Universitysourceforge.jp

ReferencesAlloftheURLslistedherearevalidasofJune,2011.
[1]Abadi,M.
,Budiu,M.
,Erlingsson,U.
,Ligatti,J.
:Control-owintegrity.
In:ProceedingsoftheACMConferenceonComputerandCommunicationsSe-curity(CCS)(2005)(Referencedonpage10.
)[2]Acohido,B.
,Swartz,J.
:UnprotectedPCscanbehijackedinminutes.
USAToday(2004)(Referencedonpage47.
)[3]AdvancedMicroDevices:AMD64architectureprogrammer'smanual.
AMDPublicationno.
24593rev.
3.
14(2007)(Referencedonpages2,28,39,62,and68.
)[4]Alkassar,A.
,St¨uble,C.
,Sadeghi,A.
R.
:Secureobjectidenticationor:Solv-ingthechessgrandmasterproblem.
In:ProceedingsoftheNewSecurityParadigmWorkshow(NSPW)(2003)(Referencedonpage72.
)[5]AmesJr,S.
R.
:Securitykernels:AsolutionoraproblemIn:ProceedingsoftheIEEESymposiumonSecurityandPrivacy(1981)(Referencedonpage25.
)[6]Anderson,R.
:Cryptographyandcompetitionpolicy-issueswith"TrustedComputing".
In:ProceedingsoftheWorkshoponEconomicsandInforma-tionSecurity(2003)(Referencedonpage1.
)[7]Anderson,R.
,Kuhn,M.
:Tamperresistance–acautionarynote.
In:Proceed-ingsoftheUSENIXWorkshoponElectronicCommerce(1995)(Referencedonpage73.
)[8]Arbaugh,W.
A.
,Farber,D.
J.
,Smith,J.
M.
:Areliablebootstraparchitecture.
In:ProceedingsoftheIEEESymposiumonSecurityandPrivacy,pp.
65–71(1997)(Referencedonpages13,36,66,and69.
)[9]ARM:ARMsecuritytechnology.
PRD29-GENC-009492C(2009)(Refer-encedonpages1and38.
)[10]Armknecht,F.
,Maes,R.
,Sadeghi,A.
R.
,Standaert,F.
X.
,Wachsmann,C.
:Aformalfoundationforthesecurityfeaturesofphysicalfunctions.
In:IEEESymposiumonSecurityandPrivacy(2011)(Referencedonpage39.
)[11]Arnold,T.
,vanDoorn,L.
:TheIBMPCIXCC:Anewcryptographiccopro-cessorfortheIBMeServer.
IBMJournalofResearchandDevelopment48(3)(2004)(Referencedonpage35.
)B.
Parnoetal.
,BootstrappingTrustinModernComputers,SpringerBriefsinComputerScience10,DOI10.
1007/978-1-4614-1460-5,TheAutho201179rs()80References[12]Azab,A.
M.
,Ning,P.
,Wang,Z.
,Jiang,X.
,Zhang,X.
,Skalsky,N.
C.
:Hy-perSentry:Enablingstealthyin-contextmeasurementofhypervisorintegrity.
In:ProceedingsoftheACMConferenceonComputerandCommunicationsSecurity(CCS)(2010)(Referencedonpage27.
)[13]Azema,J.
,Fayad,G.
:M-Shieldmobilesecuritytechnology:makingwire-lesssecure.
TexasInstrumentsWhitepaper.
Availableathttp://focus.
ti.
com/pdfs/wtbu/ti_mshield_whitepaper.
pdf(2008)(Ref-erencedonpages1and38.
)[14]Baek,K.
H.
,Smith.
,S.
:Preventingtheftofqualityofserviceonopenplat-forms.
In:ProceedingsoftheIEEE/CREATE-NETWorkshoponSecurityandQoSinCommunicationNetworks(2005)(Referencedonpage55.
)[15]Baiardi,F.
,Cilea,D.
,Sgandurra,D.
,Ceccarelli,F.
:Measuringsemanticin-tegrityforremoteattestation.
In:ProceedingsoftheInternationalConferenceonTrustedComputing(2009)(Referencedonpage10.
)[16]Bailey,K.
A.
,Smith,S.
W.
:Trustedvirtualcontainersondemand.
In:Proceed-ingsoftheACMWorkshoponScalableTrustedComputing(STC)(2010)(Referencedonpage5.
)[17]Balacheff,B.
,Chen,L.
,Pearson,S.
,Plaquin,D.
,Proudler,G.
:TrustedCom-putingPlatforms–TCPATechnologyinContext.
PrenticeHall(2003)(Ref-erencedonpages63and75.
)[18]Balfanz,D.
,Smetters,D.
,Stewart,P.
,Wong,H.
C.
:Talkingtostrangers:Au-thenticationinad-hocwirelessnetworks.
In:ProceedingsoftheISOCSym-posiumonNetworkandDistributedSystemSecurity(NDSS)(2002)(Refer-encedonpage71.
)[19]Belenkiy,M.
,Chase,M.
,Erway,C.
C.
,Jannotti,J.
,K¨upc¨u,A.
,Lysyanskaya,A.
:Incentivizingoutsourcedcomputation.
In:ProceedingsoftheWorkshoponEconomicsofNetworkedSystems(NetEcon)(2008)(Referencedonpage40.
)[20]Berger,S.
,Caceres,R.
,Goldman,K.
A.
,Perez,R.
,Sailer,R.
,vanDoorn,L.
:vTPM:Virtualizingthetrustedplatformmodule.
In:ProceedingsoftheUSENIXSecuritySymposium(2006)(Referencedonpage5.
)[21]Beth,T.
,Desmedt,Y.
:Identicationtokens-or:Solvingthechessgrand-masterproblem.
In:ProceedingsofCRYPTO(1991)(Referencedonpage72.
)[22]Brands,S.
,Chaum,D.
:Distance-boundingprotocols.
In:ProceedingsofEu-roCrypt(1994)(Referencedonpages46and72.
)[23]Brickell,E.
,Camenisch,J.
,Chen,L.
:Directanonymousattestation.
In:Pro-ceedingsoftheACMConferenceonComputerandCommunicationsSecu-rity(CCS)(2004)(Referencedonpages23and67.
)[24]Brickell,E.
,Li,J.
:Apairing-basedDAAschemefurtherreducingTPMre-sources.
In:ProceedingsoftheInternationalConferenceonTrustandTrust-worthyComputing(2010)(Referencedonpage24.
)[25]Brumley,D.
,Song,D.
:Privtrans:Automaticallypartitioningprogramsforprivilegeseparation.
In:ProceedingsoftheUSENIXSecuritySymposium(2004)(Referencedonpage31.
)References81[26]Bruschi,D.
,Cavallaro,L.
,Lanzi,A.
,Monga,M.
:ReplayattackinTCGspec-icationandsolution.
In:ProceedingsoftheAnnualComputerSecurityAp-plicationsConference(ACSAC)(2005)(Referencedonpage51.
)[27]Bugiel,S.
,Ekberg,J.
E.
:Implementinganapplication-speciccredentialplat-formusinglate-launchedmobiletrustedmodule.
In:ProceedingsoftheACMWorkshoponScalableTrustedComputing(STC)(2010)(Referencedonpage38.
)[28]Busch,H.
,Sotakova,M.
,Katzenbeisser,S.
,Sion,R.
:ThePUFpromise.
In:ProceedingsoftheInternationalConferenceonTrustandTrustworthyCom-puting(2010)(Referencedonpage39.
)[29]Bussani,A.
,Grifn,J.
L.
,Jansen,B.
,Julisch,K.
,Karjoth,G.
,Maruyama,H.
,Nakamura,M.
,Perez,R.
,Schunter,M.
,Tanner,A.
,VanDoorn,L.
,VanHer-reweghen,E.
A.
,Waidner,M.
,Yoshihama,S.
:TrustedVirtualDomains:Se-curefoundationsforbusinessandITservices.
Tech.
Rep.
RC23792,IBMResearch(2005)(Referencedonpage5.
)[30]Cagalj,M.
,Capkun,S.
,Hubaux,J.
P.
:Keyagreementinpeer-to-peerwirelessnetworks.
ProceedingsoftheIEEE(SpecialIssueonCryptography)94,467–478(2006)(Referencedonpage71.
)[31]Capkun,S.
,Hubaux,J.
P.
,Buttyan,L.
:Mobilityhelpssecurityinadhocnet-works.
In:ProceedingsoftheACMSymposiumonMobileAdHocNet-working&Computing(MobiHoc)(2003)(Referencedonpage71.
)[32]Castelluccia,C.
,Francillon,A.
,Perito,D.
,Soriente,C.
:Onthedifcultyofsoftware-basedattestationofembeddeddevices.
In:ProceedingsoftheACMConferenceonComputerandCommunicationsSecurity(CCS)(2009)(Ref-erencedonpage40.
