2,014 research outputs found
Device-Based Isolation for Securing Cryptographic Keys
In this work, we describe an eective device-based isolation
approach for achieving data security. Device-based isolation
leverages the proliferation of personal computing devices to
provide strong run-time guarantees for the condentiality of
secrets. To demonstrate our isolation approach, we show its
use in protecting the secrecy of highly sensitive data that
is crucial to security operations, such as cryptographic keys
used for decrypting ciphertext or signing digital signatures.
Private key is usually encrypted when not used, however,
when being used, the plaintext key is loaded into the memory
of the host for access. In our threat model, the host may
be compromised by attackers, and thus the condentiality of
the host memory cannot be preserved. We present a novel
and practical solution and its prototype called DataGuard to
protect the secrecy of the highly sensitive data through the
storage isolation and secure tunneling enabled by a mobile
handheld device. DataGuard can be deployed for the key
protection of individuals or organizations
Using Technology Enabled Qualitative Research to Develop Products for the Social Good, An Overview
This paper discusses the potential benefits of the convergence of three recent trends for the design of socially beneficial products and services: the increasing application of qualitative research techniques in a wide range of disciplines, the rapid mainstreaming of social media and mobile technologies, and the emergence of software as a service. Presented is a scenario facilitating the complex data collection, analysis, storage, and reporting required for the qualitative research recommended for the task of designing relevant solutions to address needs of the underserved. A pilot study is used as a basis for describing the infrastructure and services required to realize this scenario. Implications for innovation of enhanced forms of qualitative research are presented
Distributed architecture to enhance systems protection against unauthorized activity via USB devices
Cyberattacks exploiting Universal Serial Bus (USB) interfaces may have a high impact on individual and corporate systems. The BadUSB is an attack where a USB device’s firmware is spoofed and, once mounted, allows attackers to execute a set of malicious actions in a target system. The countermeasures against this type of attack can be grouped into two strategies: phyiscal blocking of USB ports and software blocking. This paper proposes a distributed architecture that uses software blocking to enhance system protection against BadUSB attacks. This architecture is composed of multiple agents and external databases, and it is designed for personal or corporate computers using Microsoft Windows Operating System. When a USB device is connected, the agent inspects the device, provides filtered information about its functionality and presents a threat assessment to the user, based on all previous user choices stored in external databases. By providing valuable information to the user, and also threat assessments from multiple users, the proposed distributed architecture improves system protection
SGXIO: Generic Trusted I/O Path for Intel SGX
Application security traditionally strongly relies upon security of the
underlying operating system. However, operating systems often fall victim to
software attacks, compromising security of applications as well. To overcome
this dependency, Intel introduced SGX, which allows to protect application code
against a subverted or malicious OS by running it in a hardware-protected
enclave. However, SGX lacks support for generic trusted I/O paths to protect
user input and output between enclaves and I/O devices.
This work presents SGXIO, a generic trusted path architecture for SGX,
allowing user applications to run securely on top of an untrusted OS, while at
the same time supporting trusted paths to generic I/O devices. To achieve this,
SGXIO combines the benefits of SGX's easy programming model with traditional
hypervisor-based trusted path architectures. Moreover, SGXIO can tweak insecure
debug enclaves to behave like secure production enclaves. SGXIO surpasses
traditional use cases in cloud computing and makes SGX technology usable for
protecting user-centric, local applications against kernel-level keyloggers and
likewise. It is compatible to unmodified operating systems and works on a
modern commodity notebook out of the box. Hence, SGXIO is particularly
promising for the broad x86 community to which SGX is readily available.Comment: To appear in CODASPY'1
Virtualization based password protection against malware in untrusted operating systems
Ministry of Education, Singapore under its Academic Research Funding Tier
- …