论文信息 - Personal Firewalls and Intrusion Detection Systems

Personal Firewalls and Intrusion Detection Systems

In this paper we explore how secure coprocessors can be used to secure client devices, especially mobile clients such as notebook computers. The goal is to protect data on the mobile client in case of theft, and to adapt the client's protection to the working environment --such as the Intranet or Internet-without relying completely on the integrity of the client. We show how physically secure coprocessors can introduce a security lifecycle into commercial off the shelf (COTS) clients by booting the client into a secure starting state, supervising the client's configuration and operation, and inspecting any network traffic that is sent or received by the client.

Ronald Perez | Reiner Sailer | Joan Dyer

[1] Paul E. Proctor,et al. Practical Intrusion Detection Handbook , 2000 .

[2] William A. Arbaugh,et al. A secure and reliable bootstrap architecture , 1997, Proceedings. 1997 IEEE Symposium on Security and Privacy (Cat. No.97CB36097).

[3] Thomas Henry Ptacek,et al. Insertion, Evasion, and Denial of Service: Eluding Network Intrusion Detection , 1998 .

[4] Elizabeth D. Zwicky,et al. Building internet firewalls , 1995 .

[5] Stephen P. Morgan,et al. Sherlock: Commercial High Assurance Network Computing , 2000, ISW.

[6] Steven M. Bellovin. Computer security—an end state? , 2001, CACM.

[7] Eugene H. Spafford,et al. Experiences with Tripwire: Using Integrity Checkers for Intrusion Detection , 1994 .