TY - GEN
T1 - A secure user interface for web applications running under an untrusted operating system
AU - Li, Chunxiao
AU - Raghunathan, Anand
AU - Jha, Niraj K.
PY - 2010
Y1 - 2010
N2 - Many security-critical web applications, such as online banking and e-commerce, require a secure communication path between the user and a remote server. Securing this end-to-end path is challenging and can be broken down into several segments. The network part between the user's machine and the server is usually well protected, using secure communication protocols, such as the Transport Layer Security (TLS) protocol. However, the user's sensitive inputs (such as password and credit card number) are handled by the operating system (OS) and the web applications before being encrypted and passed on to the network; also some sensitive information from the server (such as private account balance and transaction confirmation) is handled by OS/applications before being displayed to the user. This user interface part of the communication path, which includes the OS and web applications, is often untrusted because of possible malware (virus, rootkits, spyware, etc.) and vulnerabilities within the client. In this paper, a secure user interface running under an untrusted OS is proposed, which is independent of the OS/applications and has a very small code base size. This secure user interface attests itself to the remote server and then handles the sensitive input and output by itself, bypassing the OS kernel and web applications. It utilizes network software stacks in the OS, however, the sensitive information is cryptographically protected before being revealed to the potentially malicious OS. This ensures the confidentiality and integrity of the sensitive information. Using this secure user interface, even while running under untrusted OS/applications, the user's sensitive input, private output, and transaction integrity can be protected.
AB - Many security-critical web applications, such as online banking and e-commerce, require a secure communication path between the user and a remote server. Securing this end-to-end path is challenging and can be broken down into several segments. The network part between the user's machine and the server is usually well protected, using secure communication protocols, such as the Transport Layer Security (TLS) protocol. However, the user's sensitive inputs (such as password and credit card number) are handled by the operating system (OS) and the web applications before being encrypted and passed on to the network; also some sensitive information from the server (such as private account balance and transaction confirmation) is handled by OS/applications before being displayed to the user. This user interface part of the communication path, which includes the OS and web applications, is often untrusted because of possible malware (virus, rootkits, spyware, etc.) and vulnerabilities within the client. In this paper, a secure user interface running under an untrusted OS is proposed, which is independent of the OS/applications and has a very small code base size. This secure user interface attests itself to the remote server and then handles the sensitive input and output by itself, bypassing the OS kernel and web applications. It utilizes network software stacks in the OS, however, the sensitive information is cryptographically protected before being revealed to the potentially malicious OS. This ensures the confidentiality and integrity of the sensitive information. Using this secure user interface, even while running under untrusted OS/applications, the user's sensitive input, private output, and transaction integrity can be protected.
UR - http://www.scopus.com/inward/record.url?scp=78249232342&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=78249232342&partnerID=8YFLogxK
U2 - 10.1109/CIT.2010.162
DO - 10.1109/CIT.2010.162
M3 - Conference contribution
AN - SCOPUS:78249232342
SN - 9780769541082
T3 - Proceedings - 10th IEEE International Conference on Computer and Information Technology, CIT-2010, 7th IEEE International Conference on Embedded Software and Systems, ICESS-2010, ScalCom-2010
SP - 865
EP - 870
BT - Proceedings - 10th IEEE International Conference on Computer and Information Technology, CIT-2010, 7th IEEE International Conference on Embedded Software and Systems, ICESS-2010, ScalCom-2010
T2 - 10th IEEE International Conference on Computer and Information Technology, CIT-2010, 7th IEEE International Conference on Embedded Software and Systems, ICESS-2010, 10th IEEE Int. Conf. Scalable Computing and Communications, ScalCom-2010
Y2 - 29 June 2010 through 1 July 2010
ER -