{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,6,19]],"date-time":"2025-06-19T04:35:39Z","timestamp":1750307739130,"version":"3.41.0"},"reference-count":45,"publisher":"Association for Computing Machinery (ACM)","issue":"3","license":[{"start":{"date-parts":[[2008,3,1]],"date-time":"2008-03-01T00:00:00Z","timestamp":1204329600000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.acm.org\/publications\/policies\/copyright_policy#Background"}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":["ACM Trans. Inf. Syst. Secur."],"published-print":{"date-parts":[[2008,3,15]]},"abstract":"<jats:p>Determining whether a user or system is exercising appropriate security practices is difficult in any context. Such difficulties are particularly pronounced when uncontrolled or unknown platforms join public networks. Commonly practiced techniques used to vet these hosts, such as system scans, have the potential to infringe on the privacy of users. In this article, we show that it is possible for clients to prove both the presence and proper functioning of security infrastructure without allowing unrestricted access to their system. We demonstrate this approach, specifically applied to antivirus security, by requiring clients seeking admission to a network to positively identify the presence or absence of malcode in a series of puzzles. The implementation of this mechanism and its application to real networks are also explored. In so doing, we demonstrate that it is not necessary for an administrator to be invasive to determine whether a client implements required security practices.<\/jats:p>","DOI":"10.1145\/1341731.1341737","type":"journal-article","created":{"date-parts":[[2008,3,25]],"date-time":"2008-03-25T14:01:40Z","timestamp":1206453700000},"page":"1-23","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":7,"title":["Noninvasive Methods for Host Certification"],"prefix":"10.1145","volume":"11","author":[{"given":"Patrick","family":"Traynor","sequence":"first","affiliation":[{"name":"Systems and Internet Infrastructure Security (SIIS) Lab, The Pennsylvania State University"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Michael","family":"Chien","sequence":"additional","affiliation":[{"name":"Systems and Internet Infrastructure Security (SIIS) Lab, The Pennsylvania State University"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Scott","family":"Weaver","sequence":"additional","affiliation":[{"name":"Systems and Internet Infrastructure Security (SIIS) Lab, The Pennsylvania State University"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Boniface","family":"Hicks","sequence":"additional","affiliation":[{"name":"Systems and Internet Infrastructure Security (SIIS) Lab, The Pennsylvania State University"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Patrick","family":"McDaniel","sequence":"additional","affiliation":[{"name":"Systems and Internet Infrastructure Security (SIIS) Lab, The Pennsylvania State University"}],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"320","published-online":{"date-parts":[[2008,3]]},"reference":[{"key":"e_1_2_1_1_1","unstructured":"Aronsson H. A. 1995. Zero knowledge protocols and small systems. www.tml.hut.fi\/Opinnot\/Tik-110.501\/1995\/zeroknowledge. Aronsson H. A. 1995. Zero knowledge protocols and small systems. www.tml.hut.fi\/Opinnot\/Tik-110.501\/1995\/zeroknowledge."},{"key":"e_1_2_1_2_1","doi-asserted-by":"publisher","DOI":"10.1109\/MSP.2005.106"},{"key":"e_1_2_1_3_1","doi-asserted-by":"publisher","DOI":"10.1145\/378444.378449"},{"key":"e_1_2_1_4_1","doi-asserted-by":"publisher","DOI":"10.1145\/1030083.1030103"},{"key":"e_1_2_1_5_1","doi-asserted-by":"publisher","DOI":"10.5555\/603404.603408"},{"key":"e_1_2_1_6_1","doi-asserted-by":"publisher","DOI":"10.1007\/11663812_15"},{"key":"e_1_2_1_7_1","unstructured":"Computer Emergency Response Team (CERT). www.cert.org. Computer Emergency Response Team (CERT) . www.cert.org."