Rapid Trust Establishment for Transient Use of Unmanaged Hardware

Transient use of PCs has grown in importance with the advent of Internet cafes and the emergence of personalization systems such as Migo, GoToMyPC, and Internet Suspend/Resume. Unfortunately, users have no choice today but to trust any transient hardware they use. They are often unaware of the risks...

Full description

Saved in:
Bibliographic Details
Main Authors: Surie, Ajay, Perrig, Adrian, Satyanarayanan, M, Farber, David
Format: Report
Language:English
Subjects:
Computer Hardware
Computer Programming and Software
Computer Systems Management and Standards
DATA PROCESSING SECURITY
ESTABLISHING TRUST
INTEGRITY
LOAD-TIME VALIDATION
MICROCOMPUTERS
OPERATING SYSTEMS(COMPUTERS)
PORTABLE STORAGE
TRANSIENT USE
TRUST-SNIFFER SYSTEM
TRUSTED COMPUTING
UNTRUSTED TERMINALS
Online Access:Request full text
Tags: Add Tag
No Tags, Be the first to tag this record!
Description
Summary:Transient use of PCs has grown in importance with the advent of Internet cafes and the emergence of personalization systems such as Migo, GoToMyPC, and Internet Suspend/Resume. Unfortunately, users have no choice today but to trust any transient hardware they use. They are often unaware of the risks they face in placing faith in public computers. We address this problem through Trust-Sniffer, a tool that helps a user to gain confidence in the software stack on an untrusted machine. The root of trust is a small, lightweight device such as a USB memory stick that is owned by the user. Once the integrity of the boot image is verified, Trust-Sniffer uses a staged process to expand the zone of trust. It generates a trust fault when a user first attempts to execute any binary that lies outside the current zone of trust. A trust fault handler verifies the integrity of the suspect binary by comparing its checksum with that of known good binaries. Execution stops if the binary's integrity cannot be established. This staged approach to establishing confidence in an untrusted machine strikes a good balance between the needs of security and ease-of-use, and enables rapid use of transient hardware. Sponsored in part by the National Science Foundation. The original document contains color images.