Learn More
Secure coprocessors enable secure distributed applications by providing safe havens where an application program can Ž. execute and accumulate state , free of observation and interference by an adversary with direct physical access to the device. However, for these coprocessors to be effective, participants in such applications must be able to verify that(More)
Several credential systems have been proposed in which users can authenticate to services anonymously. Since anonymity can give users the license to misbehave, some variants allow the selective deanonymization (or linking) of misbehaving users upon a complaint to a trusted third party (TTP). The ability of the TTP to revoke a user's privacy at any time,(More)
The <i>Border Gateway Protocol (BGP)</i> controls inter-domain routing in the Internet. BGP is vulnerable to many attacks, since routers rely on hearsay information from neighbors. <i>Secure BGP (S-BGP)</i> uses DSA to provide route authentication and mitigate many of these risks. However, many performance and deployment issues prevent S-BGP's real-world(More)
T rusted-computing (TC) initiatives potentially give large organizations ways to control individu-als' use of their computers. Putting a physically protected component on a user's machine lets external organizations intrude on what previously had been the user's private space. However, we can turn the tables and put physically protected components on a(More)
What does it take to implement a server that provides access to records in a large database, in a way that ensures that this access is completely private— even to the operator of this server? In this paper, we examine the question: Using current commercially available technology, is it practical to build such a server, for real databases of realistic size,(More)
Consider the problem of transparently recovering an asynchronous distributed computation when one or more processes fail. Basing rollback recovery on optimistic message logging and replay is desirable for several reasons, including not requiring synchronization between processes during failure-free operation. However, previous optimistic rollback recovery(More)
Too often, " security of Web transactions " reduces to " encryption of the channel " —and neglects to address what happens at the server on the other end. This oversight forces clients to trust the good intentions and competence of the server operator—but gives clients no basis for that trust. Furthermore, despite academic and industrial research in secure(More)