Computing devices are routinely targeted by a wide variety of malware. The presence of exploitable vulnerabilities in computing device software, and the easy availability of know-how and tools for construction of exploit code has made it easy for attackers to introduce malware into computing devices by exploiting software. Since computing devices are routinely used for security-sensitive applications like electronic commerce, command and control systems, and critical infrastructure monitoring and control, malware present on computing devices can potentially compromise sensitive user information, and the privacy and safety of users. To use computing devices with confidence, users thus need an assurance that the software they use on their computing devices executes untampered by malware. Three classes of security-sensitive software best illustrate user-verifiable secure execution in the presence of malware on commercially available platforms: (1) secure remote login, (2) secure signing of critical data, and (3) secure execution of non-circumventable intrusion detection tools. In this STTR, we propose to investigate a technique for user-verifiable execution of security-sensitive code on untrusted platforms in the presence of malware. We also propose to illustrate the use of our technique through the three classes of security applications mentioned above.
Keywords: User-Verifiable Secure Execution In The Presence Of Malware On Commercially Available Platforms, Deployment On Commercially Available Platforms, Resistant To Malware And Malic