},{"key":"e_1_2_1_8_1","doi-asserted-by":"crossref","unstructured":"Congdon P. 2003. RFC 3580 - IEEE 802.1X Remote authentication dial in user service (RADIUS) usage guidelines. Congdon P. 2003. RFC 3580 - IEEE 802.1X Remote authentication dial in user service (RADIUS) usage guidelines.","DOI":"10.17487\/rfc3580"},{"key":"e_1_2_1_9_1","doi-asserted-by":"crossref","unstructured":"Dierks T. and Allen C. 1999. The TLS protocol version 1.0. Internet Engineering Task Force RFC 2246. Dierks T. and Allen C. 1999. The TLS protocol version 1.0. Internet Engineering Task Force RFC 2246.","DOI":"10.17487\/rfc2246"},{"key":"e_1_2_1_10_1","unstructured":"European Institute for Computer Anti-Virus Research. 2003. Eicar---anti-virus test file. www.eicar.org\/anti_virus_test_file.htm. European Institute for Computer Anti-Virus Research. 2003. Eicar---anti-virus test file. www.eicar.org\/anti_virus_test_file.htm."},{"key":"e_1_2_1_11_1","doi-asserted-by":"publisher","DOI":"10.1145\/986655.986673"},{"key":"e_1_2_1_12_1","unstructured":"Evers J. 2006. Microsoft's antivirus package makes a splash. http:\/\/news.com.com\/2100-7355-6104926.html?tag=tb. Evers J. 2006. Microsoft's antivirus package makes a splash. http:\/\/news.com.com\/2100-7355-6104926.html?tag=tb."},{"key":"e_1_2_1_13_1","doi-asserted-by":"publisher","DOI":"10.1145\/1180405.1180414"},{"volume-title":"Proceedings of IEEE INFOCOM.","author":"Garetto M.","key":"e_1_2_1_14_1"},{"key":"e_1_2_1_15_1","doi-asserted-by":"publisher","DOI":"10.1145\/945445.945464"},{"key":"e_1_2_1_16_1","doi-asserted-by":"publisher","DOI":"10.1145\/22145.22178"},{"key":"e_1_2_1_17_1","doi-asserted-by":"crossref","unstructured":"Gordon S. 1995. Is a good virus simulator still a bad idea? www.research.ibm.com\/ antivirus\/SciPapers\/Gordon\/Simulators.html. Gordon S. 1995. Is a good virus simulator still a bad idea? www.research.ibm.com\/ antivirus\/SciPapers\/Gordon\/Simulators.html.","DOI":"10.1016\/1353-4858(96)84404-7"},{"key":"e_1_2_1_18_1","unstructured":"Harris N. 2004. Securing network will help business owner mitigate legal liabilities. http:\/\/www.bizjournals.com\/houston\/stories\/2004\/01\/19\/focus5.html. Harris N. 2004. Securing network will help business owner mitigate legal liabilities. http:\/\/www.bizjournals.com\/houston\/stories\/2004\/01\/19\/focus5.html."},{"key":"e_1_2_1_19_1","unstructured":"Insecure.org. 2005. Nmap---Free security scanner for network exploration &amp; security audits. www.insecure.org\/nmap\/. Insecure.org . 2005. Nmap---Free security scanner for network exploration &amp; security audits. www.insecure.org\/nmap\/."},{"key":"e_1_2_1_20_1","unstructured":"Intel Corporation. 2006. Intel 64 and IA-32 architectures; software developers manual Volume 2A. http:\/\/www.intel.com\/design\/processor\/manuals\/253666.pdf. Intel Corporation . 2006. Intel 64 and IA-32 architectures; software developers manual Volume 2A. http:\/\/www.intel.com\/design\/processor\/manuals\/253666.pdf."},{"volume-title":"Proceedings of the ISOC Network and Distributed System Security Symposium (NDSS).","author":"Juels A.","key":"e_1_2_1_21_1"},{"key":"e_1_2_1_22_1","doi-asserted-by":"publisher","DOI":"10.1109\/TCE.2003.1233772"},{"key":"e_1_2_1_23_1","first-page":"868","article-title":"Proposal of secure remote access using encryption. Global Telecommunications Conference (GLOBECOM'98). The Bridge to Global Integration","volume":"2","author":"Kawase T.","year":"1998","journal-title":"IEEE"},{"volume-title":"USENIX Security Symposium.","author":"Kim H.","key":"e_1_2_1_24_1"},{"key":"e_1_2_1_25_1","doi-asserted-by":"publisher","DOI":"10.1145\/359657.359659"},{"key":"e_1_2_1_26_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2005.15"},{"key":"e_1_2_1_27_1","unstructured":"Olsen F. 2002. The growing vulnerability of campus networks. http:\/\/chronicle.com\/ free\/v48\/i27\/27a03501.htm. Olsen F. 2002. The growing vulnerability of campus networks. http:\/\/chronicle.com\/ free\/v48\/i27\/27a03501.htm."