A multi-factor approach to securing software on client computing platforms

Raghunathan Srinivasan, Partha Dasgupta, Vivek Iyer, Amit Kanitkar, Sujit Sanjeev, Jatin Lodhia

Research output: Chapter in Book/Report/Conference proceedingConference contribution

1 Scopus citations

Abstract

Protecting the integrity of software platforms, especially in unmanaged consumer computing systems is a difficult problem. Attackers may attempt to execute buffer overflow attacks to gain access to systems, steal secrets and patch on existing binaries to hide detection. Every binary has inherent vulnerabilities that attackers may exploit. In this paper we present three orthogonal approaches; each of which provides a level of assurance against malware attacks beyond virus detectors. The approaches can be added on top of normal defenses and can be combined for tailoring the level of protection desired. This work attempts to find alternate solutions to the problem of malware resistance. The approaches we use are: adding diversity or randomization to data address spaces, hiding critical data to prevent data theft and the use of remote attestation to detect tampering with executable code.

Original languageEnglish (US)
Title of host publicationProceedings - SocialCom 2010
Subtitle of host publication2nd IEEE International Conference on Social Computing, PASSAT 2010: 2nd IEEE International Conference on Privacy, Security, Risk and Trust
Pages993-998
Number of pages6
DOIs
StatePublished - Nov 29 2010
Event2nd IEEE International Conference on Social Computing, SocialCom 2010, 2nd IEEE International Conference on Privacy, Security, Risk and Trust, PASSAT 2010 - Minneapolis, MN, United States
Duration: Aug 20 2010Aug 22 2010

Publication series

NameProceedings - SocialCom 2010: 2nd IEEE International Conference on Social Computing, PASSAT 2010: 2nd IEEE International Conference on Privacy, Security, Risk and Trust

Other

Other2nd IEEE International Conference on Social Computing, SocialCom 2010, 2nd IEEE International Conference on Privacy, Security, Risk and Trust, PASSAT 2010
CountryUnited States
CityMinneapolis, MN
Period8/20/108/22/10

Keywords

  • Attacks
  • Computer security
  • Integrity measurement
  • Memory randomization
  • Remote attestation
  • Secure key storage in memory

ASJC Scopus subject areas

  • Computer Networks and Communications
  • Computer Science Applications
  • Information Systems

Fingerprint Dive into the research topics of 'A multi-factor approach to securing software on client computing platforms'. Together they form a unique fingerprint.

  • Cite this

    Srinivasan, R., Dasgupta, P., Iyer, V., Kanitkar, A., Sanjeev, S., & Lodhia, J. (2010). A multi-factor approach to securing software on client computing platforms. In Proceedings - SocialCom 2010: 2nd IEEE International Conference on Social Computing, PASSAT 2010: 2nd IEEE International Conference on Privacy, Security, Risk and Trust (pp. 993-998). [5591388] (Proceedings - SocialCom 2010: 2nd IEEE International Conference on Social Computing, PASSAT 2010: 2nd IEEE International Conference on Privacy, Security, Risk and Trust). https://doi.org/10.1109/SocialCom.2010.147