Virtualization based password protection against malware in untrusted operating systems

Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

Volumn 7344 LNCS, Issue , 2012, Pages 201-218

  Cheng, Yueqiang ^a   Ding, Xuhua ^a  

^a SINGAPORE MANAGEMENT UNIVERSITY   (Singapore)

Author keywords

[No Author keywords available]

Indexed keywords

FIREFOX; MALWARES; PASSWORD PROTECTION; PASSWORD-BASED AUTHENTICATION; PERFORMANCE LOSS; PROTECTION MECHANISMS; PROTECTION SYSTEMS; USER AUTHENTICATION; VIRTUALIZATIONS; WEB SERVERS;

VIRTUAL REALITY; WEB SERVICES;

AUTHENTICATION;

EID: 84863085822     PISSN: 03029743     EISSN: 16113349     Source Type: Book Series    
DOI: 10.1007/978-3-642-30921-2_12     Document Type: Conference Paper

References (30)

1. Barham, P., Dragovic, B., Fraser, K., Hand, S., Harris, T., Ho, A., Neugebauer, R., Pratt, I., Warfield, A.: Xen and the art of virtualization. In: SOSP 2003: Proceedings of the Nineteenth ACM Symposium on Operating Systems Principles, pp. 164-177. ACM, New York (2003)
2. Basili, V.R., Perricone, B.T.: Software errors and complexity: an empirical investigation. Commun. ACM 27, 42-52 (1984)
3. Bugiel, S., Dmitrienko, A., Kostiainen, K., Sadeghi, A.-R., Winandy, M.: TruWalletM: SecureWeb Authentication onMobile Platforms. In: Chen, L., Yung, M. (eds.) INTRUST 2010. LNCS, vol. 6802, pp. 219-236. Springer, Heidelberg (2011)
4. Chen, X., Garfinkel, T., Christopher Lewis, E., Subrahmanyam, P., Waldspurger, C.A., Boneh, D., Dwoskin, J., Ports, D.R.K.: Overshadow: A virtualization-based approach to retrofitting protection in commodity operating systems. In: Proceedings of the 13th International Conference on Architectural Support for Programming Languages and Operating Systems (ASPLOS 2008), Seattle, WA, USA (March 2008)
5. Cheng, Y., Ding, X., Deng, R.H.: DriverGuard: A Fine-Grained Protection on I/O Flows. In: Atluri, V., Diaz, C. (eds.) ESORICS 2011. LNCS, vol. 6879, pp. 227-244. Springer, Heidelberg (2011)
6. Cox, R.S., Hansen, J.G., Gribble, S.D., Levy, H.M.: A safety-oriented platform for web applications. In: Proceedings of IEEE Symposium on Security and Privacy (2006)
7. CVE-2008-0923 (2008), http://cve.mitre.org/cgi-bin/cvename.cgi-?name=cve- 2008-0923
8. Gajek, S., Löhr, H., Sadeghi, A.-R., Winandy, M.: Truwallet: trustworthy and migratable wallet-based web authentication. In: Proceedings of the 2009 ACM workshop on Scalable trusted computing, STC 2009, pp. 19-28. ACM, New York (2009)
9. Grier, C., Tang, S., King, S.: Secure web browsing with the OP web browser. In: Proceedings of IEEE Symposium on Security and Privacy (2008)
10. IBM. IBM VGA Technical Reference Manual, http://www.mca-mafia.de/pdf/ibm- vgaxga-trm2.pdf
11. King, S.T., Chen, P.M., Wang, Y.-M., Verbowski, C., Wang, H.J., Lorch, J.R.: Subvirt: Implementing malware with virtual machines. In: Proceedings of the 2006 IEEE Symposium on Security and Privacy, pp. 314-327. IEEE Computer Society, Washington, DC (2006)
12. Sawtooth Consulting Limited. CyaSSL Embedded SSL Library, http://www.yassl.com/yaSSL/Products-cyassl.html
13. McCune, J.M., Li, Y., Qu, N., Zhou, Z., Datta, A., Gligor, V., Perrig, A.: Trustvisor: Efficient tcb reduction and attestation. In: Proceedings of the 2010 IEEE Symposium on Security and Privacy, SP 2010, pp. 143-158. IEEE Computer Society, Washington, DC (2010)