)[33]Castelluccia,C.
,Mutaf,P.
:Shakethemup!
Amovement-basedpairingproto-colforCPU-constraineddevices.
In:ProceedingoftheConferenceonMobileSystems,Applications,andServices(MobiSys)(2005)(Referencedonpage71.
)[34]Catuogno,L.
,Dmitrienko,A.
,Eriksson,K.
,Kuhlmann,D.
,Ramunno,G.
,Sadeghi,A.
R.
,Schulz,S.
,Schunter,M.
,Winandy,M.
,Zhan,J.
:Trustedvir-tualdomains-design,implementationandlessonslearned.
In:ProceedingsoftheInternationalConferenceonTrustedSystems(INTRUST)(2009)(Ref-erencedonpage5.
)[35]Challener,D.
,Hoff,J.
,Catherman,R.
,Safford,D.
,vanDoorn,L.
:PracticalGuidetoTrustedComputing.
PrenticeHall(2007)(Referencedonpage76.
)[36]Chen,B.
,Morris,R.
:Certifyingprogramexecutionwithsecureprocesors.
In:ProceedingsoftheUSENIXWorkshoponHotTopicsinOperatingSystems(HotOS)(2003)(Referencedonpage36.
)[37]Chen,L.
:ADAAschemeusingbatchproofandverication.
In:ProceedingsoftheInternationalConferenceonTrustandTrustworthyComputing(2010)(Referencedonpage24.
)[38]Chen,L.
,Landfermann,R.
,L¨ohr,H.
,Rohe,M.
,Sadeghi,A.
R.
,St¨uble,C.
:Aprotocolforproperty-basedattestation.
In:ProceedingsoftheACMWork-shoponScalableTrustedComputing(STC)(2006)(Referencedonpage33.
)82References[39]Chen,L.
,Ryan,M.
D.
:OfinedictionaryattackonTCGTPMweakautho-risationdata,andsolution.
In:ProceedingsoftheConferenceonFutureofTrustinComputing(2008)(Referencedonpage51.
)[40]Chen,S.
,Xu,J.
,Sezer,E.
C.
,Gauriar,P.
,Iyer,R.
K.
:Non-control-dataattacksarerealisticthreats.
In:ProceedingsoftheUSENIXSecuritySymposium(2005)(Referencedonpage10.
)[41]Chen,X.
,Garnkel,T.
,Lewis,E.
C.
,Subrahmanyam,P.
,Waldspurger,C.
A.
,Boneh,D.
,Dwoskin,J.
,Ports,D.
R.
K.
:Overshadow:Avirtualization-basedapproachtoretrottingprotectionincommodityoperatingsystems.
In:Pro-ceedingsoftheACMConferenceonArchitecturalSupportforProgrammingLanguagesandOperatingSystems(ASPLOS)(2008)(Referencedonpage27.
)[42]Chen,Y.
,England,P.
,Peinado,M.
,Willman,B.
:Highassurancecomputingonopenhardwarearchitectures.
Tech.
Rep.
MSR-TR-2003-20,MicrosoftResearch(2003)(Referencedonpage26.
)[43]Chun,B.
G.
,Maniatis,P.
,Shenker,S.
,Kubiatowicz,J.
:Attestedappend-onlymemory:Makingadversariessticktotheirword.
In:ProceedingsoftheACMSymposiumonOperatingSystemsPrinciples(SOSP)(2007)(Referencedonpage39.
)[44]Clark,D.
D.
,Wilson,D.
R.
:Acomparisonofcommercialandmilitarysecuritypolicies.
In:ProceedingsoftheIEEESymposiumonSecurityandPrivacy(1987)(Referencedonpage26.
)[45]Coker,G.
,Guttman,J.
,Loscocco,P.
,Herzog,A.
,Millen,J.
,O'Hanlon,B.
,Ramsdell,J.
,Segall,A.
,Sheehy,J.
,Sniffen,B.
:Principlesofremoteattesta-tion.
InternationalJournalofInformationSecurity10(2)(2011)(Referencedonpage21.
)[46]Datta,A.
,Franklin,J.
,Garg,D.
,Kaynar,D.
:Alogicofsecuresystemsanditsapplicationtotrustedcomputing.
In:ProceedingsoftheIEEESymposiumonSecurityandPrivacy(2009)(Referencedonpage52.
)[47]Dietrich,K.
,Winter,J.
:Towardscustomizable,applicationspecicmobiletrustedmodules.
In:ProceedingsoftheACMWorkshoponScalableTrustedComputing(STC)(2010)(Referencedonpage38.
)[48]Dixon,C.
,Uppal,H.
,Brajkovic,V.
,Brandon,D.
,Anderson,T.
,Krishna-murthy,A.
:ETTM:Ascalablefaulttolerantnetworkmanager.
In:Proceed-ingsoftheUSENIXSymposiumonNetworkedSystemsDesignandImple-mentation(NSDI)(2011)(Referencedonpage56.
)[49]Dwoskin,J.
S.
,Gomathisankaran,M.
,Chen,Y.
Y.
,Lee,R.
B.
:Aframeworkfortestinghardware-softwaresecurityarchitectures.
In:ProceedingsoftheAnnualComputerSecurityApplicationsConference(ACSAC)(2010)(Ref-erencedonpage51.
)[50]Dyer,J.
,Lindemann,M.
,Perez,R.
,Sailer,R.
,vanDoorn,L.
,Smith,S.
W.
,Weingart,S.
:BuildingtheIBM4758SecureCoprocessor.
IEEEComputer(2001)(Referencedonpages14and66.
)[51]Einstein,A.
:Ontheelectrodynamicsofmovingbodies.
AnnalenderPhysik17,891–921(1905)(Referencedonpage46.
)References83[52]Ekberg,J.
E.
,Bugiel,S.
:Trustinasmallpackage:minimizedMRTMsoft-wareimplementationformobilesecureenvironments.
In:ProceedingsoftheACMWorkshoponScalableTrustedComputing(STC)(2009)(Referencedonpage38.
)[53]Ekberg,J.
E.
,Kyl¨anp¨a¨a,M.
:Mobiletrustedmodule(MTM)-anintroduction.
Tech.
Rep.
NRC-TR-2007-015,NokiaResearchCenter(2007)(Referencedonpages37,38,and54.
)[54]Ellison,C.
,Dohrmann,S.
:Public-keysupportforgroupcollaboration.
ACMTransactionsonInformationandSystemSecurity6(4)(2003)(Referencedonpage71.
)[55]England,P.
,Lampson,B.
,Manferdelli,J.
,Peinado,M.
,Willman,B.
:Atrustedopenplatform.
IEEEComputer36(7),55–62(2003)(Referencedonpage26.
)[56]Erlingsson,U.
,Abadi,M.
,Vrable,M.
,Budiu,M.
,Necula,G.
C.
:XFI:Soft-wareguardsforsystemaddressspaces.
In:ProceedingsoftheUSENIXSym-posiumonOperatingSystemsDesignandImplementation(OSDI)(2006)(Referencedonpages10and32.
)[57]Feng,W.
C.
,Schluessler,T.
:Thecasefornetworkwitnesses.
In:ProceedingsoftheIEEEWorkshoponSecureNetworkProtocols(2008)(Referencedonpage56.
)[58]Finney,H.
:PrivacyCA.
http://privacyca.
com(Referencedonpage23.
)[59]Flicker:MinimalTCBcodeexecution.
Sourcecodev0.
5:http://flickertcb.
sourceforge.
net/(Referencedonpage60.
)[60]Franklin,J.
,Luk,M.
,Seshadri,A.
,Perrig,A.
:PRISM:Enablingpersonalver-icationofcodeintegrity,untamperedexecution,andtrustedI/Oorhuman-veriablecodeexecution.
Tech.
Rep.
CMU-CyLab-07-010,CarnegieMellonUniversity,Cylab(2007)(Referencedonpage71.
)[61]Fujisaki,E.
,Okamoto,T.
,Pointcheval,D.
,Stern,J.
:RSA–OAEPissecureundertheRSAassumption.
In:ProceedingsofCRYPTO(2001)(Referencedonpage15.
)[62]Gajek,S.
,L¨ohr,H.
,Sadeghi,A.
R.
,Winandy,M.
:TruWallet:trustworthyandmigratablewallet-basedwebauthentication.
In:ProceedingsoftheACMWorkshoponScalableTrustedComputing(STC)(2009)(Referencedonpage57.
)[63]Gallo,R.
,Kawakami,H.
,Dahab,R.
,Arajo,G.
,Azavedo,R.
:T-DRE:Ahard-waretrustedcomputingbasefordirectrecordingelectronicvotemachines.
In:ProceedingsoftheAnnualComputerSecurityApplicationsConference(ACSAC)(2010)(Referencedonpage54.
)[64]Garnkel,T.
,Pfaff,B.
,Chow,J.
,Rosenblum,M.
