Securing Pocket Hard Drives
|
The availability of inexpensive portable storage devices has made it easier for users to carry data and programs with them and borrow computing platforms when needed. This article focuses on portable storage-based personalization, in which users boot the borrowed PC from their portable storage devices. It analyzes this model's security implications and present a scheme to protect the portable storage device from untrusted platforms. The protection scheme includes running tests stored on the portable storage device to assess the borrowed platform's integrity and ensuring that these tests execute without tampering. This article is part of a special issue on security and privacy.
[1] 18 R. Caceres et al., "Reincarnating PCs with Portable Soulpads," Proc. 3rd Int'l Conf. Mobile Systems, Applications and Services (Mobisys 05), ACM Press, 2005, pp. 65–78.
[2] N.L. Petroni Jr. et al., "Copilot—A Coprocessor-Based Kernel Runtime Integrity Monitor," Proc. 13th Security Symp., Usenix, 2004, pp. 179–194.
[3] R. Lemos, "Researchers: Rootkits Headed for Bios," SecurityFocus,26 Jan. 2006, www.securityfocus.com/news11372.
[4] S.T. King et al., "SubVirt: Implementing Malware with Virtual Machine," Proc. 2006 Symp. Security and Privacy, 2006; DOI: 10.11091SP.2006.38.
[5] C.S. Collberg, C.D. Thomborson, and D. Low, "Breaking Abstractions and Unstructuring Data Structures," Proc. Int'l Conf. Computer Languages, IEEE CS Press, 1998, pp. 28–38.
[6] S. Bhatkar, D. DuVarney, and R. Sekar, "Address Obfuscation: An Efficient Approach to Combat a Broad Range of Memory Error Exploits," Proc. 12th Usenix Security Symp., Usenix, 2003, pp. 105–120.
[7] T. Garfinkel et al., "Compatibility Is Not Transparency: VMM Detection Myths and Realities," Proc. 11th Workshop Hot Topics in Operating Systems, Usenix, 2007; www.usenix.org/events/hotos07tech.
[8] J. Robin and C. Irvine, "Analysis of the Intel Pentium's Ability to Support a Secure Virtual Machine Monitor," Proc. 9th Usenix Security Symp., Usenix, 2000, pp. 129–144.
[9] J. Franklin et al., "Towards Sound Detection of Virtual Machines," to be published in Botnet Detection, Springer, 2007.
[1] S. Garriss et al., "Towards Trustworthy Kiosk Computing," to be published in Proc. 8th IEEE Workshop Mobile Computing Systems and Applications (HotMobile 07), IEEE Press, 2007.
[2] A. Surie et al., Rapid Trust Establishment for Transient Use of Unmanaged Hardware, tech. report CMU-CS-06-176, School of Computer Science, Carnegie Mellon Univ., 2006.
[3] W. Arbaugh, D. Farber, and J. Smith, "A Secure and Reliable Bootstrap Architecture," Proc. IEEE Symp. Security and Privacy, IEEE Press, 1997, pp. 65–71.
[4] N.L. Petroni Jr. et al., "Copilot—A Coprocessor-Based Kernel Runtime Integrity Monitor," Proc. 13th Usenix Security Symp., Usenix, 2004, pp. 179–194.
[5] R. Kennell and L.H. Jamieson, "Establishing the Genuinity of Remote Computer Systems," Proc. 12th Usenix Security Symp., Usenix, 2003, p. 21.
[6] A. Seshadri et al., "Swatt: Software-Based Attestation for Embedded Devices," Proc. IEEE Symp. Security and Privacy, IEEE Press, 2004, pp. 272–282.
[7] A. Seshadri et al., "Pioneer: Verifying Code Integrity and Enforcing Untampered Code Execution on Legacy Systems," Proc. 10th ACM Symp. Operating Systems Principles (SOSP 05), ACM Press, 2005, pp. 1–16.
Index Terms:
security, mobile computing, portable storage device
Citation:
Nishkam Ravi, Chandra Narayanaswami, Mandayam Raghunath, Marcel-Catalin Rosu, "Securing Pocket Hard Drives," IEEE Pervasive Computing, vol. 6, no. 4, pp. 18-23, Oct.-Dec. 2007, doi:10.1109/MPRV.2007.85
PURCHASE ARTICLE: $19
IEEE Xplore Subscribers
Digg
Furl
Spurl
Blink
Simpy
Google
Del.icio.us
Y!MyWeb