Publications and Papers
April 02, 2009 by John
Please see my publications page at the Department of Computer Science, University of Oxford for a list of peer-reviewed papers.
- Accountable System Administration Through Integrity Reporting . By John Lyle and Andrew Martin.
System administrators are, by necessity, some of the most trusted people in an organisation. Unfortunately, the administrator of a remote service platform is usually unknown and therefore difficult to gain trust in. We propose that this problem can be solved if platforms attest to the administrative actions carried out rather than just the soft- ware they are running. We describe an example of how this could be re- alised through the implementation of an integrity-measuring menu-based Unix shell. To manage the log of attested actions, we also introduce a generalised framework based on process algebra for verifying integrity measurement logs.
- Scalable Trusted Computing for Webinos:
Designing a cross-device mobile web application environment with trusted infrastructure components. By John Lyle, Shamal Faily, Ivan Flechais and Andrew Martin.
This paper discusses the security architecture of webinos, a cross-platform web application environment. We describe our plans for introducing techniques from trusted infrastruc- ture to webinos in order to provide assurance, protect user data and increase the system’s trustworthiness. Our main contribution is a set of proposals which show that existing concepts and technologies, such as Trusted Network Con- nect and the Platform Trust Service, are applicable to users with multiple personal devices. We suggest that the key to making trusted computing scale to home users is the in- troduction of a cloud-based third party, which we call the personal zone hub.
- Creating Web Services With Attestable Formal Descriptions - Extended Abstract. By John Lyle and Andrew Martin.
'In this abstract we have presented a novel way of establishing trust in web services, through the use of behavioural contracts and Remote Attestation. We have described the general principles required for an implementation, including a way of guaranteeing the confidentiality of requests.'