Communications of the ACM
Designing and implementing malicious hardware
LEET'08 Proceedings of the 1st Usenix Workshop on Large-Scale Exploits and Emergent Threats
Verifiable functional purity in java
Proceedings of the 15th ACM conference on Computer and communications security
Native Client: A Sandbox for Portable, Untrusted x86 Native Code
SP '09 Proceedings of the 2009 30th IEEE Symposium on Security and Privacy
SP '11 Proceedings of the 2011 IEEE Symposium on Security and Privacy
Defeating UCI: Building Stealthy and Malicious Hardware
SP '11 Proceedings of the 2011 IEEE Symposium on Security and Privacy
A Framework to Eliminate Backdoors from Response-Computable Authentication
SP '12 Proceedings of the 2012 IEEE Symposium on Security and Privacy
Hi-index | 0.00 |
We often rely on system components implemented by potentially untrusted parties. This implies the risk of backdoors, i.e., hidden mechanisms that elevate the privileges of an unauthenticated adversary or execute other malicious actions on certain triggers. Hardware backdoors have received some attention lately and we address in this paper the risk of software backdoors. We present a design approach for server applications that can --- under certain assumptions --- protect against software backdoors aiming at privilege escalation. We have implemented a proof-of-concept FTP server to demonstrate the practical feasibility of our approach.