Efficient and timely mutual authentication
ACM SIGOPS Operating Systems Review
Zero knowledge proofs of identity
STOC '87 Proceedings of the nineteenth annual ACM symposium on Theory of computing
How to prove yourself: practical solutions to identification and signature problems
Proceedings on Advances in cryptology---CRYPTO '86
Communications of the ACM
Using encryption for authentication in large networks of computers
Communications of the ACM
Silicon physical random functions
Proceedings of the 9th ACM conference on Computer and communications security
Towards a Theory of Insider Threat Assessment
DSN '05 Proceedings of the 2005 International Conference on Dependable Systems and Networks
Establishing and protecting digital identity in federation systems
Proceedings of the 2005 workshop on Digital identity management
GEO-RBAC: A spatially aware RBAC
ACM Transactions on Information and System Security (TISSEC)
Physical unclonable functions for device authentication and secret key generation
Proceedings of the 44th annual Design Automation Conference
Secure roaming with identity metasystems
Proceedings of the 7th symposium on Identity and trust on the Internet
Context-aware role-based access control in pervasive computing systems
Proceedings of the 13th ACM symposium on Access control models and technologies
Binding software to specific native hardware in a VM environment: the puf challenge and opportunity
Proceedings of the 1st ACM workshop on Virtual machine security
AEGIS: A single-chip secure processor
Information Security Tech. Report
STARBAC: spatiotemporal role based access control
OTM'07 Proceedings of the 2007 OTM confederated international conference on On the move to meaningful internet systems: CoopIS, DOA, ODBASE, GADA, and IS - Volume Part II
Physical-layer identification of RFID devices
SSYM'09 Proceedings of the 18th conference on USENIX security symposium
PUF ROKs: generating read-once keys from physically unclonable functions
Proceedings of the Sixth Annual Workshop on Cyber Security and Information Intelligence Research
PUF ROKs: a hardware approach to read-once keys
Proceedings of the 6th ACM Symposium on Information, Computer and Communications Security
Hi-index | 0.00 |
Modern computer systems permit users to access protected information from remote locations. In certain secure environments, it would be desirable to restrict this access to a particular computer or set of computers. Existing solutions of machine-level authentication are undesirable for two reasons. First, they do not allow fine-grained application layer access decisions. Second, they are vulnerable to insider attacks in which a trusted administrator acts maliciously. In this work, we describe a novel approach using secure hardware that solves these problems. In our design, multiple administrators are required for installation of a system. After installation, the authentication privileges are physically linked to that machine, and no administrator can bypass these controls. We define an administrative model and detail the requirements for an authentication protocol to be compatible with our methodology. Our design presents some challenges for large-scale systems, in addition to the benefit of reduced maintenance.