safety-critical Systemmentioning

confidence: 99%

“…Fidelius [9] addresses the problem with output integrity by rendering overlays using an external trusted device. Fidelius uses the trusted external device and Intel SGX to create a secure channel between the user IO devices and a remote server.…”

Section: B Analysis Of Existing and Strawman Solutionsmentioning

confidence: 99%

“…Finally, the design of Fidelius [9] is strictly limited to text-based fields only. As Fidelius does not provide output integrity of the forms, it cannot provide confidentiality to other UI elements such as radio buttons, drop-down menus, sliders, etc.…”

Section: B Analysis Of Existing and Strawman Solutionsmentioning

confidence: 99%

“…Fidelius [9] combines the previous ideas of Bump in the Ether and trusted overlay to protect keyboard inputs from a compromised browser using external devices and a JavaScript interpreter that runs inside an SGX enclave. Fidelius maintains overlays on display, specifically on the input text boxes to hide sensitive user inputs from the browser.…”

Section: Introductionmentioning

confidence: 99%

See 2 more Smart Citations

ProtectIOn: Root-of-Trust for IO in Compromised Platforms

Dhar

Ulqinaku

Kostiainen

et al. 2020

Proceedings 2020 Network and Distributed System Security Symposium

View full text Add to dashboard Cite

Security and safety-critical remote applications such as e-voting, online banking, industrial control systems and medical devices rely upon user interaction that is typically performed through web applications. Trusted path to such remote systems is critical in the presence of an attacker that controls the user's computer. Such an attacker can observe and modify any IO data without being detected by the user or the server. We investigate the security of previous research proposals and observe several drawbacks that make them vulnerable. Based on these observations we identify novel requirements for secure IO operation in the presence of a compromised host.

show abstract