,Boneh,D.
:Terra:Avir-tualmachine-basedplatformfortrustedcomputing.
In:ProceedingsoftheSymposiumonOperatingSystemPrinciples(SOSP)(2003)(Referencedonpages5,6,7,21,27,and32.
)84References[65]Garnkel,T.
,Rosenblum,M.
,Boneh,D.
:FlexibleOSsupportandapplica-tionsforTrustedComputing.
In:ProceedingsoftheUSENIXWorkshoponHotTopicsinOperatingSystems(HotOS)(2003)(Referencedonpage55.
)[66]Garriss,S.
,Caceres,R.
,Berger,S.
,Sailer,R.
,vanDoorn,L.
,Zhang,X.
:Trustworthyandpersonalizedcomputingonpublickiosks.
In:ProceedingsoftheConferenceonMobileSystems,Applications,andServices(MobiSys)(2008)(Referencedonpages49and74.
)[67]Gasmi,Y.
,Sadeghi,A.
R.
,Stewin,P.
,Unger,M.
,Winandy,M.
,Husseiki,R.
,St¨uble,C.
:Flexibleandsecureenterpriserightsmanagementbasedontrustedvirtualdomains.
In:ProceedingsoftheACMWorkshoponScalableTrustedComputing(STC)(2008)(Referencedonpage5.
)[68]Gasser,M.
,Goldstein,A.
,Kaufman,C.
,Lampson,B.
:Thedigitaldistributedsystemsecurityarchitecture.
In:ProceedingsoftheNationalComputerSe-curityConference(1989)(Referencedonpages1,4,5,6,7,and13.
)[69]Gifn,J.
T.
,Christodorescu,M.
,Kruger,L.
:Strengtheningsoftwareself-checksummingviaself-modifyingcode.
In:ProceedingsoftheAnnualCom-puterSecurityApplicationsConference(ACSAC)(2005)(Referencedonpages39and40.
)[70]Gilbert,P.
,Cox,L.
P.
,Jung,J.
,Wetherall,D.
:Towardtrustworthymobilesensing.
In:ProceedingsoftheACMWorkshoponMobileComputingSys-temsandApplications(HotMobile)(2010)(Referencedonpage57.
)[71]Gobioff,H.
,Smith,S.
,Tygar,J.
,Yee,B.
:Smartcardsinhostileenvironments.
In:ProceedingsoftheUSENIXWorkshoponElectronicCommerce(1995)(Referencedonpage36.
)[72]Goel,A.
,Po,K.
,Farhadi,K.
,Li,Z.
,deLara,E.
:Thetaserintrusionrecov-erysystem.
In:ProceedingsoftheACMSymposiumonOperatingSystemsPrinciples(SOSP)(2005)(Referencedonpage68.
)[73]Gold,B.
D.
,Linde,R.
R.
,Cudney,P.
F.
:KVM/370inretrospect.
In:Proceed-ingsoftheIEEESymposiumonSecurityandPrivacy(1984)(Referencedonpage25.
)[74]Goldman,K.
:IBM'ssoftwareTrustedPlatformModule.
Sourcecode:http://ibmswtpm.
sourceforge.
net/(Referencedonpage59.
)[75]Goldman,K.
,Perez,R.
,Sailer,R.
:Linkingremoteattestationtosecuretun-nelendpoints.
In:ProceedingsoftheACMWorkshoponScalableTrustedComputing(STC)(2006)(Referencedonpages21and22.
)[76]Goldman,K.
,Sailer,R.
,Pendarakis,D.
,Srinivasan,D.
:Scalableintegritymonitoringinvirtualizedenvironments.
In:ProceedingsoftheACMWork-shoponScalableTrustedComputing(STC)(2010)(Referencedonpage6.
)[77]Goodrich,M.
T.
,Sirivianos,M.
,Solis,J.
,Tsudik,G.
,Uzun,E.
:Loudandclear:Human-veriableauthenticationbasedonaudio.
In:ProceedingsoftheIEEEInternationalConferenceonDistributedComputingSystems(ICDCS)(2006)(Referencedonpage71.
)[78]Grawrock,D.
:TheIntelSaferComputingInitiative:BuildingBlocksforTrustedComputing.
IntelPress(2006)(Referencedonpage62.
)[79]Grawrock,D.
:DynamicsofaTrustedPlatform.
IntelPress(2008)(Refer-encedonpage76.
)References85[80]GSMAssociation:GSMmobilephonetechnologyaddsanotherbillioncon-nectionsinjust30months.
GSMWorldPressRelease(2006)(Referencedonpage1.
)[81]Gueron,S.
,Kounavis,M.
E.
:Newprocessorinstructionsforacceleratingencryptionandauthenticationalgorithms.
IntelTechnologyJournal13(2)(2009)(Referencedonpage2.
)[82]Gummadi,R.
,Balakrishnan,H.
,Maniatis,P.
,Ratnasamy,S.
:Not-a-bot:Im-provingserviceavailabilityinthefaceofbotnetattacks.
In:ProceedingsoftheUSENIXSymposiumonNetworkedSystemsDesignandImplementation(NSDI)(2009)(Referencedonpage56.
)[83]G¨urgens,S.
,Rudolph,C.
,Scheuermann,D.
,Atts,M.
,Plaga,R.
:SecurityevaluationofscenariosbasedontheTCG'sTPMspecication.
In:Proceed-ingsoftheEuropeanSymposiumonResearchinComputerSecurity(ES-ORICS)(2007)(Referencedonpage51.
)[84]Haeberlen,A.
,Aditya,P.
,Rodrigues,R.
,Druschel,P.
:Accountablevirtualmachines.
In:ProceedingsoftheUSENIXSymposiumonOperatingSystemsDesignandImplementation(OSDI)(2010)(Referencedonpage40.
)[85]Haldar,V.
,Chandra,D.
,Franz,M.
:Semanticremoteattestation:avirtualma-chinedirectedapproachtotrustedcomputing.
In:ProceedingsoftheConfer-enceonVirtualMachineResearch(2004)(Referencedonpages10,25,32,and33.
)[86]Halderman,J.
A.
,Schoen,S.
D.
,Heninger,N.
,Clarkson,W.
,Paul,W.
,Calan-drino,J.
A.
,Feldman,A.
J.
,Appelbaum,J.
,Felten,E.
W.
:Lestweremember:Coldbootattacksonencryptionkeys.
In:ProceedingsoftheUSENIXSecu-ritySymposium(2008)(Referencedonpage74.
)[87]vonHelden,J.
,Bente,I.
,Vieweg,J.
:TrustedNetworkConnect(TNC).
Eu-ropeanTrustedInfrastructureSummerSchool(2009)(Referencedonpage54.
)[88]Holmquist,L.
E.
,Mattern,F.
,Schiele,B.
,Alahuhta,P.
,Beigl,M.
,Gellersen,H.
W.
:Smart-itsfriends:Atechniqueforuserstoeasilyestablishconnectionsbetweensmartartefacts.
In:ProceedingsoftheACMConferenceonUbiqui-tousComputing(Ubicomp)(2001)(Referencedonpage71.
)[89]IBM:CCAbasicservicesreferenceandguidefortheIBM4758PCIandIBM4764PCI-Xcryptographiccoprocessors.
19thEd.
(2008)(Referencedonpage35.
)[90]InneonTechnologiesAG:InneonchipcardandsecurityICsportfolio.
http://www.
infineon.
com(2010)(Referencedonpage36.
)[91]Intel,HP,NEC,Dell:IPMI-IntelligentPlatformManagementInter-facespecicationsecondgenerationv2.
0.
http://download.
intel.
com/design/servers/ipmi/IPMIv2_0rev1_0.
pdf(2004)(Ref-erencedonpage27.
)[92]IntelCorporation:Trustedboot.
Sourcecode:http://tboot.
sourceforge.
net/(Referencedonpage60.
)86References[93]IntelCorporation:Inteltrustedexecutiontechnology–measuredlaunchedenvironmentdeveloper'sguide.
Documentnumber315168-005(2008)(Ref-erencedonpages2,28,29,39,62,and68.
)[94]IntelCorporation:IntelvProTechnology.
http://www.
intel.
com/technology/vpro/(2011)(Referencedonpage27.
)[95]Itoi,N.
:SecurecoprocessorintegrationwithKerberosV5.
In:ProceedingsoftheUSENIXSecuritySymposium(2000)(Referencedonpage55.
)[96]Itoi,N.
,Arbaugh,W.
A.
,Pollack,S.
J.
,Reeves,D.
M.
:Personalsecurebooting.
In:ProceedingsoftheAustralasianConferenceonInformationSecurityandPrivacy(ACISP)(2000)(Referencedonpage69.
)[97]Jaeger,T.
,Sailer,R.
,Shankar,U.
:PRIMA:policy-reducedintegritymea-surementarchitecture.
