Flicker: Minimal TCB Code Execution proposes techniques using new features of CPUs from AMD and Intel to minimize the amount of code and hardware that must be trusted when performing security-sensitive tasks.

BitE is designed to protect user input from spyware, keyloggers, and other malware that may be present on a computing platform.

BIND can be used in distributed systems, reducing the verification load for the party verifying attestations, and strengthening load-time guarantees to include additional properties.

TrustVisor is desinged to provides code integrity as well as data integrity and secrecy for selected portions of an application.

Bump in the Ether (BitE)

User-space malware such as keyboard sniffers, spyware, and Trojans represent a significant threat to today's desktop computing environment. Users have little assurance that such malware cannot observe their input to a particular application. BitE is an approach for preventing malware from accessing sensitive user input and providing the user with additional confidence that her input is being processed as desired.

Rather than preventing malware from running or detecting already-running malware, we facilitate user input that bypasses common avenues of attack. User input traverses a trusted tunnel from the input device to the application. This trusted tunnel is implemented using a trusted user device working in tandem with a TCG-compliant host platform. The user device verifies the integrity of the host platform and application, provides a trusted display through which the user selects the application to which her inputs should be directed, and encrypts those inputs so that only the application can decrypt them.

Binding Instructions aNd Data (BIND)

Code attestation has recently received considerable attention in trusted computing. However, current code attestation technology is relatively immature. First, due to the great variability in software versions and configurations, verification of the hash is difficult. Second, the time-of-use and time-of-attestation discrepancy remains to be addressed, since the code may be correct at the time of the attestation, but it may be compromised by the time of use. The goal of BIND is to address these issues and make code attestation more usable in securing distributed systems. BIND offers the following properties:

1. BIND performs fine-grained attestation. Instead of attesting to the entire memory content, BIND attests only to the piece of code we are concerned about. This greatly simplifies verification.
2. BIND narrows the gap between time-of-attestation and time-of-use. BIND measures a piece of code immediately before it is executed and uses a sand-boxing mechanism to protect the execution of the attested code.
3. BIND ties the code attestation with the data that the code produces, such that we can pinpoint what code has been run to generate that data. In addition, by incorporating the verification of input data integrity into the attestation, BIND offers transitive integrity verification, i.e., through one signature, we can vouch for the entire chain of processes that have performed transformations over a piece of data.

TrustVisor

An important security challenge is to protect the execution of security-sensitive code on legacy systems from malware that may infect the OS, applications, or system devices. Prior work experienced a tradeoff between the level of security achieved and efficiency. In this work, we leverage the features of modern processors from AMD and Intel to overcome the tradeoff to simultaneously achieve a high level of security and high performance.

We present TrustVisor, a special-purpose hypervisor that provides code integrity as well as data integrity and secrecy for selected portions of an application. TrustVisor achieves a high level of security, first because it can protect sensitive code at a very fine granularity, and second because it has a very small code base (only around 6K lines of code) that makes verification feasible. TrustVisor can also attest the existence of isolated execution to an external entity. We have implemented TrustVisor to protect security-sensitive code blocks while imposing less than 7% overhead on the legacy OS and its applications in the common case.

Contact Us