14. McCune, J.M., Parno, B., Perrig, A., Reiter, M.K., Isozaki, H.: Flicker: An execution infrastructure for TCB minimization. In: EuroSys 2008 (2008)
15. McCune, J.M., Perrig, A., Reiter, M.K.: Bump in the ether: a framework for securing sensitive user input. In: Proceedings of the Annual Conference on USENIX 2006 Annual Technical Conference, p. 17. USENIX Association, Berkeley (2006)
16. McCune, J.M., Perrig, A., Reiter, M.K.: Safe passage for passwords and other sensitive data. In: Proceedings of the Symposium on Network and Distributed Systems Security (NDSS) (February 2009)
17. Microsoft. About the Windows Driver Kit (WDK), http://goo.gl/DfSRi
18. Murray, D.G., Milos, G., Hand, S.: Improving xen security through disaggregation. In: Proceedings of the Fourth ACM SIGPLAN/SIGOPS International Conference on Virtual Execution Environments, VEE 2008, pp. 151-160. ACM, New York (2008)
19. Oprea, A., Balfanz, D., Durfee, G., Smetters, D.K.: Securing a remote terminal application with a mobile trusted device. In: 20th Annual Computer Security Applications Conference, pp. 438-447. IEEE (2004)
20. Ostrand, T.J., Weyuker, E.J.: The distribution of faults in a large industrial software system. In: Proceedings of the 2002 ACM SIGSOFT International Symposium on Software Testing and Analysis, ISSTA 2002, pp. 55-64. ACM, New York (2002)
21. Rafal, W., Joanna, R., Alexander, T.: Xen 0wning trilogy (2008), http://invisible-thingslab.com/itl/Resources.html
22. Ross, B., Jackson, C., Miyake, N., Boneh, D., Mitchell, J.: Stronger password authentication using browser extensions. In: Proceedings of the 14th USENIX Security Symposium (2005)
23. Limited Sawtooth, Consulting. Ctaocrypt embedded cryptography library, http://www.yassh.com/yaSSL/Docs-CTaoCrypt-Usage-Reference.html
24. Seshadri, A., Luk, M., Qu, N., Perrig, A.: Secvisor: a tiny hypervisor to provide lifetime kernel code integrity for commodity oses. In: Proceedings of Twenty-First ACM SIGOPS Symposium on Operating Systems Principles, SOSP 2007, pp. 335-350. ACM, New York (2007)
25. Shinagawa, T., Eiraku, H., Tanimoto, K., Omote, K., Hasegawa, S., Horie, T., Hirano, M., Kourai, K., Oyama, Y., Kawai, E., Kono, K., Chiba, S., Shinjo, Y., Kato, K.: Bitvisor: a thin hypervisor for enforcing i/o device security. In: Proceedings of the 2009 ACM SIGPLAN/ SIGOPS International Conference on Virtual Execution Environments, VEE 2009, pp. 121-130. ACM, New York (2009)
26. Steinberg, U., Kauer, B.: Nova: a microhypervisor-based secure virtualization architecture. In: Proceedings of the 5th European Conference on Computer Systems, EuroSys 2010, pp. 209-222. ACM, New York (2010)
27. The Blue Pill, http://blackhat.com/presentations/bh-usa-06/BH-US-06- Rutkowska.pdf
28. Trusted Computing Group. TPM main specification. Main Specification Version 1.2 rev. 85 (February 2005)
29. Wu, M., Miller, R.C., Little, G.: Web wallet: Preventing phishing attacks by revealing user intentions. In: Proceedings of the Symposium on Usable Privacy and Security (SOUPS), pp. 102-113. ACM Press (2006)
30. Zaharia, M., Katti, S., Grier, C., Paxson, V., Shenker, S., Stoica, I., Song, D.: Hypervisors as a foothold for personal computer security: An agenda for the research community. Technical report (January 2012)