Sciweavers

NDSS
2009
IEEE

Safe Passage for Passwords and Other Sensitive Data

14 years 7 months ago
Safe Passage for Passwords and Other Sensitive Data
The prevalence of malware such as keyloggers and screen scrapers has made the prospect of providing sensitive information via web pages disconcerting for security-conscious users. We present Bumpy, a system to exclude the legacy operating system and applications from the trusted computing base for sensitive input, without requiring a hypervisor or VMM. Bumpy allows the user to specify strings of input as sensitive when she enters them, and ensures that these inputs reach the desired endpoint in a protected state. The inputs are processed in an isolated code module on the user’s system, where they can be encrypted or otherwise processed for a remote webserver. We present a prototype implementation of Bumpy.
Jonathan M. McCune, Adrian Perrig, Michael K. Reit
Added 21 May 2010
Updated 21 May 2010
Type Conference
Year 2009
Where NDSS
Authors Jonathan M. McCune, Adrian Perrig, Michael K. Reiter
Comments (0)