The knowledge complexity of interactive proof-systems
STOC '85 Proceedings of the seventeenth annual ACM symposium on Theory of computing
Bro: a system for detecting network intruders in real-time
Computer Networks: The International Journal of Computer and Telecommunications Networking
Using encryption for authentication in large networks of computers
Communications of the ACM
Security problems in the TCP/IP protocol suite
ACM SIGCOMM Computer Communication Review
Eliminating counterevidence with applications to accountable certificate management
Journal of Computer Security
How to Own the Internet in Your Spare Time
Proceedings of the 11th USENIX Security Symposium
Terra: a virtual machine-based platform for trusted computing
SOSP '03 Proceedings of the nineteenth ACM symposium on Operating systems principles
Securing nomads: the case for quarantine, examination, and decontamination
Proceedings of the 2003 workshop on New security paradigms
Proceedings of the 11th ACM conference on Computer and communications security
New client puzzle outsourcing techniques for DoS resistance
Proceedings of the 11th ACM conference on Computer and communications security
Attestation-based policy enforcement for remote access
Proceedings of the 11th ACM conference on Computer and communications security
Polygraph: Automatically Generating Signatures for Polymorphic Worms
SP '05 Proceedings of the 2005 IEEE Symposium on Security and Privacy
The Blaster Worm: Then and Now
IEEE Security and Privacy
Evading network anomaly detection systems: formal reasoning and practical techniques
Proceedings of the 13th ACM conference on Computer and communications security
OSDI'04 Proceedings of the 6th conference on Symposium on Opearting Systems Design & Implementation - Volume 6
Design and implementation of a TCG-based integrity measurement architecture
SSYM'04 Proceedings of the 13th conference on USENIX Security Symposium - Volume 13
Autograph: toward automated, distributed worm signature detection
SSYM'04 Proceedings of the 13th conference on USENIX Security Symposium - Volume 13
Accurate buffer overflow detection via abstract payload execution
RAID'02 Proceedings of the 5th international conference on Recent advances in intrusion detection
A fast static analysis approach to detect exploit code inside network flows
RAID'05 Proceedings of the 8th international conference on Recent Advances in Intrusion Detection
Remote access and networked appliance control using biometrics features
IEEE Transactions on Consumer Electronics
A secure flash card solution for remote access for mobile workforce
IEEE Transactions on Consumer Electronics
Semantic attestation of node integrity in overlays
OTM'10 Proceedings of the 2010 international conference on On the move to meaningful internet systems - Volume Part I
Attestation of integrity of overlay networks
Journal of Systems Architecture: the EUROMICRO Journal
| Hi-index | 0.00 |
Determining whether a user or system is exercising appropriate security practices is difficult in any context. Such difficulties are particularly pronounced when uncontrolled or unknown platforms join public networks. Commonly practiced techniques used to vet these hosts, such as system scans, have the potential to infringe on the privacy of users. In this article, we show that it is possible for clients to prove both the presence and proper functioning of security infrastructure without allowing unrestricted access to their system. We demonstrate this approach, specifically applied to antivirus security, by requiring clients seeking admission to a network to positively identify the presence or absence of malcode in a series of puzzles. The implementation of this mechanism and its application to real networks are also explored. In so doing, we demonstrate that it is not necessary for an administrator to be invasive to determine whether a client implements required security practices.