Smart-Guard: Defending User Input from Malware

Michael Denzel, Alessandro Bruni, Mark Ryan

Publikation: Konference artikel i Proceeding eller bog/rapport kapitelKonferencebidrag i proceedingsForskningpeer review


Trusted input techniques can profoundly enhance
a variety of scenarios like online banking, electronic voting,
Virtual Private Networks, and even commands to a server
or Industrial Control System. To protect the system from
malware of the sender’s computer, input needs to be reliably
authenticated. Previous research in this field is based on fixed
assumptions about trustworthy components and is, thus, too
rigid for this use case.
We present Smart-Guard, a method to protect user input
into a system even if the attacker controls – to us unknown –
parts of the underlying system. Our approach ensures integrity
of user input even when up to two of three devices are
compromised; confidentiality holds for one malicious device.
In this way, Smart-Guard has flexible trust assumptions, and
does not require any particular part of the system to be trusted.
To prove our claims, we formally verified our protocol using
the state-of-the-art protocol verifier ProVerif. Additionally, we
define a new class of techniques, malware tolerance, which operate
securely even when the system is infected with malware.
Titel2016 Intl IEEE Conferences on Ubiquitous Intelligence & Computing, Advanced and Trusted Computing, Scalable Computing and Communications, Cloud and Big Data Computing, Internet of People, and Smart World Congress (UIC/ATC/ScalCom/CBDCom/IoP/SmartWorld)
Antal sider8
Publikationsdato8 aug. 2016
ISBN (Trykt)978-1-5090-2770-5
StatusUdgivet - 8 aug. 2016
BegivenhedThe 13th IEEE International Conference on Advanced and Trusted Computing: ATC 2016 - University Paul Sabatier of Toulouse, Toulouse, Frankrig
Varighed: 18 jul. 201621 jul. 2016
Konferencens nummer: 13


KonferenceThe 13th IEEE International Conference on Advanced and Trusted Computing
LokationUniversity Paul Sabatier of Toulouse


Dyk ned i forskningsemnerne om 'Smart-Guard: Defending User Input from Malware'. Sammen danner de et unikt fingeraftryk.