Virtualization Based Password Protection Against Malware In Untrusted Operating Systems

Download Now Date Added: Apr 2012
Format: PDF

Password based authentication remains as the mainstream user authentication method for most web servers, despite its known vulnerability to keylogger attacks. Most existing countermeasures are costly because they require a strong isolation of the browser and the operating system. In this paper, the authors propose KGuard, a password input protection system. Its security is based on the hardware-based virtualization without safeguarding the browser or OS. A security-conscious user can conveniently and securely activate or deactivate the password protection by using key combinations.