Corpus ID: 18592072

The fairy tale of''what you see is what you sign

@inproceedings{Spalka2001TheFT,
  title={The fairy tale of''what you see is what you sign},
  author={Adrian Spalka and A. Cremers and Hanno Langweg},
  year={2001}
}
Software for the creation of digital signatures performs a delicate task. The signatory has to trust the manufacturer of the software that it will work in the intended way. Signing a document electronically will have legal consequences in a growing number of countries, therefore the security of the signing software is an important issue. In the past, Trojan horse programs have shown to be of growing concern for end-user computers. Software for digital signatures must provide protection against… Expand
Trojan horse attacks on software for electronic signatures
TLDR
The resulting system is an assembly of a small number of inexpensive building blocks that offers reliable protection against Trojan horse programs attempting to forge electronic signatures, focusing on Microsoft Windows NT and Windows 98. Expand
Robust WYSIWYS: A Method for Ensuring that What You See Is What You Sign
TLDR
A method for robust WYSIWYS (What You See Is What You Sign) that ensures the integrity of digital documents and their digital signatures is described that can only be directly applied to documents written with traditional ASCII characters. Expand
Protecting the Creation of Digital Signatures with Trusted Computing Platform Technology Against Attacks by Trojan Horse Programs
TLDR
By fusing two techniques, the WORM-supported reliable input method and the Intelligent Adjunct model of the Trusted Computing Platform Alliance, a high degree of protection from Trojan horse programs is achieved during the process of creating digital signatures. Expand
Self-Contained Digitally Signed Documents: Approaching "What You See Is What You Sign"
  • Håkan Soderstrom
  • Computer Science
  • 2014 International Conference on Information Science & Applications (ICISA)
  • 2014
TLDR
A method for improved assurance based on simple tenets is proposed for improving assurance in digital signatures that is being implemented in an e-government web platform for a major Swedish city. Expand
A taxonomy and survey of attacks on digital signatures
TLDR
A comprehensive taxonomy of attacks on digital signatures is presented, covering both the signature generation and verification phases, and will enable a rigorous and systematic analysis of the causes that may subvert the signature reliability. Expand
Notes on application-orientated access control
  • Adrian Spalka, Hanno Langweg
  • Computer Science
  • Proceedings. 13th International Workshop on Database and Expert Systems Applications
  • 2002
TLDR
A small enhancement to the operating system and an addition to the Operating System are presented, which support both a user and an application with high security demands in the enforcement of authenticity and integrity even in the presence of malicious programs. Expand
on application-orientated access control
The protection qualities of discretionary access control systems realised by today's prevalent operating systems are based on an assessment of the trustworthiness of users. By starting a program aExpand
Display Integrity Assurance for SMS Transaction Authorization
Secure online transactions with human users normally require visual display for verifying the correctness of central elements of the transaction before it is submitted. When commodity computerExpand
Security and Trust in the Italian Legal Digital Signature Framework
TLDR
This paper describes each of the problems and vulnerabilities of the early adoption of a national, legal digital signature framework in Italy, showing how in each case the issue does not lie in the algorithms and technologies adopted, but either in faulty implementations, bad design choices, or legal and methodological issues. Expand
Dynamic content attacks on digital signatures
TLDR
A novel solution to the problem of signing digital documents with dynamic content that requires all document handling applications to possess application awareness of the digital signature program in order to function properly. Expand
...
1
2
3
...

References

SHOWING 1-10 OF 23 REFERENCES
Protecting the Creation of Digital Signatures with Trusted Computing Platform Technology Against Attacks by Trojan Horse Programs
TLDR
By fusing two techniques, the WORM-supported reliable input method and the Intelligent Adjunct model of the Trusted Computing Platform Alliance, a high degree of protection from Trojan horse programs is achieved during the process of creating digital signatures. Expand
Approaches to handling "Trojan Horse" threats
This paper examines the exposure of an information system to an attack by a ''Trojan Horse'' and trapdoors. It outlines some new encryption-based mechanisms that can reduce risks and losses caused byExpand
Possible macro virus attacks and how to prevent them
TLDR
It is demonstrated that the assumption that macro viruses have to depend on the auto macros in order to replicate successfully is false - that there are many other ways which a WordMacro virus can use to get control and replicate successfully. Expand
Malware: Troy revisited
TLDR
The myth of the Trojan Horse is interesting from an academic viewpoint, and two important points from it are drawn, which are to apply to modern day Trojan Horses. Expand
Gesetz über Rahmenbedingungen für elektronische Signaturen und zur Änderung weiterer Vorschriften
  • Gesetz über Rahmenbedingungen für elektronische Signaturen und zur Änderung weiterer Vorschriften
  • 2001
SafeGuard Sign & Crypt FAQ
  • SafeGuard Sign & Crypt FAQ
  • 2001
Vermeidung und Abwehr von Angriffen Trojanischer Pferd Programme auf Digitale Signaturen
  • 2001
Vermeidung und Abwehr von Angriffen Trojanischer Pferd Programme auf Digitale Signaturen'. 7. Deutscher IT-Sicherheitskongress
  • Vermeidung und Abwehr von Angriffen Trojanischer Pferd Programme auf Digitale Signaturen'. 7. Deutscher IT-Sicherheitskongress
  • 2001
eTrust Mail. Signatur und Verschlüsselung von eMails nach deutschem Signaturgesetz
  • Handbuch zur Integration in Microsoft Outlook
  • 2000
eTrust Mail. Signatur und Verschlüsselung von eMails nach deutschem Signaturgesetz. Handbuch zur Integration in Microsoft Outlook
  • eTrust Mail. Signatur und Verschlüsselung von eMails nach deutschem Signaturgesetz. Handbuch zur Integration in Microsoft Outlook
  • 2000
...
1
2
3
...