Paul England's research while affiliated with Microsoft and other places
What is this page?
This page lists the scientific contributions of an author, who either does not have a ResearchGate profile, or has not yet added these contributions to their profile.
It was automatically created by ResearchGate to create a record of this author's body of work. We create such pages to advance our goal of creating and maintaining the most comprehensive scientific repository possible. In doing so, we process publicly available (personal) data relating to the author as a member of the scientific community.
If you're a ResearchGate member, you can follow this page to keep up with this author's work.
If you are this author, and you don't want us to display this page anymore, please let us know.
It was automatically created by ResearchGate to create a record of this author's body of work. We create such pages to advance our goal of creating and maintaining the most comprehensive scientific repository possible. In doing so, we process publicly available (personal) data relating to the author as a member of the scientific community.
If you're a ResearchGate member, you can follow this page to keep up with this author's work.
If you are this author, and you don't want us to display this page anymore, please let us know.
Publications (14)
Digital content is released to a rendering application for forwarding by such rendering application to an ultimate destination by way of a path therebetween. The path is defined by at least one module, and the digital content is initially in an encrypted form. An authentication of at least a portion of the path is performed to determine whether eac...
In accordance with certain aspects, data is received from a calling program. Ciphertext that includes the data is generated, using public key encryption, in a manner that allows the data to be obtained from the ciphertext only if one or more conditions are satisfied. In accordance with another aspect, a bit string is received from a calling program...
A virtual machine monitor (VMM) allows a single computer to run two or more operating systems at the same time. VMMs are relatively simple and are typically built to high assurance standards, which means that the quality of isolation provided by a virtual machine monitor is usually greater than that which can be achieved with a general-purpose oper...
A major challenge the computer industry is facing today is how to effectively protect end users against a plethora of email viruses and network intrusions. An obvious solution is to make the desktop operating system (OS) and applications flawless and bug-free. However, experience shows that this is an impractical goal. The reasons are threefold: th...
We describe Microsoft's Next Generation Secure Computing Base (NGSCB). The system provides high assurance computing in a manner consistent with the commercial requirements of mass market systems. This poses a number of challenges and we describe the system architecture we have used to overcome them. We pay particular attention to reducing the trust...
We investigate the darknet - a collection of networks and technologies used to share digital content. The darknet is not a separate physical network but an application and protocol layer riding on existing networks. Examples of darknets are peer-to-peer file sharing, CD and DVD copying, and key or password sharing on email and newsgroups. The last...
Microsoft's next-generation secure computing base extends personal computers to offer mechanisms that let high-assurance software protect itself from the operating systems, device drivers, BIOS, and other software running on the same machine.
Microsoft’s next-generation secure computing base extends personal computers to offer mechanisms that let high-assurance software protect itself from the operating systems, device drivers, BIOS, and other software running on the same machine.
We investigate the darknet - a collection of networks and technologies used to share digital content. The darknet is not a separate physical network but an application and protocol layer riding on exist- ing networks. Examples of darknets are peer to peer file sharing, CD and DVD copying, and key or password sharing on email and newsgroups. The las...
We describe how an open computing device can be extended to allow individual programs and operating systems to have exclusive ac- cess to cryptographic keys. This problem is of fundamental importance in areas such as virus protection, protection of servers from network attacks, network administration and copy protection. We seek a system that can b...
The identity of an operating system running on a computer is determined from an identity associated with an initial component for the operating system, combined with identities of additional components that are loaded afterwards. Loading of a digital rights management operating system on a subscriber computer is guaranteed by validating digital sig...
We investigate the problem of supporting a high-assurance operating system on open hardware architectures, which support a large and diverse collection of peripheral devices. The paper focuses on the problems that arise in this context for the management of DMA devices and memory. Our solution combines aspects of virtual machine monitors (VMM) and...
Citations
... If the nonce remains unchanged or changes regularly, the generated recharge instruction will not alter or change periodically, then the attacker can replay it through the line and can forge the recharge information to complete the illegal recharge operation on the account. Xu et al. [119] introduced a system that can recover IoT devices in a short period of time. This architecture uses TRNG as an entropy source to generate an attacker's unpredictable nonce, thus resisting replay attacks and enhancing the security of the system. ...
... This device provides the host platform with a number of services including: special purpose registers for recording platform state; a means of reporting this state to remote entities; and asymmetric key generation, encryption and digital signature capabilities. TC also encompasses new processor designs [10] and OS support [18] which facilitate software isolation. These concepts are examined in more detail elsewhere — see, for example [16, 17]. ...
... More and more malwares and attacks turn to choose VM as their targets, and in recent years, many traditional defense techniques have their corresponding counterpart of VM platforms, such as VM-based intrusion detection system, intrusion prevention system and honeypot. However, the security of virtual machine [4] itself is still a problem to solve. On the other hand, the business system has high requirements on security. ...
... Trustworthy refers to "behave at realization of the given target is always of an entity as well as expected results." Trusted computing [15][16][17][18][19]is a trusted component such that operation or process in any operating conditions is predictable, and it is able to resist the bad code and the devastation caused by a physical disturbance. Trusted computing is the foundation of security, starting from the trusted root and solving the security problems resulted from the structure of the PC. ...
![[object Object]](https://i1.rgstatic.net/ii/profile.image/273618659704843-1442247180489_Q64/Butler-Lampson.jpg)
... На почетку иницирања оперативног система контрола може бити предата програму који се налази у меморији која се може само читати (енгл. ROM) на потврђивање хеш вредности оперативног система због потврђивања идентитета и интегритета [61]. На исти начин се може потврдити поверење програмима прије дозвољавања њиховог покретања [62]. ...
... This architecture assumes the presence of TPM functionality, as defined by the TCG, in conjunction with processor enhancements and chipset extensions which enable the implementation of the high-assurance isolation layer. For further information see19202122. The Terra system architecture [23], the Perseus framework [24, 25], the Open Trusted Computing architecture [26] and the European Multilaterally Secure Computing Base (EMSCB) [27] have some similarities to the current version of NGSCB. ...
Reference: Trusted Mobile Platforms
... The German journalist, activist, and scholar Moßbrucker (2019) emphasizes encrypted communication and the right to anonymity as a central task of 'journalists' digital self-defense.' He suggests that journalistic practice and technological innovations should encompass features of the 'darknet,' a collection of networks and technologies for sharing content (Biddle, England, Peinado, & Willman, 2003) attuned to privacy and anonymity that counters traceability and surveillance. Moßbrucker (2019) argues that darknet features should become basic components of journalistic tools and could be transformed, with political and economic support, into a standard infrastructure for current communication tools. ...
... In parallel (and probably not independent) to the development of what we today know as the trusted platform module (TPM) [131], England and Peinado [44] introduced an abstraction called sealed storage, a possibility of "programs to store long-lived secrets" [44, p. 353f]. The abstraction encrypts data for the program, but key handling is done within the abstraction, i.e., the program does not get to see the key, and decryption (i.e., unsealing) is performed by the abstraction only for the program that initiated the original sealing operation. ...
... One of the very first works towards protecting applications and their sensitive data from unauthorized access by privileged software is NGSCB [37]. NGSCB made use of virtualization to run trusted and untrusted OSs simultaneously on the same machine enabling critical applications to use the trusted OS. ...
... With the measurement list, the challenger can know all programs running on the system and decide whether to trust the system. Other architectures [17] [18] [19] have also been proposed to build trust in commodity systems. ...
Reference: Building Trust in Container Environment
