Computer Science Department
School of Computer Science, Carnegie Mellon University
Rapid Trust Establishment for Transient Use
Ajay Surie, Adrian Perrig, M. Satyanarayanan, David Farber
Transient use of PCs has grown in importance with the advent of Internet cafes and the emergence of personalization systems such as Migo, GoToMyPC, 5 and Internet Suspend/Resume®. Unfortunately, users have no choice today but to trust any transient hardware they use. They are often unaware of the risks they face in placing faith in public computers. We address this problem through Trust-Sniffer, a tool that helps a user to gain condence in the software stack on an untrusted machine. The root of trust is a small, lightweight device such as a USB memory stick that is owned by the user. Once the integrity of the boot image is verified, Trust-Sniffer uses a staged process to expand the zone of trust. It generates a trust fault when a user first attempts to execute any binary that lies outside the current zone of trust. A trust fault handler verifies the integrity of the suspect binary by comparing its checksum with that of known good binaries. Execution stops if the binary's integrity cannot be established. This staged approach to establishing confidence in an untrusted machine strikes a good balance between the needs of security and ease-of-use, and enables rapid use of transient hardware.