Trust Extension As a Mechanism for Secure Code Execution on Commodity Computers.
Parno, Bryan Jeffrey.
2014
T14.5
Available Online

Linked e-resources

Linked Resource Online Access

Details

Title Trust Extension As a Mechanism for Secure Code Execution on Commodity Computers.
Author Parno, Bryan Jeffrey.
Edition 1st ed.
ISBN 9781627054799
9781627054775
Published New York : Association for Computing Machinery, 2014.
Copyright ©2014.
Language English
Description 1 online resource (209 pages).
Call Number T14.5
Dewey Decimal Classification 303.4/83
Summary As society rushes to digitize sensitive information and services, it is imperative to adopt adequate security protections. However, such protections fundamentally conflict with the benefits we expect from commodity computers. In other words, consumers and businesses value commodity computers because they provide good performance and an abundance of features at relatively low costs. Meanwhile, attempts to build secure systems from the ground up typically abandon such goals, and hence are seldom adopted. In this book, I argue that we can resolve the tension between security and features by leveraging the trust a user has in one device to enable her to securely use another commodity device or service, without sacrificing the performance and features expected of commodity systems. At a high level, we support this premise by developing techniques to allow a user to employ a small, trusted, portable device to securely learn what code is executing on her local computer. Rather than entrusting her data to the mountain of buggy code likely running on her computer, we construct an on-demand secure execution environment which can perform security-sensitive tasks and handle private data in complete isolation from all other software (and most hardware) on the system. Meanwhile, non-security-sensitive software retains the same abundance of features and performance it enjoys today. Having established an environment for secure code execution on an individual computer, we then show how to extend trust in this environment to network elements in a secure and efficient manner. This allows us to reexamine the design of network protocols and defenses, since we can now execute code on endhosts and trust the results within the network. Lastly, we extend the user's trust one more step to encompass computations performed on a remote host (e.g., in the cloud). We design,
analyze, and prove secure a protocol that allows a user to outsource arbitrary computations to commodity computers run by an untrusted remote party (or parties) who may subject the computers to both software and hardware attacks. Our protocol guarantees that the user can both verify that the results returned are indeed the correct results of the specified computations on the inputs provided, and protect the secrecy of both the inputs and outputs of the computations. These guarantees are provided in a non-interactive, asymptotically optimal (with respect to CPU and bandwidth) manner. Thus, extending a user's trust, via software, hardware, and cryptographic techniques, allows us to provide strong security protections for both local and remote computations on sensitive data, while still preserving the performance and features of commodity computers.
Note analyze, and prove secure a protocol that allows a user to outsource arbitrary computations to commodity computers run by an untrusted remote party (or parties) who may subject the computers to both software and hardware attacks. Our protocol guarantees that the user can both verify that the results returned are indeed the correct results of the specified computations on the inputs provided, and protect the secrecy of both the inputs and outputs of the computations. These guarantees are provided in a non-interactive, asymptotically optimal (with respect to CPU and bandwidth) manner. Thus, extending a user's trust, via software, hardware, and cryptographic techniques, allows us to provide strong security protections for both local and remote computations on sensitive data, while still preserving the performance and features of commodity computers.
Access Note Access limited to authorized users.
Source of Description Description based on publisher supplied metadata and other sources.
Series ACM Bks.
Available in Other Form Trust Extension As a Mechanism for Secure Code Execution on Commodity Computers
Linked Resources Online Access
Record Appears in Online Resources > Ebooks
All Resources
Intro
Contents
Preface
Introduction
Insecure Computers in a Hostile World
A Vision for a Better World
Overview: Building Up from a Firm Foundation
Bootstrapping Trust in a Commodity Computer
Securely Executing Code on a Commodity Computer
Leveraging Secure Code Execution to Improve Network Protocols
Secure Code Execution Despite Untrusted Software and Hardware
Summary of Contributions
Background and Related Work in Trust Establishment
What Do We Need to Know? Techniques for Recording Platform State
Can We Use Platform Information Locally?
Can We Use Platform Information Remotely?
How DoWe Make Sense of Platform State?
Roots of Trust
Validating the Process
Applications
Human Factors and Usability
Limitations
Additional Reading
Summary
Bootstrapping Trust in a Commodity Computer
Problem Definition
Potential Solutions
Preferred Solutions
Summary
On-Demand Secure Code Execution on Commodity Computers
Problem Definition
Flicker Architecture
Developer's Perspective
Flicker Applications
Performance Evaluation
Architectural Recommendations
Summary
Using Trustworthy Host-Based Information in the Network
Problem Definition
The Assayer Architecture
Potential Attacks
Case Studies
Implementation
Evaluation
Potential Objections
Summary
Verifiable Computing: Secure Code Execution Despite Untrusted Software and Hardware
Overview
Cryptographic Background
Problem Definition
An Efficient Verifiable-Computation Scheme with Input and Output Privacy
How to Handle CheatingWorkers
Summary
Conclusion
Bibliography
Author's Biography.

Browse Subjects

Show more subjects...

Statistics

from
to
Export