In:ProceedingsoftheACMSymposiumonAccessControlModelsAndTechnologies(SACMAT)(2006)(Referencedonpage26.
)[98]Jiang,S.
:WebALPSimplementationandperformanceanalysis.
Master'sthesis,DartmouthCollege(2001)(Referencedonpage55.
)[99]Jiang,S.
,Smith,S.
,Minami,K.
:Securingwebserversagainstinsiderattack.
In:ProceedingsoftheAnnualComputerSecurityApplicationsConference(ACSAC)(2001)(Referencedonpages14and35.
)[100]Johnson,R.
,Wagner,D.
:Findinguser/kernelpointerbugswithtypeinfer-ence.
In:ProceedingsoftheUSENIXSecuritySymposium(2004)(Refer-encedonpage32.
)[101]Karger,P.
A.
,Zurko,M.
E.
,Bonin,D.
W.
,Mason,A.
H.
,Kahn,C.
E.
:Aretro-spectiveontheVAXVMMsecuritykernel.
IEEETransactionsonSoftwareEngineering17(11),1147–1165(1991)(Referencedonpage25.
)[102]Kauer,B.
:OSLO:ImprovingthesecurityofTrustedComputing.
In:Pro-ceedingsoftheUSENIXSecuritySymposium(2007).
Sourcecode:http://os.
inf.
tu-dresden.
de/kauer/oslo/(Referencedonpages21,30,51,60,and73.
)[103]Keller,E.
,Lee,R.
B.
,Rexford,J.
:Accountabilityinhostedvirtualnetworks.
In:ProceedingsoftheACMWorkshoponVirtualizedInfrastructureSystemsandArchitectures(VISA)(2009)(Referencedonpage55.
)[104]Kennell,R.
,Jamieson,L.
:Establishingthegenuinityofremotecomputersys-tems.
In:ProceedingsoftheUSENIXSecuritySymposium(2003)(Refer-encedonpages39and40.
)[105]Kil,C.
,Sezer,E.
C.
,Azab,A.
,Ning,P.
,Zhang,X.
:Remoteattestationtodynamicsystemproperties.
In:ProceedingsoftheIEEE/IFIPConferenceonDependableSystemsandNetworks(DSN)(2009)(Referencedonpages10and32.
)[106]Kim,T.
,Wang,X.
,Zeldovich,N.
,Kaashoek,M.
F.
:Intrusionrecoveryusingselectivere-execution.
In:ProceedingsoftheUSENIXSymposiumonOp-eratingSystemsDesignandImplementation(OSDI)(2010)(Referencedonpage68.
)[107]Klein,G.
,Elphinstone,K.
,Heiser,G.
,Andronick,J.
,Cock,D.
,Derrin,P.
,Elkaduwe,D.
,Engelhardt,K.
,Norrish,M.
,Kolanski,R.
,Sewell,T.
,Tuch,References87H.
,Winwood,S.
:seL4:FormalvericationofanOSkernel.
In:ProceedingsoftheACMSymposiumonOperatingSystemsPrinciples(SOSP)(2009)(Referencedonpage25.
)[108]Knoppixfortrustedcomputinggeeks.
http://unit.
aist.
go.
jp/itri/knoppix/index-en.
html(Referencedonpage60.
)[109]Korthaus,R.
,Sadeghi,A.
R.
,St¨uble,C.
,Zhan,J.
:Apracticalproperty-basedbootstraparchitecture.
In:ProceedingsoftheACMWorkshoponScalableTrustedComputing(STC)(2009)(Referencedonpage33.
)[110]Krautheim,F.
J.
,Phatak,D.
S.
,Sherman,A.
T.
:Introducingthetrustedvirtualenvironmentmodule:Anewmechanismforrootingtrustincloudcomputing.
In:ProceedingsoftheInternationalConferenceonTrustandTrustworthyComputing(2010)(Referencedonpage6.
)[111]K¨uhn,U.
,Selhorst,M.
,St¨uble,C.
:Realizingproperty-basedattestationandsealingwithcommonlyavailablehard-andsoftware.
In:ProceedingsoftheACMWorkshoponScalableTrustedComputing(STC)(2007)(Referencedonpage33.
)[112]Lampson,B.
:Usablesecurity:Howtogetit.
CommunicationsoftheACM52(11)(2009)(Referencedonpage70.
)[113]Lang,P.
:FlashtheIntelBIOSwithcondence.
IntelDeveloperUPDATEMagazine(2002)(Referencedonpage50.
)[114]Laur,S.
,Nyberg,K.
:Efcientmutualdataauthenticationusingmanuallyauthenticatedstrings.
In:ProceedingsoftheConferenceonCryptologyandNetworkSecurity(CANS)(2006)(Referencedonpage71.
)[115]LeClaire,J.
:AppleshipsiPodswithWindowsvirus.
MacNewsWorld(2006)(Referencedonpage47.
)[116]Lee,D.
,Wester,B.
,Veeraraghavan,K.
,Narayanasamy,S.
,Chen,P.
M.
,Flinn,J.
:Respec:Efcientonlinemultiprocessorreplayviaspeculationandexternaldeterminism.
In:ProceedingsoftheACMConferenceonArchitecturalSup-portforProgrammingLanguagesandOperatingSystems(ASPLOS)(2010)(Referencedonpage40.
)[117]Lee,R.
B.
,Kwan,P.
,McGregor,J.
P.
,Dwoskin,J.
,Wang,Z.
:Architectureforprotectingcriticalsecretsinmicroprocessors.
In:ProceedingsoftheInterna-tionalSymposiumonComputerArchitecture(ISCA)(2005)(Referencedonpages36,51,and69.
)[118]vanderLeest,V.
,Schrijen,G.
J.
,Handschuh,H.
,Tuyls,P.
:HardwareintrinsicsecurityfromDip-ops.
In:ProceedingsoftheACMWorkshoponScalableTrustedComputing(STC)(2010)(Referencedonpage39.
)[119]Lester,J.
,Hannaford,B.
,Gaetano,B.
:Areyouwithme-Usingaccelerom-eterstodetermineiftwodevicesarecarriedbythesameperson.
In:Proceed-ingsofPervasive(2004)(Referencedonpage71.
)[120]Leung,A.
,Chen,L.
,Mitchell,C.
J.
:Onapossibleprivacyawindirectanonymousattestation(DAA).
In:ProceedingsoftheInternationalConfer-enceonTrustedComputing(2008)(Referencedonpage24.
)[121]Levin,D.
,Douceur,J.
R.
,Lorch,J.
R.
,Moscibroda,T.
:TrInc:Smalltrustedhardwareforlargedistributedsystems.
In:ProceedingsoftheUSENIXSym-88ReferencesposiumonNetworkedSystemsDesignandImplementation(NSDI)(2009)(Referencedonpage39.
)[122]Libonati,A.
,McCune,J.
M.
,Reiter,M.
K.
:Usabilitytestingamalware-resistantinputmechanism.
In:ProceedingsoftheISOCSymposiumonNet-workandDistributedSystemsSecurity(NDSS)(2011)(Referencedonpage70.
)[123]Lie,D.
,Thekkath,C.
A.
,Mitchell,M.
,Lincoln,P.
,Boneh,D.
,Mitchell,J.
C.
,Horowitz,M.
:Architecturalsupportforcopyandtamperresistantsoftware.
In:ProceedingsoftheACMConferenceonArchitecturalSupportforPro-grammingLanguagesandOperatingSystems(ASPLOS)(2000)(Referencedonpage36.
)[124]Linksky,J.
etal.
:SimplePairingWhitepaper,revisionv10r00.
http://mclean-linsky.
net/joel/cv/Simple%20Pairing_WP_V10r00.
pdf(2006)(Referencedonpage71.
)[125]L¨ohr,H.
,P¨oppelmann,T.
,Rave,J.
,Steegmanns,M.
,Winandy,M.
:TrustedvirtualdomainsonOpenSolaris:usablesecuredesktopenvironments.
In:ProceedingsoftheACMWorkshoponScalableTrustedComputing(STC)(2010)(Referencedonpage5.
)[126]Lortz,V.
,Roberts,D.
,Erdmann,B.
,Dawidowsky,F.
,Hayes,K.
,Yee,J.
C.
,Ishidoshiro,T.
:Wi-FiSimpleCongSpecication,version1.
0a(2006).
NowknownasWi-FiProtectedSetup(Referencedonpage71.
)[127]Marchesini,J.
,Smith,S.
W.
,Wild,O.
,Stabiner,J.
,Barsamian,A.
:Open-sourceapplicationsofTCPAhardware.
In:ProceedingsoftheAnnualCom-puterSecurityApplicationsConference(ACSAC)(2004)(Referencedonpages4,8,21,and25.
)[128]Mayrhofer,R.
,Gellersen,H.
:Shakewellbeforeuse:Intuitiveandsecurepairingofmobiledevices.
IEEETransactionsonMobileComputing8(6)(2009)(Referencedonpage71.
