He Shuang, Wei Huang, Pushkar Bettadpur, Lianying Zhao, I. Pustogarov, D. Lie
{"title":"使用输入和上下文来验证互联网服务中的用户意图","authors":"He Shuang, Wei Huang, Pushkar Bettadpur, Lianying Zhao, I. Pustogarov, D. Lie","doi":"10.1145/3343737.3343739","DOIUrl":null,"url":null,"abstract":"An open security problem is how a server can tell whether a request submitted by a client is legitimately intended by the user or fakes by malware that has infected the user's system. This paper proposes Attested Intentions (AINT), to ensure user intention is properly translated to service requests. AINT uses a trusted hypervisor to record user inputs and context, and uses an Intel SGX enclave to continuously verify that the context, where user interaction occurs, has not been tampered with. After verification, AINT also uses SGX enclave for execution protection to generate the service request using the inputs collected by the hypervisor. To address privacy concerns over the recording of user inputs and context, AINT performs all verification on the client device, so that recorded data is never transmitted to a remote party.","PeriodicalId":202924,"journal":{"name":"Asia Pacific Workshop on Systems","volume":"233 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2019-08-19","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"3","resultStr":"{\"title\":\"Using Inputs and Context to Verify User Intentions in Internet Services\",\"authors\":\"He Shuang, Wei Huang, Pushkar Bettadpur, Lianying Zhao, I. Pustogarov, D. Lie\",\"doi\":\"10.1145/3343737.3343739\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"An open security problem is how a server can tell whether a request submitted by a client is legitimately intended by the user or fakes by malware that has infected the user's system. This paper proposes Attested Intentions (AINT), to ensure user intention is properly translated to service requests. AINT uses a trusted hypervisor to record user inputs and context, and uses an Intel SGX enclave to continuously verify that the context, where user interaction occurs, has not been tampered with. After verification, AINT also uses SGX enclave for execution protection to generate the service request using the inputs collected by the hypervisor. To address privacy concerns over the recording of user inputs and context, AINT performs all verification on the client device, so that recorded data is never transmitted to a remote party.\",\"PeriodicalId\":202924,\"journal\":{\"name\":\"Asia Pacific Workshop on Systems\",\"volume\":\"233 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2019-08-19\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"3\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"Asia Pacific Workshop on Systems\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1145/3343737.3343739\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"Asia Pacific Workshop on Systems","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1145/3343737.3343739","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
Using Inputs and Context to Verify User Intentions in Internet Services
An open security problem is how a server can tell whether a request submitted by a client is legitimately intended by the user or fakes by malware that has infected the user's system. This paper proposes Attested Intentions (AINT), to ensure user intention is properly translated to service requests. AINT uses a trusted hypervisor to record user inputs and context, and uses an Intel SGX enclave to continuously verify that the context, where user interaction occurs, has not been tampered with. After verification, AINT also uses SGX enclave for execution protection to generate the service request using the inputs collected by the hypervisor. To address privacy concerns over the recording of user inputs and context, AINT performs all verification on the client device, so that recorded data is never transmitted to a remote party.
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
