Safe Passage for Passwords and Other Sensitive Data∗
Publication
, Conference
McCune, JM; Perrig, A; Reiter, MK
Published in: Proceedings of the Symposium on Network and Distributed System Security, NDSS 2009
January 1, 2009
The prevalence of malware such as keyloggers and screen scrapers has made the prospect of providing sensitive information via web pages disconcerting for security-conscious users. We present Bumpy, a system to exclude the legacy operating system and applications from the trusted computing base for sensitive input, without requiring a hypervisor or VMM. Bumpy allows the user to specify strings of input as sensitive when she enters them, and ensures that these inputs reach the desired endpoint in a protected state. The inputs are processed in an isolated code module on the user’s system, where they can be encrypted or otherwise processed for a remote webserver. We present a prototype implementation of Bumpy.
Duke Scholars
Published In
Proceedings of the Symposium on Network and Distributed System Security, NDSS 2009
Publication Date
January 1, 2009
Citation
APA
Chicago
ICMJE
MLA
NLM
McCune, J. M., Perrig, A., & Reiter, M. K. (2009). Safe Passage for Passwords and Other Sensitive Data∗. In Proceedings of the Symposium on Network and Distributed System Security, NDSS 2009.
McCune, J. M., A. Perrig, and M. K. Reiter. “Safe Passage for Passwords and Other Sensitive Data∗.” In Proceedings of the Symposium on Network and Distributed System Security, NDSS 2009, 2009.
McCune JM, Perrig A, Reiter MK. Safe Passage for Passwords and Other Sensitive Data∗. In: Proceedings of the Symposium on Network and Distributed System Security, NDSS 2009. 2009.
McCune, J. M., et al. “Safe Passage for Passwords and Other Sensitive Data∗.” Proceedings of the Symposium on Network and Distributed System Security, NDSS 2009, 2009.
McCune JM, Perrig A, Reiter MK. Safe Passage for Passwords and Other Sensitive Data∗. Proceedings of the Symposium on Network and Distributed System Security, NDSS 2009. 2009.
Published In
Proceedings of the Symposium on Network and Distributed System Security, NDSS 2009
Publication Date
January 1, 2009