Title :
Building Verifiable Trusted Path on Commodity x86 Computers
Author :
Zongwei Zhou ; Gligor, Virgil D. ; Newsome, J. ; McCune, J.M.
Author_Institution :
ECE Dept. & CyLab, Carnegie Mellon Univ., Pittsburgh, PA, USA
Abstract :
A trusted path is a protected channel that assures the secrecy and authenticity of data transfers between a user´s input/output (I/O) device and a program trusted by that user. We argue that, despite its incontestable necessity, current commodity systems do not support trusted path with any significant assurance. This paper presents a hyper visor-based design that enables a trusted path to bypass an untrusted operating-system, applications, and I/O devices, with a minimal Trusted Computing Base (TCB). We also suggest concrete I/O architectural changes that will simplify future trusted-path system design. Our system enables users to verify the states and configurations of one or more trusted-paths using a simple, secret less, hand-held device. We implement a simple user-oriented trusted path as a case study.
Keywords :
input-output programs; trusted computing; workstation clusters; TCB; commodity systems; commodity x86 computers; data authenticity; data secrecy; hyper visor-based design; input/output (I/O) device; trusted computing base; user-oriented trusted path; verifiable trusted path; Aerospace electronics; Computers; Hardware; Performance evaluation; Registers; Security; Virtual machine monitors; Device Input/Output; Hypervisor; Isolation; Trusted Path; Trustworthy Computing;
Conference_Titel :
Security and Privacy (SP), 2012 IEEE Symposium on
Conference_Location :
San Francisco, CA
Print_ISBN :
978-1-4673-1244-8
Electronic_ISBN :
1081-6011