)[129]McCune,J.
M.
,Li,Y.
,Qu,N.
,Zhou,Z.
,Datta,A.
,Gligor,V.
,Perrig,A.
:TrustVisor:EfcientTCBreductionandattestation.
In:ProceedingsoftheIEEESymposiumonSecurityandPrivacy(2010)(Referencedonpage30.
)[130]McCune,J.
M.
,Parno,B.
,Perrig,A.
,Reiter,M.
K.
,Isozaki,H.
:Flicker:AnexecutioninfrastructureforTCBminimization.
In:ProceedingsoftheACMEuropeanConferenceonComputerSystems(EuroSys)(2008)(Referencedonpages21,22,30,and55.
)[131]McCune,J.
M.
,Parno,B.
,Perrig,A.
,Reiter,M.
K.
,Seshadri,A.
:MinimalTCBcodeexecution(extendedabstract).
In:ProceedingsoftheIEEESym-posiumonSecurityandPrivacy(2007)(Referencedonpages22and30.
)[132]McCune,J.
M.
,Parno,B.
,Perrig,A.
,Reiter,M.
K.
,Seshadri,A.
:HowlowcanyougoRecommendationsforhardware-supportedminimalTCBcodeexecution.
In:ProceedingsoftheACMConferenceonArchitecturalSup-portforProgrammingLanguagesandOperatingSystems(ASPLOS)(2008)(Referencedonpages30and46.
)References89[133]McCune,J.
M.
,Perrig,A.
,Reiter,M.
K.
:Seeing-is-believing:Usingcameraphonesforhuman-veriableauthentication.
In:ProceedingsoftheIEEESymposiumonSecurityandPrivacy(2005)(Referencedonpages49and71.
)[134]McCune,J.
M.
,Perrig,A.
,Reiter,M.
K.
:Safepassageforpasswordsandothersensitivedata.
In:ProceedingsoftheISOCSymposiumonNetworkandDistributedSystemSecurity(NDSS)(2009)(Referencedonpage69.
)[135]McCune,J.
M.
,Perrig,A.
,Seshadri,A.
,vanDoorn,L.
:Turtlesallthewaydown:Researchchallengesinuser-basedattestation.
In:ProceedingsoftheUSENIXWorkshoponHotTopicsinSecurity(HotSec)(2007)(Referencedonpage61.
)[136]Merkle,R.
C.
:Acertieddigitalsignature.
In:ProceedingsofCRYPTO(1989)(Referencedonpage56.
)[137]MicrosoftCorporation:Codeaccesssecurity.
MSDN.
NETFrameworkDe-veloper'sGuide–VisualStudio.
NETFramework3.
5(2008)(Referencedonpage53.
)[138]MicrosoftCorporation:FullvolumeencryptionusingWindowsBitLockerdriveencryption.
MicrosoftServicesDatasheet(2008)(Referencedonpage53.
)[139]Millen,J.
,Guttman,J.
,Ramsdell,J.
,Sheehy,J.
,Sniffen,B.
:Analysisofameasuredlaunch.
Tech.
Rep.
07-0843,TheMITRECorporation(2007)(Ref-erencedonpage51.
)[140]Mitchell,C.
(ed.
):TrustedComputing.
TheInstitutionofElectricalEngineers(2005)(Referencedonpages26and75.
)[141]Monate,B.
,Signoles,J.
:Slicingforsecurityofcode.
In:ProceedingsoftheInternationalConferenceonTrustandTrustworthyComputing(2008)(Referencedonpage32.
)[142]Monrose,F.
,Wyckoff,P.
,Rubin,A.
:Distributedexecutionwithremoteaudit.
In:ProceedingsofISOCNetworkandDistributedSystemSecuritySympo-sium(NDSS)(1999)(Referencedonpage40.
)[143]Moyer,T.
,Butler,K.
,Schiffman,J.
,McDaniel,P.
,Jaeger,T.
:Scalablewebcontentattestation.
In:ProceedingsoftheAnnualComputerSecurityAppli-cationsConference(ACSAC)(2009)(Referencedonpage55.
)[144]Nauman,M.
,Alam,M.
,Zhang,X.
,Ali,T.
:RemoteattestationofattributeupdatesandinformationowsinaUCONsystem.
In:ProceedingsoftheInternationalConferenceonTrustedComputing(2009)(Referencedonpage32.
)[145]NFCForum:Specications.
http://www.
nfc-forum.
org/specs/(Referencedonpage71.
)[146]Openplatformtrustservices(OpenPTS).
Sourcecode:http://openpts.
sourceforge.
jp(Referencedonpage60.
)[147]OpenTCproofofconceptprototype1.
http://www.
opentc.
net/index.
phpoption=com_content&task=view&id=45&Itemid=63(Referencedonpage60.
)[148]Pappu,R.
,Recht,B.
,Taylor,J.
,Gershenfeld,N.
:Physicalone-wayfunctions.
Science297(5589)(2002)(Referencedonpage39.
)90References[149]Parno,B.
:Bootstrappingtrustina"trusted"platform.
In:ProceedingsoftheUSENIXWorkshoponHotTopicsinSecurity(HotSec)(2008)(Referencedonpage41.
)[150]Parno,B.
:Trustextensionasamechanismforsecurecodeexecutiononcom-moditycomputers.
Ph.
D.
thesis,CarnegieMellonUniversity(2010)(Refer-encedonpage56.
)[151]Parno,B.
,Lorch,J.
R.
,Douceur,J.
R.
,Mickens,J.
,McCune,J.
M.
:Mem-oir:Practicalstatecontinuityforprotectedmodules.
In:ProceedingsoftheIEEESymposiumonSecurityandPrivacy(2011).
Sourcecode:http://research.
microsoft.
com/en-us/projects/memoir/(Ref-erencedonpages17and60.
)[152]Parno,B.
,McCune,J.
M.
,Perrig,A.
:Bootstrappingtrustincommoditycom-puters.
In:ProceedingsoftheIEEESymposiumonSecurityandPrivacy(2010)(Referencedonpagevii.
)[153]Parno,B.
,Zhou,Z.
,Perrig,A.
:Helpmehelpyou:Usingtrustworthyhost-basedinformationinthenetwork.
Tech.
Rep.
CMU-CyLab-09-016,CarnegieMellonUniversity,Cylab(2009)(Referencedonpage56.
)[154]Perrig,A.
,vanDoorn,L.
:Refutationof"Onthedifcultyofsoftware-basedattestationofembeddeddevices".
http://sparrow.
ece.
cmu.
edu/group/pub/perrig-vandoorn-refutation.
pdf(2010)(Refer-encedonpage40.
)[155]Perrig,A.
,Smith,S.
,Song,D.
,Tygar,J.
:SAM:Aexibleandsecureauc-tionarchitectureusingtrustedhardware.
In:ProceedingsoftheInternationalWorkshoponInternetComputingandE-Commerce(ICEC)(2001)(Refer-encedonpage55.
)[156]Perrig,A.
,Song,D.
:Hashvisualization:Anewtechniquetoimprovereal-worldsecurity.
In:ProceedingsoftheInternationalWorkshoponCrypto-graphicTechniquesandE-Commerce(CrypTEC)(1999)(Referencedonpage71.
)[157]Pirker,M.
,Toegl,R.
,Hein,D.
,Danner,P.
:APrivacyCAforanonymityandtrust.
In:ProceedingsoftheInternationalConferenceonTrustedComputing(2009)(Referencedonpage23.
)[158]Pirker,M.
,Winkler,T.
,Toegl,R.
,Gissing,M.
:IAIKjTpmTools-TPMtoolsfortheJavaplatform.
Sourcecodev0.
6:http://trustedjava.
sourceforge.
net/(Referencedonpage59.
)[159]Ramachandran,A.
,Bhandankar,K.
,Tariq,M.
B.
,Feamster,N.
:Packetswithprovenance.
Tech.
Rep.
GT-CS-08-02,GeorgiaTech(2008)(Referencedonpage55.
)[160]Rudolph,C.
:Covertidentityinformationindirectanonymousattestation(DAA).
In:ProceedingsoftheIFIPInformationSecurityConference(2007)(Referencedonpage24.
)[161]Sadeghi,A.
R.
,Selhorst,M.
,St¨uble,C.
,Wachsmann,C.
,Winandy,M.
:TCGinside-AnoteonTPMspecicationcompliance.
In:ProceedingsoftheACMWorkshoponScalableTrustedComputing(STC)(2006)(Referencedonpages51and68.
)References91[162]Sadeghi,A.
R.
,Stueble,C.
:Property-basedattestationforcomputingplat-forms:caringaboutproperties,notmechanisms.
In:ProceedingsoftheWork-shoponNewSecurityParadigms(NSPW)(2004)(Referencedonpages32and33.
)[163]Sailer,R.
,Valdez,E.
,Jaeger,T.
