Spy

A method to secure clients for network services

R. J. Lipton, S. Rajagopalan, D. N. Serpanos

Research output: Chapter in Book/Report/Conference proceedingConference contribution

5 Citations (Scopus)

Abstract

A fundamental problem in security is guaranteeing correct program behavior on an untrusted computer regardless of a user's actions. The problem appears in digital rights management, secure boot, e-appliances, etc. All existing approaches are either partial or unreliable. Today, dependable security is necessary not only for e-commerce, but also to ensure that, under critical conditions of information warfare, remote clients behave predictably and securely, and cannot compromise the infrastructure. We prove that the problem of correct program execution is unsolvable without adoption of a trusted hardware platform. Since it is impractical to consider as trusted a complex computer system, we identify the minimal hardware support that enables a complete solution. We propose two simple hardware mechanisms which require minimal change to the currently popular PC architecture: (i) the use of a trusted "sealed" computing device, the "spy", and (ii) a hardware interrupt, called "two minute warning", which has the highest priority and has a pre-defined time difference from any subsequent interrupt. Finally, we incrementally build upon this minimal hardware support larger and more complex applications with guaranteed security. We call this construction the inverse security pyramid.

Original languageEnglish
Title of host publicationProceedings - 22nd International Conference on Distributed Computing Systems Workshops, ICDCSW 2002
PublisherInstitute of Electrical and Electronics Engineers Inc.
Pages23-28
Number of pages6
Volume2002-January
ISBN (Electronic)0769515886
DOIs
Publication statusPublished - 2002
Externally publishedYes
Event22nd International Conference on Distributed Computing Systems Workshops, ICDCSW 2002 - Vienna, Austria
Duration: 2 Jul 20025 Jul 2002

Other

Other22nd International Conference on Distributed Computing Systems Workshops, ICDCSW 2002
CountryAustria
CityVienna
Period2/7/025/7/02

Fingerprint

Hardware
Military operations
Computer hardware
Computer systems

Keywords

  • anti-piracy
  • content
  • digital rights management
  • intellectual property
  • inverse security pyramid
  • protection
  • smart cards
  • software
  • spy
  • two-minute warning

ASJC Scopus subject areas

  • Computer Networks and Communications
  • Hardware and Architecture
  • Software

Cite this

Lipton, R. J., Rajagopalan, S., & Serpanos, D. N. (2002). Spy: A method to secure clients for network services. In Proceedings - 22nd International Conference on Distributed Computing Systems Workshops, ICDCSW 2002 (Vol. 2002-January, pp. 23-28). [1030743] Institute of Electrical and Electronics Engineers Inc.. https://doi.org/10.1109/ICDCSW.2002.1030743

Spy : A method to secure clients for network services. / Lipton, R. J.; Rajagopalan, S.; Serpanos, D. N.

Proceedings - 22nd International Conference on Distributed Computing Systems Workshops, ICDCSW 2002. Vol. 2002-January Institute of Electrical and Electronics Engineers Inc., 2002. p. 23-28 1030743.

