The design and implementation of a certifying compiler
PLDI '98 Proceedings of the ACM SIGPLAN 1998 conference on Programming language design and implementation
Public-key cryptography and password protocols
ACM Transactions on Information and System Security (TISSEC)
Building a high-performance, programmable secure coprocessor
Computer Networks: The International Journal of Computer and Telecommunications Networking - Special issue on computer network security
Crossroads
ACM Transactions on Computer Systems (TOCS)
SETI@home: an experiment in public-resource computing
Communications of the ACM
CIL: Intermediate Language and Tools for Analysis and Transformation of C Programs
CC '02 Proceedings of the 11th International Conference on Compiler Construction
Securing Web Servers against Insider Attack
ACSAC '01 Proceedings of the 17th Annual Computer Security Applications Conference
Access control for ad-hoc collaboration
Access control for ad-hoc collaboration
Xen and the art of virtualization
SOSP '03 Proceedings of the nineteenth ACM symposium on Operating systems principles
Terra: a virtual machine-based platform for trusted computing
SOSP '03 Proceedings of the nineteenth ACM symposium on Operating systems principles
BOINC: A System for Public-Resource Computing and Storage
GRID '04 Proceedings of the 5th IEEE/ACM International Workshop on Grid Computing
BIND: A Fine-Grained Attestation Service for Secure Distributed Systems
SP '05 Proceedings of the 2005 IEEE Symposium on Security and Privacy
Pioneer: verifying code integrity and enforcing untampered code execution on legacy systems
Proceedings of the twentieth ACM symposium on Operating systems principles
Reducing TCB complexity for security-sensitive applications: three case studies
Proceedings of the 1st ACM SIGOPS/EuroSys European Conference on Computer Systems 2006
Certifying program execution with secure processors
HOTOS'03 Proceedings of the 9th conference on Hot Topics in Operating Systems - Volume 9
Preventing privilege escalation
SSYM'03 Proceedings of the 12th conference on USENIX Security Symposium - Volume 12
Privtrans: automatically partitioning programs for privilege separation
SSYM'04 Proceedings of the 13th conference on USENIX Security Symposium - Volume 13
Design and implementation of a TCG-based integrity measurement architecture
SSYM'04 Proceedings of the 13th conference on USENIX Security Symposium - Volume 13
Stronger password authentication using browser extensions
SSYM'05 Proceedings of the 14th conference on USENIX Security Symposium - Volume 14
SP '07 Proceedings of the 2007 IEEE Symposium on Security and Privacy
Splitting interfaces: making trust between applications and operating systems configurable
OSDI '06 Proceedings of the 7th symposium on Operating systems design and implementation
How low can you go?: recommendations for hardware-supported minimal TCB code execution
Proceedings of the 13th international conference on Architectural support for programming languages and operating systems
OSLO: improving the security of trusted computing
SS'07 Proceedings of 16th USENIX Security Symposium on USENIX Security Symposium
Trustworthy and personalized computing on public kiosks
Proceedings of the 6th international conference on Mobile systems, applications, and services
Enforcing DRM policies across applications
Proceedings of the 8th ACM workshop on Digital rights management
Remote attestation on legacy operating systems with trusted platform modules
Science of Computer Programming
Bootstrapping trust in a "trusted" platform
HOTSEC'08 Proceedings of the 3rd conference on Hot topics in security
Virtual machines jailed: virtualization in systems with small trusted computing bases
Proceedings of the 1st EuroSys Workshop on Virtualization Technology for Dependable Systems
Proceedings of the 4th ACM European conference on Computer systems
Taming subsystems: capabilities as universal resource access control in L4
Proceedings of the Second Workshop on Isolation and Integration in Embedded Systems
Trust '09 Proceedings of the 2nd International Conference on Trusted Computing
Trustable Remote Verification of Web Services
