Team for Research in
Ubiquitous Secure Technology

Bootstrapping Trust in Commodity Computers
Bryan Parno, Jonathan M. McCune, Adrian Perrig

Citation
Bryan Parno, Jonathan M. McCune, Adrian Perrig. "Bootstrapping Trust in Commodity Computers". Proceedings of IEEE Symposium on Security and Privacy, May, 2010.

Abstract
Trusting a computer for a security-sensitive task (such as checking email or banking online) requires the user to know something about the computer's state. We examine research on securely capturing a computer's state, and consider the utility of this information both for improving security on the local computer (e.g., to convince the user that her computer is not infected with malware) and for communicating a remote computer's state (e.g., to enable the user to check that a web server will adequately protect her data). Although the recent ``Trusted Computing'' initiative has drawn both positive and negative attention to this area, we consider the older and broader topic of bootstrapping trust in a computer. We cover issues ranging from the wide collection of secure hardware that can serve as a foundation for trust, to the usability issues that arise when trying to convey computer state information to humans. This approach unifies disparate research efforts and highlights opportunities for additional work that can guide real-world improvements in computer security.

Electronic downloads

Citation formats  
  • HTML
    Bryan Parno, Jonathan M. McCune, Adrian Perrig. <a
    href="http://www.truststc.org/pubs/655.html"
    >Bootstrapping Trust in Commodity Computers</a>,
    Proceedings of IEEE Symposium on Security and Privacy, May,
    2010.
  • Plain text
    Bryan Parno, Jonathan M. McCune, Adrian Perrig.
    "Bootstrapping Trust in Commodity Computers".
    Proceedings of IEEE Symposium on Security and Privacy, May,
    2010.
  • BibTeX
    @inproceedings{ParnoMcCunePerrig10_BootstrappingTrustInCommodityComputers,
        author = {Bryan Parno and Jonathan M. McCune and Adrian
                  Perrig},
        title = {Bootstrapping Trust in Commodity Computers},
        booktitle = {Proceedings of IEEE Symposium on Security and
                  Privacy},
        month = {May},
        year = {2010},
        abstract = {Trusting a computer for a security-sensitive task
                  (such as checking email or banking online)
                  requires the user to know something about the
                  computer's state. We examine research on securely
                  capturing a computer's state, and consider the
                  utility of this information both for improving
                  security on the local computer (e.g., to convince
                  the user that her computer is not infected with
                  malware) and for communicating a remote computer's
                  state (e.g., to enable the user to check that a
                  web server will adequately protect her data).
                  Although the recent ``Trusted Computing''
                  initiative has drawn both positive and negative
                  attention to this area, we consider the older and
                  broader topic of bootstrapping trust in a
                  computer. We cover issues ranging from the wide
                  collection of secure hardware that can serve as a
                  foundation for trust, to the usability issues that
                  arise when trying to convey computer state
                  information to humans. This approach unifies
                  disparate research efforts and highlights
                  opportunities for additional work that can guide
                  real-world improvements in computer security.},
        URL = {http://www.truststc.org/pubs/655.html}
    }
    

Posted by Adrian Perrig on 28 Mar 2010.
For additional information, see the Publications FAQ or contact webmaster at www truststc org.

Notice: This material is presented to ensure timely dissemination of scholarly and technical work. Copyright and all rights therein are retained by authors or by other copyright holders. All persons copying this information are expected to adhere to the terms and constraints invoked by each author's copyright.