,Perez,R.
,vanDoorn,L.
,Grifn,J.
L.
,Berger,S.
:sHype:Securehypervisorapproachtotrustedvirtualizedsystems.
Tech.
Rep.
RC23511,IBMResearch(2005)(Referencedonpage27.
)[164]Sailer,R.
,Zhang,X.
,Jaeger,T.
,vanDoorn,L.
:DesignandimplementationofaTCG-basedintegritymeasurementarchitecture.
In:ProceedingsoftheUSENIXSecuritySymposium(2004).
Sourcecode:http://linux-ima.
sourceforge.
net(Referencedonpages6,8,9,21,22,26,41,59,and66.
)[165]Sarmenta,L.
,vanDijk,M.
,O'Donnell,C.
,Rhodes,J.
,Devadas,S.
:Virtualmonotoniccountersandcount-limitedobjectsusingaTPMwithoutatrustedOS.
In:ProceedingsoftheACMWorkshoponScalableTrustedComputing(STC)(2006)(Referencedonpage56.
)[166]Saroiu,S.
,Wolman,A.
:Iamasensor,andIapprovethismessage.
In:Pro-ceedingsoftheACMWorkshoponMobileComputingSystemsandAppli-cations(HotMobile)(2010)(Referencedonpage57.
)[167]Saxena,N.
,Ekberg,J.
E.
,Kostiainen,K.
,Asokan,N.
:Securedevicepairingbasedonavisualchannel(shortpaper).
In:ProceedingsoftheIEEESympo-siumonSecurityandPrivacy(2006)(Referencedonpage71.
)[168]Schellekens,D.
,Tuyls,P.
,Preneel,B.
:Embeddedtrustedcomputingwithau-thenticatednon-volatilememory.
In:ProceedingsoftheInternationalCon-ferenceonTrustedComputing(2008)(Referencedonpage39.
)[169]Schiffman,J.
,Moyer,T.
,Shal,C.
,Jaeger,T.
,McDaniel,P.
:Justifyingin-tegrityusingavirtualmachineverier.
In:ProceedingsoftheAnnualCom-puterSecurityApplicationsConference(ACSAC)(2009)(Referencedonpage27.
)[170]Schneier,B.
,Kelsey,J.
:Cryptographicsupportforsecurelogsonuntrustedmachines.
In:ProceedingsoftheUSENIXSecuritySymposium(1998)(Ref-erencedonpage6.
)[171]Schwartz,E.
J.
,Brumley,D.
,McCune,J.
M.
:Acontractualanonymitysys-tem.
In:ProceedingsoftheISOCSymposiumonNetworkandDistributedSystemsSecurity(NDSS)(2010)(Referencedonpage56.
)[172]Seshadri,A.
,Luk,M.
,Qu,N.
,Perrig,A.
:SecVisor:AtinyhypervisortoprovidelifetimekernelcodeintegrityforcommodityOSes.
In:ProceedingsoftheACMSymposiumonOperatingSystemsPrinciples(SOSP)(2007)(Referencedonpage32.
)[173]Seshadri,A.
,Luk,M.
,Shi,E.
,Perrig,A.
,vanDoorn,L.
,Khosla,P.
:Pio-neer:Verifyingintegrityandguaranteeingexecutionofcodeonlegacyplat-forms.
In:ProceedingsofACMSymposiumonOperatingSystemsPrinciples(SOSP)(2005)(Referencedonpages39and40.
)[174]Seshadri,A.
,Perrig,A.
,vanDoorn,L.
,Khosla,P.
:SWATT:Software-basedattestationforembeddeddevices.
In:ProceedingsoftheIEEESymposiumonSecurityandPrivacy(2004)(Referencedonpages39and40.
)92References[175]Shaneck,M.
,Mahadevan,K.
,Kher,V.
,Kim,Y.
:Remotesoftware-basedat-testationforwirelesssensors.
In:ProceedingsofEuropeanWorkshoponSecurityandPrivacyinAdHocandSensorNetworks(ESAS)(2005)(Ref-erencedonpages39and40.
)[176]Shankar,U.
,Jaeger,T.
,Sailer,R.
:Towardautomatedinformation-owin-tegrityvericationforsecurity-criticalapplications.
In:ProceedingsoftheISOCSymposiumonNetworkandDistributedSystemSecurity(NDSS)(2006)(Referencedonpages26and27.
)[177]Shi,E.
,Perrig,A.
,vanDoorn,L.
:BIND:Atime-of-useattestationserviceforsecuredistributedsystems.
In:ProceedingsoftheIEEESymposiumonSecurityandPrivacy(2005)(Referencedonpages30and55.
)[178]Shubina,A.
,Bratus,S.
,Ingersol,W.
,Smith,S.
W.
:ThediversityofTPMsanditseffectsondevelopment:AcasestudyofintegratingtheTPMintoOpenSolaris.
In:ProceedingsoftheACMWorkshoponScalableTrustedComputing(STC)(2010)(Referencedonpage51.
)[179]Singaravelu,L.
,Pu,C.
,Haertig,H.
,Helmuth,C.
:ReducingTCBcomplex-ityforsecurity-sensitiveapplications:Threecasestudies.
In:ProceedingsoftheACMEuropeanConferenceinComputerSystems(EuroSys)(2006)(Referencedonpage27.
)[180]Smith,S.
,Austel,V.
:Trustingtrustedhardware:Towardsaformalmodelforprogrammablesecurecoprocessors.
In:ProceedingsoftheUSENIXWork-shoponElectronicCommerce(1998)(Referencedonpage51.
)[181]Smith,S.
W.
:WebALPS:Usingtrustedco-serverstoenhanceprivacyandse-curityofwebtransactions.
IBMResearchReportRC-21851(2000)(Refer-encedonpage55.
)[182]Smith,S.
W.
:Outboundauthenticationforprogrammablesecurecoproces-sors.
JournalofInformationSecurity3(2004)(Referencedonpages4,19,20,and51.
)[183]Smith,S.
W.
:TrustedComputingPlatforms:DesignandApplications.
Springer(2005)(Referencedonpage75.
)[184]Smith,S.
W.
,Perez,R.
,Weingart,S.
H.
,Austel,V.
:Validatingahigh-performance,programmablesecurecoprocessor.
In:ProceedingsoftheNa-tionalInformationSystemsSecurityConference(1999)(Referencedonpages4,14,35,and51.
)[185]Smith,S.
W.
,Weingart,S.
:Buildingahigh-performance,programmablese-curecoprocessor.
ComputerNetworks31(8)(1999)(Referencedonpages4,14,35,and41.
)[186]Sophos:BestBuydigitalphotoframesshipwithcomputervirus.
http://www.
sophos.
com/pressoffice/news/articles/2008/01/photo-frame.
html(2008)(Referencedonpage47.
)[187]Soriente,C.
,Tsudik,G.
,Uzun,E.
:HAPADEP:Human-assistedpureaudiodevicepairing.
In:ProceedingsoftheInternationalInformationSecurityConference(ISC)(2008)(Referencedonpage71.
)References93[188]Soriente,C.
,Tsudik,G.
,Uzun,E.
:Securepairingofinterfaceconstraineddevices.
InternationalJournalonSecurityandNetworks4(1)(2009)(Refer-encedonpage71.
)[189]Sparks,E.
R.
:Asecurityassessmentoftrustedplatformmodules.
Tech.
Rep.
TR2007-597,DartmouthCollege(2007)(Referencedonpage21.
)[190]Spinellis,D.
:Reectionasamechanismforsoftwareintegrityverication.
ACMTransactionsonInformationandSystemSecurity3(1)(2000)(Refer-encedonpages39and40.
)[191]Srivastava,A.
,Gifn,J.
:Efcientmonitoringofuntrustedkernel-modeexe-cution.
In:ProceedingsoftheISOCSymposiumonNetworkandDistributedSystemSecurity(NDSS)(2011)(Referencedonpage32.
)[192]St.
Clair,L.
,Schiffman,J.
,T.
,J.
,P,M.
:Establishingandsustainingsystemintegrityviarootoftrustinstallation.
In:ProceedingsoftheAnnualCom-puterSecurityApplicationsConference(ACSAC)(2007)(Referencedonpage27.
)[193]Stajano,F.
,Anderson,R.
:Theresurrectingduckling:Securityissuesforad-hocwirelessnetworks.
In:ProceedingsoftheSecurityProtocolsWorkshop(1999)(Referencedonpage71.
)[194]STC'06:ProceedingsoftheACMWorkshoponScalableTrustedComput-ing.
ACM,NewYork,NY,USA(2006).
459065(Referencedonpage76.
)[195]STC'07:ProceedingsoftheACMWorkshoponScalableTrustedComput-ing.
ACM,NewYork,NY,USA(2007).
537073(Referencedonpage76.
)[196]STC'08:ProceedingsoftheACMWorkshoponScalableTrustedComput-ing.