Trust '09 Proceedings of the 2nd International Conference on Trusted Computing
Not-a-Bot: improving service availability in the face of botnet attacks
NSDI'09 Proceedings of the 6th USENIX symposium on Networked systems design and implementation
Accountability in hosted virtual networks
Proceedings of the 1st ACM workshop on Virtualized infrastructure systems and architectures
Hardware-Assisted Application-Level Access Control
ISC '09 Proceedings of the 12th International Conference on Information Security
Efficient, secure, and isolated execution of cryptographic algorithms on a cryptographic unit
Proceedings of the 2nd international conference on Security of information and networks
Effective implementation of the cell broadband engine™ isolation loader
Proceedings of the 16th ACM conference on Computer and communications security
LaLa: a late launch application
Proceedings of the 2009 ACM workshop on Scalable trusted computing
Modeling and Verification of Privacy Enhancing Protocols
ICFEM '09 Proceedings of the 11th International Conference on Formal Engineering Methods: Formal Methods and Software Engineering
Toward trustworthy mobile sensing
Proceedings of the Eleventh Workshop on Mobile Computing Systems & Applications
NoHype: virtualized cloud infrastructure without the virtualization
Proceedings of the 37th annual international symposium on Computer architecture
Suppressing bot traffic with accurate human attestation
Proceedings of the first ACM asia-pacific workshop on Workshop on systems
Towards trustworthy participatory sensing
HotSec'09 Proceedings of the 4th USENIX conference on Hot topics in security
Ally: OS-transparent packet inspection using sequestered cores
WIOV'10 Proceedings of the 2nd conference on I/O virtualization
HyperSentry: enabling stealthy in-context measurement of hypervisor integrity
Proceedings of the 17th ACM conference on Computer and communications security
TEE: a virtual DRTM based execution environment for secure cloud-end computing
Proceedings of the 17th ACM conference on Computer and communications security
Using hypervisors to secure commodity operating systems
Proceedings of the fifth ACM workshop on Scalable trusted computing
Implementing an application-specific credential platform using late-launched mobile trusted module
Proceedings of the fifth ACM workshop on Scalable trusted computing
Separating hypervisor trusted computing base supported by hardware
Proceedings of the fifth ACM workshop on Scalable trusted computing
PoliMakE: a policy making engine for secure embedded software execution on chip-multiprocessors
WESS '10 Proceedings of the 5th Workshop on Embedded Systems Security
Escrowed data and the digital envelope
TRUST'10 Proceedings of the 3rd international conference on Trust and trustworthy computing
Dynamic enforcement of platform integrity
TRUST'10 Proceedings of the 3rd international conference on Trust and trustworthy computing
Conqueror: tamper-proof code execution on legacy systems
DIMVA'10 Proceedings of the 7th international conference on Detection of intrusions and malware, and vulnerability assessment
HyperCheck: a hardware-assisted integrity monitor
RAID'10 Proceedings of the 13th international conference on Recent advances in intrusion detection
Live and trustworthy forensic analysis of commodity production systems
RAID'10 Proceedings of the 13th international conference on Recent advances in intrusion detection
SCOBA: source code based attestation on custom software
Proceedings of the 26th Annual Computer Security Applications Conference
Trusted disk loading in the Emulab network testbed
CSET'10 Proceedings of the 3rd international conference on Cyber security experimentation and test
Small trusted primitives for dependable systems
ACM SIGOPS Operating Systems Review
ETTM: a scalable fault tolerant network manager
Proceedings of the 8th USENIX conference on Networked systems design and implementation
Compiling information-flow security to minimal trusted computing bases
ESOP'11/ETAPS'11 Proceedings of the 20th European conference on Programming languages and systems: part of the joint European conferences on theory and practice of software
What if you could actually trust your kernel?
