TY - GEN
T1 - Non-invasive methods for host certification
AU - Traynor, Patrick
AU - Chien, Michael
AU - Weaver, Scott
AU - Hicks, Boniface
AU - McDaniel, Patrick
PY - 2006
Y1 - 2006
N2 - Determining whether a user or system is exercising appropriate security practices is difficult in any context. Such difficulties are particularly pronounced when uncontrolled or unknown platforms join public networks. Commonly practiced techniques used to vet these hosts, such as system scans, have the potential to infringe upon the privacy of users. In this paper, we show that it is possible for clients to prove both the presence and proper functioning of security infrastructure without allowing unrestricted access to their system. We demonstrate this approach, specifically applied to anti-virus security, by requiring clients seeking admission to a network to positively identify the presence or absence of malcode in a series of puzzles. The implementation of this mechanism and its application to real networks are also explored. In so doing, we demonstrate that it is not necessary for an administrator to be invasive to determine whether a client implements good security practices.
AB - Determining whether a user or system is exercising appropriate security practices is difficult in any context. Such difficulties are particularly pronounced when uncontrolled or unknown platforms join public networks. Commonly practiced techniques used to vet these hosts, such as system scans, have the potential to infringe upon the privacy of users. In this paper, we show that it is possible for clients to prove both the presence and proper functioning of security infrastructure without allowing unrestricted access to their system. We demonstrate this approach, specifically applied to anti-virus security, by requiring clients seeking admission to a network to positively identify the presence or absence of malcode in a series of puzzles. The implementation of this mechanism and its application to real networks are also explored. In so doing, we demonstrate that it is not necessary for an administrator to be invasive to determine whether a client implements good security practices.
UR - http://www.scopus.com/inward/record.url?scp=50049104590&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=50049104590&partnerID=8YFLogxK
U2 - 10.1109/SECCOMW.2006.359539
DO - 10.1109/SECCOMW.2006.359539
M3 - Conference contribution
AN - SCOPUS:50049104590
SN - 1424404231
SN - 9781424404230
T3 - 2006 Securecomm and Workshops
BT - 2006 Securecomm and Workshops
T2 - 2006 Securecomm and Workshops
Y2 - 28 August 2006 through 1 September 2006
ER -