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Lipton, RJ, Rajagopalan, S & Serpanos, DN 2002, Spy: A method to secure clients for network services. in Proceedings - 22nd International Conference on Distributed Computing Systems Workshops, ICDCSW 2002. vol. 2002-January, 1030743, Institute of Electrical and Electronics Engineers Inc., pp. 23-28, 22nd International Conference on Distributed Computing Systems Workshops, ICDCSW 2002, Vienna, Austria, 2/7/02. https://doi.org/10.1109/ICDCSW.2002.1030743
Lipton RJ, Rajagopalan S, Serpanos DN. Spy: A method to secure clients for network services. In Proceedings - 22nd International Conference on Distributed Computing Systems Workshops, ICDCSW 2002. Vol. 2002-January. Institute of Electrical and Electronics Engineers Inc. 2002. p. 23-28. 1030743 https://doi.org/10.1109/ICDCSW.2002.1030743
Lipton, R. J. ; Rajagopalan, S. ; Serpanos, D. N. / Spy : A method to secure clients for network services. Proceedings - 22nd International Conference on Distributed Computing Systems Workshops, ICDCSW 2002. Vol. 2002-January Institute of Electrical and Electronics Engineers Inc., 2002. pp. 23-28
@inproceedings{84deda4cd9ed450ca593f669836a3c25,
title = "Spy: A method to secure clients for network services",
abstract = "A fundamental problem in security is guaranteeing correct program behavior on an untrusted computer regardless of a user's actions. The problem appears in digital rights management, secure boot, e-appliances, etc. All existing approaches are either partial or unreliable. Today, dependable security is necessary not only for e-commerce, but also to ensure that, under critical conditions of information warfare, remote clients behave predictably and securely, and cannot compromise the infrastructure. We prove that the problem of correct program execution is unsolvable without adoption of a trusted hardware platform. Since it is impractical to consider as trusted a complex computer system, we identify the minimal hardware support that enables a complete solution. We propose two simple hardware mechanisms which require minimal change to the currently popular PC architecture: (i) the use of a trusted {"}sealed{"} computing device, the {"}spy{"}, and (ii) a hardware interrupt, called {"}two minute warning{"}, which has the highest priority and has a pre-defined time difference from any subsequent interrupt. Finally, we incrementally build upon this minimal hardware support larger and more complex applications with guaranteed security. We call this construction the inverse security pyramid.",
keywords = "anti-piracy, content, digital rights management, intellectual property, inverse security pyramid, protection, smart cards, software, spy, two-minute warning",
author = "Lipton, {R. J.} and S. Rajagopalan and Serpanos, {D. N.}",
year = "2002",
doi = "10.1109/ICDCSW.2002.1030743",
language = "English",
volume = "2002-January",
pages = "23--28",
booktitle = "Proceedings - 22nd International Conference on Distributed Computing Systems Workshops, ICDCSW 2002",
publisher = "Institute of Electrical and Electronics Engineers Inc.",

}

TY - GEN

T1 - Spy

T2 - A method to secure clients for network services

AU - Lipton, R. J.

AU - Rajagopalan, S.

AU - Serpanos, D. N.

PY - 2002

Y1 - 2002

N2 - A fundamental problem in security is guaranteeing correct program behavior on an untrusted computer regardless of a user's actions. The problem appears in digital rights management, secure boot, e-appliances, etc. All existing approaches are either partial or unreliable. Today, dependable security is necessary not only for e-commerce, but also to ensure that, under critical conditions of information warfare, remote clients behave predictably and securely, and cannot compromise the infrastructure. We prove that the problem of correct program execution is unsolvable without adoption of a trusted hardware platform. Since it is impractical to consider as trusted a complex computer system, we identify the minimal hardware support that enables a complete solution. We propose two simple hardware mechanisms which require minimal change to the currently popular PC architecture: (i) the use of a trusted "sealed" computing device, the "spy", and (ii) a hardware interrupt, called "two minute warning", which has the highest priority and has a pre-defined time difference from any subsequent interrupt. Finally, we incrementally build upon this minimal hardware support larger and more complex applications with guaranteed security. We call this construction the inverse security pyramid.

AB - A fundamental problem in security is guaranteeing correct program behavior on an untrusted computer regardless of a user's actions. The problem appears in digital rights management, secure boot, e-appliances, etc. All existing approaches are either partial or unreliable. Today, dependable security is necessary not only for e-commerce, but also to ensure that, under critical conditions of information warfare, remote clients behave predictably and securely, and cannot compromise the infrastructure. We prove that the problem of correct program execution is unsolvable without adoption of a trusted hardware platform. Since it is impractical to consider as trusted a complex computer system, we identify the minimal hardware support that enables a complete solution. We propose two simple hardware mechanisms which require minimal change to the currently popular PC architecture: (i) the use of a trusted "sealed" computing device, the "spy", and (ii) a hardware interrupt, called "two minute warning", which has the highest priority and has a pre-defined time difference from any subsequent interrupt. Finally, we incrementally build upon this minimal hardware support larger and more complex applications with guaranteed security. We call this construction the inverse security pyramid.

KW - anti-piracy

KW - content

KW - digital rights management

KW - intellectual property

KW - inverse security pyramid

KW - protection

KW - smart cards

KW - software

KW - spy

KW - two-minute warning

UR - http://www.scopus.com/inward/record.url?scp=84994341287&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=84994341287&partnerID=8YFLogxK

U2 - 10.1109/ICDCSW.2002.1030743

DO - 10.1109/ICDCSW.2002.1030743

M3 - Conference contribution

VL - 2002-January

SP - 23

EP - 28

BT - Proceedings - 22nd International Conference on Distributed Computing Systems Workshops, ICDCSW 2002

PB - Institute of Electrical and Electronics Engineers Inc.

ER -