Integrating Flexible Support for Security Policies into the Linux Operating System
Proceedings of the FREENIX Track: 2001 USENIX Annual Technical Conference
Terra: a virtual machine-based platform for trusted computing
SOSP '03 Proceedings of the nineteenth ACM symposium on Operating systems principles
Nexus: a new operating system for trustworthy computing
Proceedings of the twentieth ACM symposium on Operating systems principles
Linking remote attestation to secure tunnel endpoints
Proceedings of the first ACM workshop on Scalable trusted computing
Design and implementation of a TCG-based integrity measurement architecture
SSYM'04 Proceedings of the 13th conference on USENIX Security Symposium - Volume 13
Hand-held computers can be better smart cards
SSYM'99 Proceedings of the 8th conference on USENIX Security Symposium - Volume 8
Why Johnny can't encrypt: a usability evaluation of PGP 5.0
SSYM'99 Proceedings of the 8th conference on USENIX Security Symposium - Volume 8
SecVisor: a tiny hypervisor to provide lifetime kernel code integrity for commodity OSes
Proceedings of twenty-first ACM SIGOPS symposium on Operating systems principles
Flicker: an execution infrastructure for tcb minimization
Proceedings of the 3rd ACM SIGOPS/EuroSys European Conference on Computer Systems 2008
OSLO: improving the security of trusted computing
SS'07 Proceedings of 16th USENIX Security Symposium on USENIX Security Symposium
Trustworthy and personalized computing on public kiosks
Proceedings of the 6th international conference on Mobile systems, applications, and services
TOCTOU, Traps, and Trusted Computing
Trust '08 Proceedings of the 1st international conference on Trusted Computing and Trust in Information Technologies: Trusted Computing - Challenges and Applications
seL4: formal verification of an OS kernel
Proceedings of the ACM SIGOPS 22nd symposium on Operating systems principles
TrustVisor: Efficient TCB Reduction and Attestation
SP '10 Proceedings of the 2010 IEEE Symposium on Security and Privacy
Bootstrapping Trust in Commodity Computers
SP '10 Proceedings of the 2010 IEEE Symposium on Security and Privacy
HyperSentry: enabling stealthy in-context measurement of hypervisor integrity
Proceedings of the 17th ACM conference on Computer and communications security
Survivable key compromise in software update systems
Proceedings of the 17th ACM conference on Computer and communications security
Kells: a protection framework for portable data
Proceedings of the 26th Annual Computer Security Applications Conference
Leveraging personal devices for stronger password authentication from untrusted computers
Journal of Computer Security
Reducing Unauthorized Modification of Digital Objects
IEEE Transactions on Software Engineering
Certified lies: detecting and defeating government interception attacks against SSL (short paper)
FC'11 Proceedings of the 15th international conference on Financial Cryptography and Data Security
Eternal sunshine of the spotless machine: protecting privacy with ephemeral channels
OSDI'12 Proceedings of the 10th USENIX conference on Operating Systems Design and Implementation
Deadbolt: locking down android disk encryption
Proceedings of the Third ACM workshop on Security and privacy in smartphones & mobile devices
| Hi-index | 0.00 |
Malware and phishing are two major threats for users seeking to perform security-sensitive tasks using computers today. To mitigate these threats, we introduce Unicorn, which combines the phishing protection of standard security tokens and malware protection of trusted computing hardware. The Unicorn security token holds user authentication credentials, but only releases them if it can verify an attestation that the user's computer is free of malware. In this way, the user is released from having to remember passwords, as well as having to decide when it is safe to use them. The user's computer is further verified by either a TPM or a remote server to produce a two-factor attestation scheme. We have implemented a Unicorn prototype using commodity software and hardware, and two Unicorn example applications (termed as uApps, short for Unicorn Applications), to secure access to both remote data services and encrypted local data. Each uApp consists of a small, hardened and immutable OS image, and a single application. Our Unicorn prototype co-exists with a regular user OS, and significantly reduces the time to switch between the secure environment and general purpose environment using a novel mechanism that removes the BIOS from the switch time.