Current Trends in Theory and Practice of Computer Science  
Track filter:   
Home
Invited Talk
Networks, Security and Cryptography

Sunday, January 20, 15:30 - 17:00

Yoram Ofek
(with Mariano Ceccato and Paolo Tonella)

Remote Entrusting by Run-Time Software Authentication

When the software industry discusses about software integrity, the main focus is on the protection of static software modules (e.g., by verifying the signature of their originator). In contrast, dynamic software authentication in real-time during execution is a known problem without a satisfactory solution. Specifically, how to ensure that a trusted code base (i.e., the software as was specified and implemented) is running on an untrusted machine at all times and that the original code functionality has not been modified prior to or during run-time, is an open research challenge. The key research question is: "How can the execution of a software component be continuously entrusted by a remote machine, albeit the software component is running inside an untrusted environment?" (This is called the "remote entrusting problem").

The long-term objective is to entrust selected functionalities that are executed on untrusted machines and thereby ensure crucial trust/security properties. Two primary application area examples are: (1) protecting network resources and servers from users employing untrusted/unauthorized software and protocols - specifically in the critical applications, such as, e-commerce; and (2) ensuring data privacy in Grid computing as well as digital right management (DRM) adherence by assuring proper processing of untrusted (possibly misbehaving) machines. The talk will focus on an EC funded project called RE-TRUST (re-trust.dit.unitn.it). The presentation will discuss some recent solutions and some outstanding challenges.
SOFSEM 2008, January 19-25, High Tatras, Slovakia