ISBN:
9781627054799
Language:
English
Pages:
1 online resource (209 pages)
Series Statement:
ACM Bks.
Parallel Title:
Erscheint auch als
DDC:
303.4/83
Keywords:
Computers and civilization
;
Information technology -- Social aspects
;
Technology -- Social aspects
;
Computers and civilization..
;
Information technology ; Social aspects..
;
Technology ; Social aspects
;
Electronic books
Abstract:
As society rushes to digitize sensitive information and services, it is imperative to adopt adequate security protections. However, such protections fundamentally conflict with the benefits we expect from commodity computers. In other words, consumers and businesses value commodity computers because they provide good performance and an abundance of features at relatively low costs. Meanwhile, attempts to build secure systems from the ground up typically abandon such goals, and hence are seldomadopted.In this book, I argue that we can resolve the tension between security and features by leveraging the trust a user has in one device to enable her to securely use another commodity device or service, without sacrificing the performance and features expected of commodity systems. At a high level, we support this premise by developing techniques to allow a user to employ a small, trusted, portable device to securely learn what code is executing on her local computer. Rather than entrusting her data to the mountain of buggy code likely running on her computer, we construct an on-demand secure execution environment which can perform security-sensitive tasks and handle private data in complete isolation from all other software (and most hardware) on the system. Meanwhile, non-security-sensitive software retains the same abundance of features and performance it enjoys today.Having established an environment for secure code execution on an individual computer, we then show how to extend trust in this environment to network elements in a secure and efficient manner. This allows us to reexamine the design of network protocols and defenses, since we can now execute code on endhosts and trust the results within the network. Lastly, we extend the user's trust one more step to encompass computations performed on a remote host (e.g., in the cloud). We design,
Abstract:
Intro -- Contents -- Preface -- Introduction -- Insecure Computers in a Hostile World -- A Vision for a Better World -- Overview: Building Up from a Firm Foundation -- Bootstrapping Trust in a Commodity Computer -- Securely Executing Code on a Commodity Computer -- Leveraging Secure Code Execution to Improve Network Protocols -- Secure Code Execution Despite Untrusted Software and Hardware -- Summary of Contributions -- Background and Related Work in Trust Establishment -- What Do We Need to Know? Techniques for Recording Platform State -- Can We Use Platform Information Locally? -- Can We Use Platform Information Remotely? -- How DoWe Make Sense of Platform State? -- Roots of Trust -- Validating the Process -- Applications -- Human Factors and Usability -- Limitations -- Additional Reading -- Summary -- Bootstrapping Trust in a Commodity Computer -- Problem Definition -- Potential Solutions -- Preferred Solutions -- Summary -- On-Demand Secure Code Execution on Commodity Computers -- Problem Definition -- Flicker Architecture -- Developer's Perspective -- Flicker Applications -- Performance Evaluation -- Architectural Recommendations -- Summary -- Using Trustworthy Host-Based Information in the Network -- Problem Definition -- The Assayer Architecture -- Potential Attacks -- Case Studies -- Implementation -- Evaluation -- Potential Objections -- Summary -- Verifiable Computing: Secure Code Execution Despite Untrusted Software and Hardware -- Overview -- Cryptographic Background -- Problem Definition -- An Efficient Verifiable-Computation Scheme with Input and Output Privacy -- How to Handle CheatingWorkers -- Summary -- Conclusion -- Bibliography -- Author's Biography.
Note:
Description based on publisher supplied metadata and other sources
Permalink