HotOS'13 Proceedings of the 13th USENIX conference on Hot topics in operating systems
Toward practical and unconditional verification of remote computations
HotOS'13 Proceedings of the 13th USENIX conference on Hot topics in operating systems
SecureME: a hardware-software approach to full system security
Proceedings of the international conference on Supercomputing
Security versus energy tradeoffs in host-based mobile malware detection
MobiSys '11 Proceedings of the 9th international conference on Mobile systems, applications, and services
Secure data preservers forweb services
WebApps'11 Proceedings of the 2nd USENIX conference on Web application development
CPU support for secure executables
TRUST'11 Proceedings of the 4th international conference on Trust and trustworthy computing
TPM-SIM: a framework for performance evaluation of trusted platform modules
Proceedings of the 48th Design Automation Conference
Cloaking malware with the trusted platform module
SEC'11 Proceedings of the 20th USENIX conference on Security
CODES+ISSS '11 Proceedings of the seventh IEEE/ACM/IFIP international conference on Hardware/software codesign and system synthesis
DriverGuard: a fine-grained protection on I/O flows
ESORICS'11 Proceedings of the 16th European conference on Research in computer security
SOSP '11 Proceedings of the Twenty-Third ACM Symposium on Operating Systems Principles
Logical attestation: an authorization architecture for trustworthy computing
SOSP '11 Proceedings of the Twenty-Third ACM Symposium on Operating Systems Principles
Scalable trust establishment with software reputation
Proceedings of the sixth ACM workshop on Scalable trusted computing
Client-based authentication technology: user-centric authentication using secure containers
Proceedings of the 7th ACM workshop on Digital identity management
Trusted platform-as-a-service: a foundation for trustworthy cloud-hosted applications
Proceedings of the 3rd ACM workshop on Cloud computing security workshop
Verifiable resource accounting for cloud computing services
Proceedings of the 3rd ACM workshop on Cloud computing security workshop
VIPER: verifying the integrity of PERipherals' firmware
Proceedings of the 18th ACM conference on Computer and communications security
Unicorn: two-factor attestation for data security
Proceedings of the 18th ACM conference on Computer and communications security
SICE: a hardware-level strongly isolated computing environment for x86 multi-core platforms
Proceedings of the 18th ACM conference on Computer and communications security
Practical delegation of computation using multiple servers
Proceedings of the 18th ACM conference on Computer and communications security
Ally: OS-Transparent Packet Inspection Using Sequestered Cores
Proceedings of the 2011 ACM/IEEE Seventh Symposium on Architectures for Networking and Communications Systems
YouProve: authenticity and fidelity in mobile sensing
Proceedings of the 9th ACM Conference on Embedded Networked Sensor Systems
Trust extension as a mechanism for secure code execution on commodity computers
Trust extension as a mechanism for secure code execution on commodity computers
Enabling secure VM-vTPM migration in private clouds
Proceedings of the 27th Annual Computer Security Applications Conference
Architectural support for hypervisor-secure virtualization
ASPLOS XVII Proceedings of the seventeenth international conference on Architectural Support for Programming Languages and Operating Systems
Trusted isolation environment: an attestation architecture with usage control model
ICICS'09 Proceedings of the 11th international conference on Information and Communications Security
Remote attestation on function execution (work-in-progress)
INTRUST'09 Proceedings of the First international conference on Trusted Systems
Modeling TCG-Based secure systems with colored petri nets
INTRUST'10 Proceedings of the Second international conference on Trusted Systems
Can hand-held computers still be better smart cards?
INTRUST'10 Proceedings of the Second international conference on Trusted Systems
On leveraging stochastic models for remote attestation
INTRUST'10 Proceedings of the Second international conference on Trusted Systems
acTvSM: a dynamic virtualization platform for enforcement of application integrity
INTRUST'10 Proceedings of the Second international conference on Trusted Systems
Trust extension for commodity computers
Communications of the ACM
Trusted language runtime (TLR): enabling trusted applications on smartphones
Proceedings of the 12th Workshop on Mobile Computing Systems and Applications
Sensor tricorder: what does that sensor know about me?
Proceedings of the 12th Workshop on Mobile Computing Systems and Applications
A sense of others: behavioral attestation of UNIX processes on remote platforms
Proceedings of the 6th International Conference on Ubiquitous Information Management and Communication
Towards statistical queries over distributed private user data
NSDI'12 Proceedings of the 9th USENIX conference on Networked Systems Design and Implementation
Plug-n-trust: practical trusted sensing for mhealth
Proceedings of the 10th international conference on Mobile systems, applications, and services
Software abstractions for trusted sensors
Proceedings of the 10th international conference on Mobile systems, applications, and services
A hijacker's guide to the LPC bus
EuroPKI'11 Proceedings of the 8th European conference on Public Key Infrastructures, Services, and Applications
Cloud terminal: secure access to sensitive applications from untrusted systems
USENIX ATC'12 Proceedings of the 2012 USENIX conference on Annual Technical Conference