ACM,NewYork,NY,USA(2008).
537081(Referencedonpage76.
)[197]STC'09:ProceedingsoftheACMWorkshoponScalableTrustedComput-ing.
ACM,NewYork,NY,USA(2009).
459095(Referencedonpage76.
)[198]STC'10:ProceedingsoftheACMWorkshoponScalableTrustedComput-ing.
ACM,NewYork,NY,USA(2010).
459105(Referencedonpage76.
)[199]Strasser,M.
,Stamer,H.
,Molina,J.
:Software-basedTPMemulator.
Sourcecode:http://tpm-emulator.
berlios.
de/(Referencedonpage59.
)[200]Stumpf,F.
,Tafreschi,O.
,R¨oder,P.
,Eckert,C.
:Arobustintegrityreportingprotocolforremoteattestation.
In:ProceedingsoftheWorkshoponAd-vancesinTrustedComputing(WATC)(2006)(Referencedonpage65.
)[201]Suh,G.
E.
,Clarke,D.
,Gassend,B.
,vanDijk,M.
,Devadas,S.
:AEGIS:Archi-tecturefortamper-evidentandtamper-resistantprocessing.
In:ProceedingsoftheInternationalConferenceonSupercomputing(2003)(Referencedonpages13and36.
)[202]Ta-Min,R.
,Litty,L.
,Lie,D.
:Splittinginterfaces:Makingtrustbetweenapplicationsandoperatingsystemscongurable.
In:ProceedingsoftheUSENIXSymposiumonOperatingSystemsDesignandImplementation(OSDI)(2006)(Referencedonpage27.
)[203]Tarnovsky,C.
:Securityfailuresinsecuredevices.
In:BlackHatDCPresen-tation(2008)(Referencedonpage74.
)94References[204]Tip,F.
:Asurveyofprogramslicingtechniques.
JournalofProgrammingLanguages3(3),121–189(1995)(Referencedonpage31.
)[205]Toegl,R.
,Winkler,T.
,Steurer,M.
E.
,Pirker,M.
,Pointner,C.
,Holzmann,T.
,Gissing,M.
,Sabongui,J.
:IAIKjTSS-TCGsoftwarestackfortheJavaplatform.
Sourcecodev0.
6http://trustedjava.
sourceforge.
net/(Referencedonpage59.
)[206]TrouSerS:Theopen-sourceTCGsoftwarestack.
Sourcecode:http://trousers.
sourceforge.
net/(Referencedonpage59.
)[207]TrustedComputing-ChallengesandApplications,LectureNotesinCom-puterScience,vol.
4968.
Springer-Verlag,BerlinGermany(2008)(Refer-encedonpage76.
)[208]TrustedComputing,LectureNotesinComputerScience,vol.
5471.
Springer-Verlag,BerlinGermany(2009)(Referencedonpage76.
)[209]TrustandTrustworthyComputing,LectureNotesinComputerScience,vol.
6101.
Springer-Verlag,BerlinGermany(2010)(Referencedonpage76.
)[210]TrustandTrustworthyComputing,LectureNotesinComputerScience,vol.
6740.
Springer-Verlag,BerlinGermany(2011)(Referencedonpage76.
)[211]TrustedComputingGroup:TCGmobiletrustedmodulespecication.
Ver-sion1.
0,Revision7.
02(2010)(Referencedonpage37.
)[212]TrustedComputingGroup:PCclientspecicTPMinterfacespecication(TIS).
Version1.
21,Revision1.
00(2011)(Referencedonpage31.
)[213]TrustedComputingGroup:TrustedPlatformModuleMainSpecication.
Version1.
2,Revision116(2011)(Referencedonpages4,8,15,19,20,22,23,41,66,and67.
)[214]T¨urpe,S.
,Poller,A.
,Steffan,J.
,Stotz,J.
P.
,Trukenm¨uller,J.
:AttackingtheBitLockerbootprocess.
In:ProceedingsoftheInternationalConferenceonTrustedComputing(2009)(Referencedonpage53.
)[215]Vasudevan,A.
,Parno,B.
,Qu,N.
,Gligor,V.
D.
,Perrig,A.
:Lockdown:Asafeandpracticalenvironmentforsecurityapplications.
Tech.
Rep.
CMU-CyLab-09-011,CarnegieMellonUniversity,Cylab(2009)(Referencedonpages41,42,and70.
)[216]Vaudenay,S.
:Securecommunicationsoverinsecurechannelsbasedonshortauthenticatedstrings.
In:ProceedingsofCRYPTO(2005)(Referencedonpage71.
)[217]Vejda,T.
,Toegl,R.
,Pirker,M.
,Winkler,T.
:Towardstrustservicesforlanguage-basedvirtualmachinesforgridcomputing.
In:ProceedingsoftheInternationalConferenceonTrustedComputing(2008)(Referencedonpage10.
)[218]Wallace,C.
:WorldwidePCmarkettodoubleby2010.
ForresterResearch,Inc.
PressRelease(2004)(Referencedonpage1.
)[219]WaveSystemsCorp:TrustedComputing:Analreadydeployed,costef-fective,ISOstandard,highlysecuresolutionforimprovingCyberse-curity.
http://www.
nist.
gov/itl/upload/Wave-Systems_Cybersecurity-NOI-Comments_9-13-10.
pdf(2010)(Refer-encedonpage1.
)References95[220]Weigold,T.
,Kramp,T.
,Hermann,R.
,H¨oring,F.
,Buhler,P.
,Baentsch,M.
:TheZurichtrustedinformationchannel:Anefcientdefenceagainstman-in-the-middleandmalicioussoftwareattacks.
In:ProceedingsoftheInterna-tionalConferenceonTrustedComputing(2008)(Referencedonpage69.
)[221]Weingart,S.
:PhysicalsecurityfortheABYSSsystem.
In:ProceedingsoftheIEEESymposiumonSecurityandPrivacy(1987)(Referencedonpage36.
)[222]Weiser,M.
:Programslicing.
IEEETransactionsonSoftwareEngineering10(4),352–357(1984)(Referencedonpage31.
)[223]White,S.
,Weingart,S.
,Arnold,W.
,Palmer,E.
:IntroductiontotheCitadelarchitecture:Securityinphysicallyexposedenvironments.
Tech.
Rep.
RC16672,IBMT.
J.
WatsonResearchCenter(1991)(Referencedonpage36.
)[224]Winter,J.
:TrustedcomputingbuildingblocksforembeddedLinux-basedARMTrustzoneplatforms.
In:ProceedingsoftheACMWorkshoponScal-ableTrustedComputing(STC)(2008)(Referencedonpage38.
)[225]Wurster,G.
,vanOorschot,P.
,Somayaji,A.
:Agenericattackonchecksumming-basedsoftwaretamperresistance.
In:ProceedingsoftheIEEESymposiumonSecurityandPrivacy(2005)(Referencedonpage40.
)[226]Yee,B.
S.
:Usingsecurecoprocessors.
Ph.
D.
thesis,CarnegieMellonUniver-sity(1994)(Referencedonpage36.
)[227]Zhuang,X.
,Zhang,T.
,Lee,H.
,Pande,S.
:Hardwareassistedcontrolowobfuscationforembeddedprocessors.
In:ProceedingsoftheConferenceonCompilers,ArchitectureandSynthesisforEmbeddedSystems(2004)(Ref-erencedonpage38.
)IndexSymbols.
NET10,33,53AAccesscontrol72Forstorage14AccountableVMM40ACMScalableTrustedComputingWorkshop76ACModseeAuthenticatedCodeModuleActiveManagementTechnology27,56AEGIS13,36,69AESinstructions2AIKseeAttestationIdentityKeypairAMD2,28,29,60,68AMTseeActiveManagementTechnologyAnonymity23,56Append-onlylog6,8,39Attestation19,22,26,28,29,32,41,43,52,62,63,66,75Coprocessor-based20Human-veriable64,71Load-timevs.
