Trust Extension as a Mechanism for Secure Code Execution on Commodity Computers

Trust Extension as a Mechanism for Secure Code Execution on Commodity Computers

Bryan Jeffrey Parno
ISBN: 9781627054775 | PDF ISBN: 9781627054782
Hardcover ISBN:9781627055451
Copyright © 2014 | 209 Pages | Publication Date: 06/01/2014

BEFORE YOU ORDER: You may have Academic or Corporate access to this title. Click here to find out: 10.1145/2611399

Published by the Association for Computing Machinery and Morgan & Claypool.

Ordering Options: Paperback $59.95   E-book $47.96   Paperback & E-book Combo $74.94
Hardcover $89.95   Hardcover & E-book Combo $112.44

Why pay full price? Members receive 15% off all orders.
Learn More Here

Read Our Digital Content License Agreement (pop-up)

Purchasing Options:

As society rushes to digitize sensitive information and services, it is imperative to adopt adequate security protections. However, such protections fundamentally conflict with the benefits we expect from commodity computers. In other words, consumers and businesses value commodity computers because they provide good performance and an abundance of features at relatively low costs. Meanwhile, attempts to build secure systems from the ground up typically abandon such goals, and hence are seldom adopted. In this book, I argue that we can resolve the tension between security and features by leveraging the trust a user has in one device to enable her to securely use another commodity device or service, without sacrificing the performance and features expected of commodity systems. At a high level, we support this premise by developing techniques to allow a user to employ a small, trusted, portable device to securely learn what code is executing on her local computer. Rather than entrusting her data to the mountain of buggy code likely running on her computer, we construct an on-demand secure execution environment which can perform security-sensitive tasks and handle private data in complete isolation from all other software (and most hardware) on the system. Meanwhile, non-security-sensitive software retains the same abundance of features and performance it enjoys today. Having established an environment for secure code execution on an individual computer, we then show how to extend trust in this environment to network elements in a secure and efficient manner. This allows us to reexamine the design of network protocols and defenses, since we can now execute code on endhosts and trust the results within the network. Lastly, we extend the user's trust one more step to encompass computations performed on a remote host (e.g., in the cloud). We design, analyze, and prove secure a protocol that allows a user to outsource arbitrary computations to commodity computers run by an untrusted remote party (or parties) who may subject the computers to both software and hardware attacks. Our protocol guarantees that the user can both verify that the results returned are indeed the correct results of the specified computations on the inputs provided, and protect the secrecy of both the inputs and outputs of the computations. These guarantees are provided in a non-interactive, asymptotically optimal (with respect to CPU and bandwidth) manner. Thus, extending a user's trust, via software, hardware, and cryptographic techniques, allows us to provide strong security protections for both local and remote computations on sensitive data, while still preserving the performance and features of commodity computers.

Table of Contents

Background and Related Work in Trust Establishment
Bootstrapping Trust in a Commodity Computer
On-Demand Secure Code Execution on Commodity Computers
Using Trustworthy Host-Based Information in the Network
Verifiable Computing: Secure Code Execution Despite Untrusted Software and Hardware

About the Author(s)

Bryan Jeffrey Parno, Microsoft Research
Bryan Parno works in the Security and Privacy Research Group at Microsoft Research. He completed his Ph.D. at Carnegie Mellon University under the supervision of Adrian Perrig, after receiving a Bachelor's degree from Harvard College. Dr. Parno's dissertation won the 2010 ACM Doctoral Dissertation Award.He has continued his work on verifiable computation, receiving a Best Paper Award at the IEEE Symposium on Security and Privacy for advances in that area. In 2011, he coauthored the book Bootstrapping Trust in Modern Computers. His work on security for new application models received a Best Practical Paper Award at the IEEE Symposium on Security and Privacy and a Best Paper Award at the USENIX Symposium on Networked Systems Design and Implementation. He has recently extended his interest in bootstrapping trust to the problem of building practical, formally verified secure systems. His other research interests include user authentication, secure network protocols, and security in constrained environments (e.g., RFID tags, sensor networks, and vehicles).

Browse by Subject
Case Studies in Engineering
ACM Books
SEM Books

0 items

Note: Registered customers go to: Your Account to subscribe.

E-Mail Address:

Your Name: