2006 USENIX Annual Technical Conference Abstract
Pp. 185–198 of the Proceedings
Bump in the Ether: A Framework for Securing Sensitive User Input
Jonathan M. McCune, Adrian Perrig, and Michael K. Reiter, Carnegie Mellon University
Abstract
We present Bump in the Ether (BitE), an approach for preventing user-space
malware from accessing sensitive user input and providing the user
with additional confidence that her input is being delivered to the
expected application. Rather than preventing malware from running or
detecting already-running malware, we facilitate user input that
bypasses common avenues of attack. User input traverses a
trusted tunnel from the input device to the application.
This trusted tunnel is implemented using a trusted mobile device
working in tandem with a host platform capable of attesting to its
current software state. Based on a received attestation, the mobile
device verifies the integrity of the host platform and application,
provides a trusted display through which the user selects the
application to which her inputs should be directed, and encrypts those
inputs so that only the expected application can decrypt them. We
describe the design and implementation of BitE, with emphasis on both
usability and security issues.
- View the full text of this paper in HTML and PDF. Listen to the presentation in MP3 format.
Until June 2007, you will need your USENIX membership identification in order to access the full papers. The Proceedings are published as a collective work, © 2006 by the USENIX Association. All Rights Reserved. Rights to individual papers remain with the author or the author's employer. Permission is granted for the noncommercial reproduction of the complete work for educational or research purposes. USENIX acknowledges all trademarks within this paper.
- If you need the latest Adobe Acrobat Reader, you can download it from Adobe's site.
|
