trustworthy

Carnegie-Mellon University has developed a system called Bump-in-the-Ether (BitE), an approach for preventing user-space malware from accessing sensitive user input and providing the user with additional confidence that her input is being delivered to the expected application. Rather than preventing malware from running or detecting already-running malware, we facilitate user input that bypasses common avenues of attack. User input traverses a "trusted tunnel" from the input device to the application. This trusted tunnel is implemented using a trusted mobile device working in tandem with a host platform capable of attesting to its current software state.

Based on a received attestation, the mobile device verifies the integrity of the host platform and application, provies a trusted display through which the user selects the application to which her inputs should be directed, and encrypts those inputs so that only the expected application can decrypt them.

A paper on this work was presented at the 2006 USENIX Annual Technical Conference.

Quorum systems underlie numerous approaches for implementing intrusion-tolerant distributed services. A quorum system over a universe of logical elements is a collection of subsets (quorums) of elements, any two of which intersect. In implementations of intrusion-tolerant distributed services, the elements of the universe reside on the nodes of a physical network and the participants access the system by contacting every element in some quorum.

We have initiated a research program to study the network-centric costs that these quorum accesses induce. Specifically, this year we studied algorithms to place universe elements on the nodes of a physical network so as to minimize the network congestion that results from quorum accesses, while also ensuring that no physical node is overloaded by access requests from clients. We considered two models, one in which communication routes can be chosen arbitrarily and one in which they are fixed in advance. We showed that in either model, the optimal congestion (with respect to the load constraints) cannot be approximated to any factor (unless P = NP). However, we showed that at most doubling the load on nodes allows us to achieve a congestion that is close to this optimal value. We also provided initial steps to elucidate the extent to which element migration can reduce congestion in this context.

A paper on this work was presented to the 2006 ACM Symposium on Principles of Distributed Computing.

About Trust TRUST Overview TRUST Orgchart Our TRUST Partners TRUST Research Conferences Education FAQ Key Publications Trust Introduction (PPT) Annual Report 5 yr. Strategic Plan

Getting Involved with Trust Getting started with this web site How can I request a login account on this website? Who can get a login? How does a corporation become a partner? How do a set up a proxy account so I can register a VIP? How do I join a group? How do I reset my password Missing menus/Javascript disabled? Online Conference Registration How do I register for a conference? Contact Information and Directions How do I contact the Trust Center? Directions to Cory Hall

Recent Publications for trustworthy

• Michael Merideth. Tradeoffs in Byzantine-Fault-Tolerant State-Machine-Replication Protocol Design, Technical report, Institute for Software Research, Carnegie Mellon University, CMU-ISR-08-110, March, 2008.
• Jonathan M. McCune, Bryan Parno, Adrian Perrig, Michael Reiter, Arvind Seshadri. How Low Can You Go? Recommendations for Hardware-Supported Minimal TCB Code Execution, ACM Conference on Architectural Support for Programming Languages and Operating Systems (ASPLOS), ACM, March, 2008.
• Michael Merideth, Michael Reiter. Write markers for probabilistic quorum systems, Technical report, Computer Science Department, Carnegie Mellon University, CMU-CS-07-165, November, 2007.
• Arvind Seshadri, Mark Luk, Ning Qu, Adrian Perrig. SecVisor: A Tiny Hypervisor to Provide Lifetime Kernel Code Integrity for Commodity OSes, ACM Symposium on Operating Systems Principles (SOSP), ACM, October, 2007.
• Michael Merideth, Michael Reiter. Probabilistic opaque quorum systems, Distributed Computing: 21st International Symposium, DISC 2007, 403-419, September, 2007.
• Jonathan M. McCune, Adrian Perrig, Arvind Seshadri, Leendert van Doorn. Turtles All The Way Down: Research Challenges in User-Based Attestation, Proceedings of the Workshop on Hot Topics in Security (HotSec), August, 2007.
• F. Oprea, M. Reiter. Minimizing response time for quorum-system protocols over wide-area networks, Proceedings of the 2007 International Conference on Dependable Systems and Networks, June, 2007.
• Michael Reiter. Trustworthy Systems, Talk or presentation, 19, March, 2007.
• Mike Reiter, Alex Aiken, David Wagner. Trustworthy Systems, Talk or presentation, 9, October, 2006.
• D. Golovin, A. Gupta, B.M. Maggs, F. Oprea, M. Reiter. Quorum placement in networks: Minimizing network congestion, Proceedings of the 25th ACM Symposium on Principles of Distributed Computing, 16–25, June, 2006.

Faculty