Spy: A method to secure clients for network services

R. J. Lipton, S. Rajagopalan, D. N. Serpanos

Research output: Chapter in Book/Report/Conference proceedingConference contribution

5 Citations (Scopus)

Abstract

A fundamental problem in security is guaranteeing correct program behavior on an untrusted computer regardless of a user's actions. The problem appears in digital rights management, secure boot, e-appliances, etc. All existing approaches are either partial or unreliable. Today, dependable security is necessary not only for e-commerce, but also to ensure that, under critical conditions of information warfare, remote clients behave predictably and securely, and cannot compromise the infrastructure. We prove that the problem of correct program execution is unsolvable without adoption of a trusted hardware platform. Since it is impractical to consider as trusted a complex computer system, we identify the minimal hardware support that enables a complete solution. We propose two simple hardware mechanisms which require minimal change to the currently popular PC architecture: (i) the use of a trusted "sealed" computing device, the "spy", and (ii) a hardware interrupt, called "two minute warning", which has the highest priority and has a pre-defined time difference from any subsequent interrupt. Finally, we incrementally build upon this minimal hardware support larger and more complex applications with guaranteed security. We call this construction the inverse security pyramid.

Original languageEnglish
Title of host publicationProceedings - 22nd International Conference on Distributed Computing Systems Workshops, ICDCSW 2002
PublisherInstitute of Electrical and Electronics Engineers Inc.
Pages23-28
Number of pages6
Volume2002-January
ISBN (Electronic)0769515886
DOIs
Publication statusPublished - 2002
Externally publishedYes
Event22nd International Conference on Distributed Computing Systems Workshops, ICDCSW 2002 - Vienna, Austria
Duration: 2 Jul 20025 Jul 2002

Other

Other22nd International Conference on Distributed Computing Systems Workshops, ICDCSW 2002
CountryAustria
CityVienna
Period2/7/025/7/02

    Fingerprint

Keywords

  • anti-piracy
  • content
  • digital rights management
  • intellectual property
  • inverse security pyramid
  • protection
  • smart cards
  • software
  • spy
  • two-minute warning

ASJC Scopus subject areas

  • Computer Networks and Communications
  • Hardware and Architecture
  • Software

Cite this

Lipton, R. J., Rajagopalan, S., & Serpanos, D. N. (2002). Spy: A method to secure clients for network services. In Proceedings - 22nd International Conference on Distributed Computing Systems Workshops, ICDCSW 2002 (Vol. 2002-January, pp. 23-28). [1030743] Institute of Electrical and Electronics Engineers Inc.. https://doi.org/10.1109/ICDCSW.2002.1030743