Securely Using Untrusted Terminals and Compromised Computers with Human-Verifiable Code Execution

Jason Franklin, Computer Science Department, CMU

Devices today do not provide primitives for human-verifiable code execution, leaving users with few assurances of correct code execution. Even upcoming hardware proposed by the Trusted Computing Group cannot provide users assurance of correct code execution.

We propose human-verifiable code execution as a basic primitive to allow users to ensure trustworthy code execution of security-sensitive applications. We present a hardware-based design and a software-based design as first steps toward human-verifiable code execution. We first show how to alter the hardware architecture of a device to provide human-verifiable properties. For legacy devices, we show how to achieve these properties through a purely software-based technique.

We demonstrate the utility of our software-based technique through a digital signature application that assures that the user's password-protected private key is not misused and that neither the private key nor the password are disclosed to malware on an untrusted device. We describe an implementation of this application on an XScale-based PDA, and demonstrate the viability of the approach with a user study.


16 Aug (Wednesday) at 1630 hrs

Gates 4B (opposite 490)