},{"key":"e_1_2_1_28_1","unstructured":"OpenSSH. www.openssh.com. OpenSSH . www.openssh.com."},{"key":"e_1_2_1_29_1","unstructured":"OpenSSL. www.openssl.org\/. OpenSSL . www.openssl.org\/."},{"key":"e_1_2_1_30_1","doi-asserted-by":"publisher","DOI":"10.1016\/S1389-1286(99)00112-7"},{"key":"e_1_2_1_31_1","doi-asserted-by":"publisher","DOI":"10.1109\/TCE.2003.1209524"},{"key":"e_1_2_1_32_1","doi-asserted-by":"publisher","DOI":"10.1145\/1030083.1030125"},{"volume-title":"Proceedings of the 13th USENIX Security Symposium, 223--238","year":"2004","author":"Sailer R.","key":"e_1_2_1_33_1"},{"key":"e_1_2_1_34_1","doi-asserted-by":"publisher","DOI":"10.1049\/ecej:20020503"},{"volume-title":"ACM\/USENIX Symposium on Operating System Design and Implementation (OSDI).","author":"Singh S.","key":"e_1_2_1_35_1"},{"key":"e_1_2_1_36_1","unstructured":"Snort. The de facto standard for intrusion detection\/prevention. www.snort.org. Snort . The de facto standard for intrusion detection\/prevention. www.snort.org."},{"volume-title":"Proceedings of the USENIX Security Symposium.","author":"Staniford S.","key":"e_1_2_1_37_1"},{"volume-title":"Kerberos: An authentication service for open network systems. USENIX.","year":"1998","author":"Steiner J.","key":"e_1_2_1_38_1"},{"key":"e_1_2_1_39_1","unstructured":"Sygate Web site. 2002. Sygate Secure Enterprise. www.sygate.com\/products\/sygate-secure-enterprise.htm. Sygate Web site . 2002. Sygate Secure Enterprise. www.sygate.com\/products\/sygate-secure-enterprise.htm."},{"key":"e_1_2_1_40_1","unstructured":"Symantec. Symantec Client Security. enterprisesecurity.symantec.com\/products\/products.cfm? ProductID=154. Symantec . Symantec Client Security. enterprisesecurity.symantec.com\/products\/products.cfm? ProductID=154."},{"volume-title":"Proceedings of the International Symposium on Recent Advances in Intrusion Detection.","author":"Toth T.","key":"e_1_2_1_41_1"},{"key":"e_1_2_1_42_1","unstructured":"Trusted Computing Group. www.trustedcomputinggroup.org. Trusted Computing Group . www.trustedcomputinggroup.org."},{"volume-title":"Proceedings of the International Symposium on Recent Advances in Intrusion Detection.","author":"Wang K.","key":"e_1_2_1_43_1"},{"key":"e_1_2_1_44_1","doi-asserted-by":"publisher","DOI":"10.1145\/1030083.1030117"},{"key":"e_1_2_1_45_1","unstructured":"Zone Labs. Zone Labs Integrity SecureClient. http:\/\/www.zonelabs.com\/store\/content\/company\/ corpsales\/secureClientOverview.jsp. Zone Labs . Zone Labs Integrity SecureClient. http:\/\/www.zonelabs.com\/store\/content\/company\/ corpsales\/secureClientOverview.jsp."}],"container-title":["ACM Transactions on Information and System Security"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/1341731.1341737","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/1341731.1341737","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,18]],"date-time":"2025-06-18T13:38:54Z","timestamp":1750253934000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/1341731.1341737"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2008,3]]},"references-count":45,"journal-issue":{"issue":"3","published-print":{"date-parts":[[2008,3,15]]}},"alternative-id":["10.1145\/1341731.1341737"],"URL":"https:\/\/doi.org\/10.1145\/1341731.1341737","relation":{},"ISSN":["1094-9224","1557-7406"],"issn-type":[{"type":"print","value":"1094-9224"},{"type":"electronic","value":"1557-7406"}],"subject":[],"published":{"date-parts":[[2008,3]]},"assertion":[{"value":"2007-02-01","order":0,"name":"received","label":"Received","group":{"name":"publication_history","label":"Publication History"}},{"value":"2007-09-01","order":1,"name":"accepted","label":"Accepted","group":{"name":"publication_history","label":"Publication History"}},{"value":"2008-03-01","order":2,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}