A New Approach to Protect the OS from Off-line Attacks Using the Smart Card

2009 Third International Conference on Emerging Security Information, Systems and Technologies Pub Date : 2009-06-18 DOI:10.1109/SECURWARE.2009.57

H. R. Ghaleh, Shahin Norouzi

{"title":"A New Approach to Protect the OS from Off-line Attacks Using the Smart Card","authors":"H. R. Ghaleh, Shahin Norouzi","doi":"10.1109/SECURWARE.2009.57","DOIUrl":null,"url":null,"abstract":"Since the present computer systems use layered and modular architectures and execute the instructions in a number of different phases, therefore it has become an imperative to establish a trusted chain between various layers. It usually is integrity checking by hashing of executable codes. With guarantee of software integrity, the web servers and other network entities can trust to client systems or workstations. Several methods have been proposed for this purpose, each of them have their own advantages and weakness. Recently a group of big software and hardware companies working in Information Technology field known as Trusted Computing Group (TCG) are engaged in designing and making standards of various aspects of trusted computer systems including applications, PCs, networks, cryptography modules and so on. These standards can make the system trusted, but they need some hardware changes such as BIOS and Trusted Platform Module (TPM). These changes are not applicable for present systems and we have to purchase new hardware. This paper is an attempt at propose a new method that can make the present systems trusted. This method uses are movable trusted storage that is compatible with TCG storage standard.","PeriodicalId":382947,"journal":{"name":"2009 Third International Conference on Emerging Security Information, Systems and Technologies","volume":"51 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2009-06-18","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"2","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2009 Third International Conference on Emerging Security Information, Systems and Technologies","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/SECURWARE.2009.57","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 2

Abstract

Since the present computer systems use layered and modular architectures and execute the instructions in a number of different phases, therefore it has become an imperative to establish a trusted chain between various layers. It usually is integrity checking by hashing of executable codes. With guarantee of software integrity, the web servers and other network entities can trust to client systems or workstations. Several methods have been proposed for this purpose, each of them have their own advantages and weakness. Recently a group of big software and hardware companies working in Information Technology field known as Trusted Computing Group (TCG) are engaged in designing and making standards of various aspects of trusted computer systems including applications, PCs, networks, cryptography modules and so on. These standards can make the system trusted, but they need some hardware changes such as BIOS and Trusted Platform Module (TPM). These changes are not applicable for present systems and we have to purchase new hardware. This paper is an attempt at propose a new method that can make the present systems trusted. This method uses are movable trusted storage that is compatible with TCG storage standard.

查看原文本刊更多论文

一种利用智能卡保护操作系统免受离线攻击的新方法

由于当前的计算机系统采用分层和模块化的体系结构，指令的执行分多个不同的阶段，因此在各层之间建立信任链已成为当务之急。它通常是通过对可执行代码进行散列来进行完整性检查。通过保证软件的完整性，web服务器和其他网络实体可以信任客户端系统或工作站。为此提出了几种方法，每种方法都有自己的优点和缺点。近年来，一群在信息技术领域工作的大型软件和硬件公司被称为可信计算小组(TCG)，他们致力于设计和制定可信计算机系统的各个方面的标准，包括应用程序、个人电脑、网络、加密模块等。这些标准可以使系统可信，但是它们需要一些硬件更改，例如BIOS和可信平台模块(trusted Platform Module, TPM)。这些变化不适用于现有的系统，我们必须购买新的硬件。本文试图提出一种使现有系统可信的新方法。该方法使用与TCG存储标准兼容的可移动可信存储。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

2009 Third International Conference on Emerging Security Information, Systems and Technologies

自引率

0.00%

发文量