J. M. McCune, A. Perrig and M. K. Reiter
Citation
J. M. McCune, A. Perrig and M. K. Reiter. "Bump in the ether: A framework for securing sensitive user input". Proceedings of the 2006 USENIX Annual Technical Conference, 185-198, June, 2006.
Abstract
We present Bump in the Ether (BitE), an approach for preventing user-space malware from accessing sensitive user input and providing the user with additional confidence that her input is being delivered to the expected application. Rather than preventing malware from running or detecting already-running malware, we facilitate user input that bypasses common avenues of attack. User input traverses a trusted tunnel from the input device to the application. This trusted tunnel is implemented using a trusted mobile device working in tandem with a host platform capable of attesting to its current software state. Based on a received attestation, the mobile device verifies the integrity of the host platform and application, provides a trusted display through which the user selects the application to which her inputs should be directed, and encrypts those inputs so that only the expected application can decrypt them. We describe the design and implementation of BitE, with emphasis on both usability and security issues.
Electronic downloads
- http://www.ece.cmu.edu/~reiter/papers/2006/USENIX.pdf
- http://www.usenix.org/events/usenix06/tech/mccune.html. (USENIX site, includes mp3 of presentation.)
| Citation formats |
- HTML
J. M. McCune, A. Perrig and M. K. Reiter. <a href="http://www.truststc.org/pubs/103.html" >Bump in the ether: A framework for securing sensitive user input</a>, Proceedings of the 2006 USENIX Annual Technical Conference, 185-198, June, 2006.
- Plain text
J. M. McCune, A. Perrig and M. K. Reiter. "Bump in the ether: A framework for securing sensitive user input". Proceedings of the 2006 USENIX Annual Technical Conference, 185-198, June, 2006.
- BibTeX
@inproceedings{McCunePerrigReiter06_BumpInEtherFrameworkForSecuringSensitiveUserInput, author = {J. M. McCune, A. Perrig and M. K. Reiter}, title = {Bump in the ether: A framework for securing sensitive user input}, booktitle = {Proceedings of the 2006 USENIX Annual Technical Conference}, pages = {185-198}, month = {June}, year = {2006}, abstract = {We present Bump in the Ether (BitE), an approach for preventing user-space malware from accessing sensitive user input and providing the user with additional confidence that her input is being delivered to the expected application. Rather than preventing malware from running or detecting already-running malware, we facilitate user input that bypasses common avenues of attack. User input traverses a trusted tunnel from the input device to the application. This trusted tunnel is implemented using a trusted mobile device working in tandem with a host platform capable of attesting to its current software state. Based on a received attestation, the mobile device verifies the integrity of the host platform and application, provides a trusted display through which the user selects the application to which her inputs should be directed, and encrypts those inputs so that only the expected application can decrypt them. We describe the design and implementation of BitE, with emphasis on both usability and security issues.}, URL = {http://www.truststc.org/pubs/103.html} }
Posted by Michael Reiter on 6 Jun 2006.
For additional information, see the
Publications FAQ or
contact webmaster at www truststc org.
Notice: This material is presented to ensure timely dissemination of scholarly and technical work. Copyright and all rights therein are retained by authors or by other copyright holders. All persons copying this information are expected to adhere to the terms and constraints invoked by each author's copyright.