End-to-end arguments in system design
ACM Transactions on Computer Systems (TOCS)
Is your computing environment secure?: security problems with interrupt handling mechanisms
ACM SIGOPS Operating Systems Review
A new model of security for distributed systems
NSPW '96 Proceedings of the 1996 workshop on New security paradigms
Reflection as a mechanism for software integrity verification
ACM Transactions on Information and System Security (TISSEC)
Secure sessions from weak secrets
Proceedings of the 11th international conference on Security Protocols
Secure sessions from weak secrets
Proceedings of the 11th international conference on Security Protocols
Trustworthiness and authentication in ubiquitous computing
Proceedings of the 10th ACM international symposium on Mobility management and wireless access
Hi-index | 4.10 |
Today's networked computer systems are very vulnerable to attack: Terminal software, like that used by the X Window System, is frequently passed across a network, and a trojan horse can easily be inserted while it is in transit. Many other software products, including operating systems, load parts of themselves from a server across a network. Although users may be confident that their workstation is physically secure, some part of the network to which they are attached almost certainly is not secure. Most proposals that recommend cryptographic means to protect remotely loaded software also eliminate the advantages of remote loading--for example, ease of reconfiguration, upgrade distribution, and maintenance. For this reason, they have largely been abandoned before finding their way into commercial products. This article shows that, contrary to intuition, it is no more difficult to protect a workstation that loads its software across an insecure network than to protect a stand-alone workstation. In contrast to prevailing practice, the authors make essential use of a collision-rich hash function to ensure that an exhaustive off- line search by the opponent will produce not one, but many candidate passwords. This strategy forces the opponent into an open, on-line guessing attack and offers the user a defensive strategy unavailable in the case of an off-line attack.