Skip to main content

Safe Passage for Passwords and Other Sensitive Data

Publication ,  Conference
McCune, JM; Perrig, A; Reiter, MK
Published in: Proceedings of the Symposium on Network and Distributed System Security, NDSS 2009
January 1, 2009

The prevalence of malware such as keyloggers and screen scrapers has made the prospect of providing sensitive information via web pages disconcerting for security-conscious users. We present Bumpy, a system to exclude the legacy operating system and applications from the trusted computing base for sensitive input, without requiring a hypervisor or VMM. Bumpy allows the user to specify strings of input as sensitive when she enters them, and ensures that these inputs reach the desired endpoint in a protected state. The inputs are processed in an isolated code module on the user’s system, where they can be encrypted or otherwise processed for a remote webserver. We present a prototype implementation of Bumpy.

Duke Scholars

Published In

Proceedings of the Symposium on Network and Distributed System Security, NDSS 2009

Publication Date

January 1, 2009
 

Citation

APA
Chicago
ICMJE
MLA
NLM
McCune, J. M., Perrig, A., & Reiter, M. K. (2009). Safe Passage for Passwords and Other Sensitive Data. In Proceedings of the Symposium on Network and Distributed System Security, NDSS 2009.
McCune, J. M., A. Perrig, and M. K. Reiter. “Safe Passage for Passwords and Other Sensitive Data.” In Proceedings of the Symposium on Network and Distributed System Security, NDSS 2009, 2009.
McCune JM, Perrig A, Reiter MK. Safe Passage for Passwords and Other Sensitive Data. In: Proceedings of the Symposium on Network and Distributed System Security, NDSS 2009. 2009.
McCune, J. M., et al. “Safe Passage for Passwords and Other Sensitive Data.” Proceedings of the Symposium on Network and Distributed System Security, NDSS 2009, 2009.
McCune JM, Perrig A, Reiter MK. Safe Passage for Passwords and Other Sensitive Data. Proceedings of the Symposium on Network and Distributed System Security, NDSS 2009. 2009.

Published In

Proceedings of the Symposium on Network and Distributed System Security, NDSS 2009

Publication Date

January 1, 2009