run-time73Principlesof21Property-based32,33Protocol20Scaling55Semantic10,25,33Software-based39,47,71Attackson40Tonetworkelements55,56TPM-based20AttestationIdentityKeypair20,23,24Auctions55Audit-basedsolutions40AuthenticatedCodeModule30,31Authorizedsoftware13BBarcodes49Battery-backedRAM14,36BBRAMseeBattery-backedRAMBGP55BIND30,55Bindingdata16BIOS4,9,18,27,28,50,51BitLocker15,53Bootprocess6,7,9,15,18Bumpy69Byzantine-Fault-Tolerantprotocols39CCellphone1,41,42,49,50,54,57,72Cerium36CerticateAuthority55Certicatechain7,20CFI10Chainoftrust4,9,28,30Citadel36Clark-Wilsonintegritymodel26,27CLRseeCommonLanguageRuntimeCodeconstraints32Codeidentity3,10Foraccesscontrol13,14Usewithfulldiskencryption15CommonLanguageRuntime53ConferenceonTrustandTrustworthyComputing76Conformancecredential19Contractualanonymity56Controlowintegrity9,11CoreRootofTrustforMeasurement27,37,75CP/Q++OS14CRTMseeCoreRootofTrustforMeasurement9798IndexCuckooattack41,43Formalmodel45Potentialsolutionsto45–50DDAAseeDirectAnonymousAttestationDebuggingaccess29DEVseeDeviceExclusionVectorDeviceExclusionVector29Dictionaryattack51DigitalRightsManagement1,73,76DirectAnonymousAttestation23,33,63,67,76Optimizationsof24Weaknessesof24DirectMemoryAccess29DirectMemoryAccessprotection29Distancebounding46,72DMAseeDirectMemoryAccessDRMseeDigitalRightsManagementDRTMseeDynamicRootofTrustforMeasurementDyad36DynamicPlatformCongurationRegisters29Dynamicproperties9,10Enforcement-based10,25Transform-based10,32DynamicRootofTrustforMeasurement9,26,28–30,39,41,48,51,60,76EEKseeEndorsementKeypairEndorsementcredential19,42,43,46EndorsementKeypair23Enforcer26Ephemeralsessionkey21Executionhandoff6One-way6Temporary6Exportcontrols16Extend8,9,29,30FFlicker30,38,55,60Formalmethods51FPGA39,74Fulldiskencryption14,15,53GGeneral-PurposeInput/Output69GETSEC29GETSEC[SENTER]28,29,31,60GPIOseeGeneral-PurposeInput/OutputGroupsignature23,56Grub59,60HHandoffattack6,7,26Hardwareattacks73Hardwareconguration3Hardwareobfuscation38Hardwareratchetinglock14Hash3,8Hashchain7,8,22Hostedvirtualnetworks55Humanfactors61HyperSentry27,28Hypervisor27,28,30–32,51IIBM47584,14,19,20,35,41,55,75IBM4764/PCIXCC35IMAseeIntegrityMeasurementArchitec-tureInneon36Informationoverload25Information-owcontrol11Inlinereferencemonitor10,32IntegrityClark-Wilsonmodel26,27Fordatacenters27Fordatastructures9Formeasurementlists6IntegrityMeasurementArchitecture9,21,22,26,59,60Intel2,27–31,51,60,68,76IntelvProTechnology27IntelligentPlatformManagementInterface27Interrupts29Introspection27iPhone54IPMIseeIntelligentPlatformManagementInterfaceIsolationViaDRTM28Viaprivilegelayering25ViaSystem-ManagementMode27Viavirtualization26Issuer24iTurtle61,64,67–69Index99JJava10,33,59jTpmTools59jTSS59KKerberos55Keyhierarchy15Kiosks42,49,74KnoppixforTrustedComputingGeeks60LLaGrandeTechnology28Language-basedtrustservices10LatelaunchseeDynamicRootofTrustforMeasurementLimitations73Linux8,59,60LiveCDs60Locality30Location-limitedchannel71Lockdownproject70LogicofSecureSystems52Low-PinCount73LPCseeLow-PinCountLS2seeLogicofSecureSystemsMM-Shield38MACseeMandatoryAccessControlMalware28MandatoryAccessControl26,27MeasuredLaunchedEnvironment30Measurement3,19,26,29,30,37Agent28Collection4Conveying19Howtosecure6,7Hypervisorintegrity28Listof5,7,8,13,14,21,66Localuse13TPM-basedexample8Whoperforms4Memoir17,60Memorypersistence74MemoryProtectionTable30ABYSS36MLEseeMeasuredLaunchedEnvironmentMLTMseeMobileLocalOwnerTrustedModuleMobileLocalOwnerTrustedModule37MobileRemoteOwnerTrustedModule37,38MobileTrustedModule37,38MobilephoneseeCellphoneMonotoniccounter17,56MPTseeMemoryProtectionTableMRTMseeMobileRemoteOwnerTrustedModuleMTMseeMobileTrustedModuleNNetworkaccesscontrol54Next-GenerationSecureComputingBase26,76NGSCBseeNext-GenerationSecureComputingBaseNizza27Non-controldataattacks10NonvolatileRAM16,37,69Limitationsof17Not-A-Bot56NVRAMseeNonvolatileRAMOOAEP15ObjectIndependentAuthorizationProtocol51OIAPseeObjectIndependentAuthorizationProtocolOpenPlatformTrustServices60OpenSecureLOader30,60OpenTrustedComputing60Open-sourcetools59OpenPTSseeOpenPlatformTrustServicesOpenSolaris51,59OpenSSH31OptionROM28OSLOseeOpenSecureLOaderOutboundauthentication19,75Overshadow27PPairingtwodevices71Passwords14PCRseePlatformCongurationRegisterPeer-to-peernetworks76Physicaltampering21PhysicalUnclonableFunction39,74PlatformCongurationRegister8,14,15,21,22,27,29,30,42100IndexDynamic29Platformcredential19Platformstate14Recording3Understanding25Predicatelogic41PRIMA26PRISM71Privacy20–23,33,61,63PrivacyCA23,63,67Experimentaldeployments23Privilegelayering25Privilegeseparation31Privilege-escalationattack6,7,25,26PrivTrans31Programslicing31Property-basedattestationseeAttestationProvenance55Proxos27Pseudonym23,24PublicKeyInfrastructure19,32PUFseePhysicalUnclonableFunctionPXEboot28QQuote21RRebootattack21RECAP56Red-greensystem70ReDAS10Replayattacks17ResetattackseeRebootattackResurrectingDucklingprotocol71Rollbackresistance17Rootoftrust4,19,35,37,38General-purpose37Hardware-based4Software-based39Special-purpose38Tamper-resistant35RootofTrustInstallation27ROTIseeRootofTrustInstallationRSA15,16SsAEGIS69SaferModeExtensions29Sealedstorage14,15,18,30TPM-basedExample18SecretProtected36,51,55Secureboot5,13,19,26,28,38,54,69Securechannel21,22,28,49SecureElements38SecureLoaderBlock29SecureVirtualMachine28,29,68Securitykernel25,29,32Security-relevantcode25Seeing-is-Believing49,71SELinux26,55SemanticattestationseeAttestationsHype27SiBseeSeeing-is-BelievingSide-channelattacks2SIMcard36,38SKINIT28,29,31,60SLBseeSecureLoaderBlockSLE88chip36Smartcard36,38SMIseeSystem-ManagementInterruptSMMseeSystem-ManagementModeSMXseeSaferModeExtensionsSoftwareengineering25Software-basedattestationseeAttestationSPseeSecretProtectedSpork55SSH55SSL22,55Storagerootkeypair15SVMseeSecureVirtualMachineSymbianSigned54Symbolicmodelchecking51System-ManagementInterrupt27System-ManagementMode27TTalkingtoStrangers71Tamper-responding14,35,54TCBseeTrustedComputingBaseTCGSoftwareStack75,76TCPAseeTrustedComputingPlatformAllianceTerra5,27,32Time-Of-ChecktoTime-Of-Use21TNCseeTrustedNetworkConnectTOCTOUseeTime-Of-ChecktoTime-Of-UseTPMseeTrustedPlatformModuleTransitivetrust55TrouSerS59,60Trustedboot4,5,8,19,26,28,60TrustedComputing1TrustedComputingBase27,56Index101TrustedComputingGroup23,75TrustedComputingPlatformAlliance75TrustedeXecutionTechnology28,29,31,60,68TrustedNetworkConnect54Trustedpath35,36,61,69,74Trustedplatform74,75TrustedPlatformModule1,8,14,19,20,22–24,26,28,29,31,37,38,41–43,51,53–55,60,69,73,75,76Driversupport59,76Emulators59Trustedsensors57Trustedthirdparty55TrustedVirtualDomain5TrustedVirtualEnvironmentModule5TrustVisor30TrustZone38TruWallet57TSSseeTCGSoftwareStackTVDseeTrustedVirtualDomainTVEMseeTrustedVirtualEnvironmentModuleTXTseeTrustedeXecutionTechnologyTypechecking32UUseridentity3,62VValidation51VericationFailureandrecovery67Verier19,20,27,28Virtualappliances27VirtualMachine5,26,27VirtualMachineMonitor5,26,28,30,51virtualTrustedPlatformModule5Virtual-machineintrospection10Virtualization26,51VirtualizationTechnologyforDirectedI/O29,62VMseeVirtualMachineVMMseeVirtualMachineMonitorVotingmachine54,74vProseeIntelvProTechnologyVT-dseeVirtualizationTechnologyforDirectedI/OVT-x29vTPMseevirtualTrustedPlatformModuleWWebALPS55Windows53,59,60XXen59,60XFI10XOM36ZZero-knowledgeproof24ZTICseeZurichTrustedInformationChannelZurichTrustedInformationChannel69