Description |
1 online resource (xv, 101 pages) |
Series |
SpringerBriefs in computer science |
|
SpringerBriefs in computer science.
|
Contents |
Machine generated contents note: 1. Introduction -- 2. What Do We Need to Know? Techniques for Recording Platform State -- 2.1. Recording Code Identity -- 2.2. Recording Dynamic Properties -- 2.3. Which Property is Necessary? -- 3. Can We Use Platform Information Locally? -- 3.1. Secure Boot -- 3.2. Storage Access Control Based on Code Identity -- 4. Can We Use Platform Information Remotely? -- 4.1. Prerequisites -- 4.2. Conveying Code Measurement Chains -- 4.3. Privacy Concerns -- 5. How Do We Make Sense of Platform State? -- 5.1. Coping With Information Overload -- 5.2. Focusing on Security-Relevant Code -- 5.3. Conveying Higher-Level Information -- 6. Roots of Trust -- 6.1. General-Purpose Tamper-Resistant and Tamper-Responding Devices -- 6.2. General-Purpose Devices Without Dedicated Physical Defenses -- 6.3. Special-Purpose Minimal Devices -- 6.4. Research Solutions Without Hardware Support -- 7. Challenges in Bootstrapping Trust in Secure Hardware -- 7.1. Problem Definition -- 7.2. Potential Solutions -- 7.3. Preferred Solutions -- 8. Validating the Process -- 9. Applications -- 9.1. Real World -- 9.2. Research Proposals -- 10. Implementing Trust Bootstrapping: Open Source Tools -- 10.1. Component Packages -- 10.2. Complete Distributions or LiveCDs -- 11. Human Factors & Usability -- 11.1. Trustworthy Verifier Devices -- 11.2. Using Your Brain to Check a Computer -- 11.3. Pairing Two Trustworthy Devices -- 12. Limitations -- 12.1. Load-Time Versus Run-Time Guarantees -- 12.2. Hardware Attacks -- 13. Additional Reading -- 13.1. Books -- 13.2. Conference and Workshop Proceedings -- 14. Summary |
Summary |
Trusting a computer for a security-sensitive task (such as checking email or banking online) requires the user to know something about the computer's state. We examine research on securely capturing a computer's state, and consider the utility of this information both for improving security on the local computer (e.g., to convince the user that her computer is not infected with malware) and for communicating a remote computer's state (e.g., to enable the user to check that a web server will adequately protect her data). Although the recent "Trusted Computing" initiative has drawn both positive and negative attention to this area, we consider the older and broader topic of bootstrapping trust in a computer. We cover issues ranging from the wide collection of secure hardware that can serve as a foundation for trust, to the usability issues that arise when trying to convey computer state information to humans. This approach unifies disparate research efforts and highlights opportunities for additional work that can guide real-world improvements in computer security |
Bibliography |
Includes bibliographical references (pages 79-95) and index |
Subject |
Computer security
|
|
Computer networks -- Security measures.
|
|
Informatique.
|
|
Computer networks -- Security measures
|
|
Computer security
|
Form |
Electronic book
|
Author |
McCune, Jonathan M.
|
|
Perrig, Adrian.
|
ISBN |
9781461414605 |
|
1461414601 |
|
9781461414599 |
|
1461414598 |
|