Title

Virtualization Based Password Protection Against Malware In Untrusted Operating Systems

Publication Type

Conference Proceeding Article

Publication Date

2012

Abstract

Password based authentication remains as the mainstream user authentication method for most web servers, despite its known vulnerability to keylogger attacks. Most existing countermeasures are costly because they require a strong isolation of the browser and the operating system. In this paper, we propose KGuard, a password input protection system. Its security is based on the hardware-based virtualization without safeguarding the browser or OS. A security-conscious user can conveniently and securely activate or deactivate the password protection by using key combinations. We have implemented KGuard and experimented our prototype on Windows with Firefox. The results show that no significant performance loss is induced by our protection mechanism when a user authenticates to commercial web servers.

Discipline

Information Security

Research Areas

Information Security and Trust

Publication

Trust and Trustworthy Computing: 5th International Conference, TRUST 2012, Vienna, Austria, June 13-15, 2012. Proceedings

Volume

7344

First Page

201

Last Page

218

ISBN

9783642309212

Identifier

10.1007/978-3-642-30921-2_12

Publisher

Springer Verlag

Additional URL

http://dx.doi.org/10.1007/978-3-642-30921-2_12