INVISIOS: A Lightweight, Minimally Intrusive Secure Execution Environment
ACM Transactions on Embedded Computing Systems (TECS)
Recent developments in low-level software security
WISTP'12 Proceedings of the 6th IFIP WG 11.2 international conference on Information Security Theory and Practice: security, privacy and trust in computing systems and ambient intelligent ecosystems
Policy-sealed data: a new abstraction for building trusted cloud services
Security'12 Proceedings of the 21st USENIX conference on Security symposium
Lockdown: towards a safe and practical architecture for security applications on commodity platforms
TRUST'12 Proceedings of the 5th international conference on Trust and Trustworthy Computing
Lightweight distributed heterogeneous attested android clouds
TRUST'12 Proceedings of the 5th international conference on Trust and Trustworthy Computing
Verifying system integrity by proxy
TRUST'12 Proceedings of the 5th international conference on Trust and Trustworthy Computing
Virtualization based password protection against malware in untrusted operating systems
TRUST'12 Proceedings of the 5th international conference on Trust and Trustworthy Computing
Proceedings of the 2012 ACM conference on Computer and communications security
A software-hardware architecture for self-protecting data
Proceedings of the 2012 ACM conference on Computer and communications security
Using trustworthy host-based information in the network
Proceedings of the seventh ACM workshop on Scalable trusted computing
BottleCap: a credential manager for capability systems
Proceedings of the seventh ACM workshop on Scalable trusted computing
Pasture: secure offline data access using commodity trusted hardware
OSDI'12 Proceedings of the 10th USENIX conference on Operating Systems Design and Implementation
Trusted VM snapshots in untrusted cloud infrastructures
RAID'12 Proceedings of the 15th international conference on Research in Attacks, Intrusions, and Defenses
A hijacker's guide to communication interfaces of the trusted platform module
Computers & Mathematics with Applications
Splitting the bill for mobile data with SIMlets
Proceedings of the 14th Workshop on Mobile Computing Systems and Applications
Proceedings of the 7th International Conference on Ubiquitous Information Management and Communication
Iago attacks: why the system call API is a bad untrusted RPC interface
Proceedings of the eighteenth international conference on Architectural support for programming languages and operating systems
InkTag: secure applications on an untrusted operating system
Proceedings of the eighteenth international conference on Architectural support for programming languages and operating systems
Optimizing Storage Performance for VM-Based Mobile Computing
ACM Transactions on Computer Systems (TOCS)
Proceedings of the ACM International Conference on Computing Frontiers
CPU transparent protection of OS kernel and hypervisor integrity with programmable DRAM
Proceedings of the 40th Annual International Symposium on Computer Architecture
DriverGuard: Virtualization-Based Fine-Grained Protection on I/O Flows
ACM Transactions on Information and System Security (TISSEC)
Cloud computing security: The scientific challenge, and a survey of solutions
Journal of Systems and Software
AUTOCRYPT: enabling homomorphic computation on servers to protect sensitive web content
Proceedings of the 2013 ACM SIGSAC conference on Computer & communications security
OASIS: on achieving a sanctuary for integrity and secrecy on untrusted platforms
Proceedings of the 2013 ACM SIGSAC conference on Computer & communications security
An architecture for concurrent execution of secure environments in clouds
Proceedings of the 2013 ACM workshop on Cloud computing security workshop
MyCloud: supporting user-configured privacy protection in cloud computing
Proceedings of the 29th Annual Computer Security Applications Conference
Client-controlled cryptography-as-a-service in the cloud
ACNS'13 Proceedings of the 11th international conference on Applied Cryptography and Network Security
SEC'13 Proceedings of the 22nd USENIX conference on Security
Using ARM trustzone to build a trusted language runtime for mobile applications
Proceedings of the 19th international conference on Architectural support for programming languages and operating systems
Virtual ghost: protecting applications from hostile operating systems
Proceedings of the 19th international conference on Architectural support for programming languages and operating systems
VeriUI: attested login for mobile devices
Proceedings of the 15th Workshop on Mobile Computing Systems and Applications
Shroud: ensuring private access to large-scale data in the data center
FAST'13 Proceedings of the 11th USENIX conference on File and Storage Technologies
cTPM: a cloud TPM for cross-device trusted applications
NSDI'14 Proceedings of the 11th USENIX Conference on Networked Systems Design and Implementation
Hi-index | 0.02 |
We present Flicker, an infrastructure for executing security-sensitive code in complete isolation while trusting as few as 250 lines of additional code. Flicker can also provide meaningful, fine-grained attestation of the code executed (as well as its inputs and outputs) to a remote party. Flicker guarantees these properties even if the BIOS, OS and DMA-enabled devices are all malicious. Flicker leverages new commodity processors from AMD and Intel and does not require a new OS or VMM. We demonstrate a full implementation of Flicker on an AMD platform and describe our development environment for simplifying the construction of Flicker-enabled code.