Notes

References

[1] M. Al-Meaither and C. J. Mitchell. Extending EMV to Support Murabaha
Transactions. In Proceedings of the 7th Nordic Workshop on Secure IT Systems
(NordSec 2003), pages 95{108. Department of Telematics, NTNU, Trondheim,
Norway, October 2003.

[2] A. Alsaid and C. J. Mitchell. Preventing Phishing Attacks Using Trusted Com-
puting Technology. In Proceedings of the 6th International Network Conference
(INC 2006), pages 221{228, July 2006.

[3] T. Alves and D. Felton. TrustZone: Integrated Hardware and Software Se-
curity { Enabling Trusted Computing in Embedded Systems. White pa-
per, ARM, Available On-line, July 2004. http://www.arm.com/pdfs/TZ_
Whitepaper.pdf.

[4] AMD. AMD64 Architecture Programmer's Manual: Volume 2: System Pro-
gramming. Technical Report AMD Publication no. 24594 rev. 3.11, Advanced
Micro Devices, May 2006. http://www.amd.com/us-en/assets/content_
type/white_papers_and_tech_docs/24593.pdf.

[5] R. Anderson. Cryptography and Competition Policy: Issues with `Trusted
Computing'. In L. J. Camp and S. Lewis, editors, Proceedings of the 22nd
Annual Symposium on Principles of Distributed Computing (PODC 2003),
pages 3{10. Kluwer Academic Publishers, July 2003.
202

[6] R. Anderson. `Trusted Computing' Frequently Asked Questions - Version
1.1. Available On-line, August 2003. http://www.cl.cam.ac.uk/~rja14/
tcpa-faq.html.

[7] Anti-Phishing Working Group. Phishing Activity Trends Report. Avail-
able On-line, April 2007. http://www.antiphishing.org/reports/apwg_
report_april_2007.pdf.

[8] APACS. Card Fraud { The Facts 2008. Available On-line, April
2007. http://www.apacs.org.uk/resources_publications/documents/
FraudtheFacts2008.pdf.

[9] APACS. Card Fraud Losses Continue to Fall. Available On-line, March 2007.
http://www.apacs.org.uk/media_centre/press/07_14_03.html.

[10] B. Arbaugh. Improving the TCPA Speci¯cation. IEEE Computer, 35(8):77{
79, August 2002.

[11] F. Armknecht, Y. Gasmi, A.-R. Sadeghi, P. Stewin, M. Unger, G. Ramunno,
and D. Vernizzi. An E±cient Implementation of Trusted Channels Based
on Openssl. In Proceedings of the 3rd ACM Workshop on Scalable Trusted
Computing (STC 2008), pages 41{50. ACM Press, 2008.

[12] Visa International Service Association. 3-D Secure Protocol Speci¯cation:
System Overview. Available On-line, April 2007. http://partnernetwork.
visa.com/pf/3dsec/main.jsp.

[13] T. Aura. RFC 4346 { Cryptographically Generated Addresses (CGA). Avail-
able On-line, March 2005.

[14] B. Balache®, D. Chan, L. Chen, S. Pearson, and G. Proudler. Securing Intelli-
gent Adjuncts Using Trusted Computing Platform Technology. In J. Domingo-
Ferrer, D. Chan, and A. Watson, editors, Proceedings of the 4th Working Conference on Smart Card Research and Advanced Applications (CARDIS 2001),
pages 177{195. Kluwer Academic Publishers, 2001.

[15] S. Balfe and E. Gallery. Mobile Agents and the Deus Ex Machina. In Proceed-
ings of the 21st International Conference on Advanced Information Networking
and Applications Workshops (AINA 2007), pages 486{492. IEEE Computer
Society, May 2007.

[16] S. Balfe, A. D. Lakhani, and K. G. Paterson. Securing Peer-to-Peer Networks
using Trusted Computing. In Mitchell [88], chapter 10, pages 271{298.

[17] S. Balfe, A. D. Lakhani, and K. G. Paterson. Trusted Computing: Providing
security for Peer-to-Peer Networks. In G. Caronni, N. Weiler, M. Waldvo-
gel, and N. Shahmehri, editors, Proceedings 5th International Conference on
Peer-to-Peer Computing (P2P 2005), pages 117{124. IEEE Computer Society,
August 2005.

[18] S. Balfe and K. G. Paterson. Augmenting Internet-based Card Not Present
Transactions with Trusted Computing: An Analysis. Technical Report
RHUL-MA-2006-9, Department of Mathematics, Royal Holloway, Univer-
sity of London, London, UK, 2006. http://www.rhul.ac.uk/mathematics/
techreports.

[19] S. Balfe and K. G. Paterson. Augmenting Internet-based Card Not Present
Transactions with Trusted Computing: An Analysis. Technical Report
RHUL-MA-2006-9-v2, Department of Mathematics, Royal Holloway, Univer-
sity of London, London, UK, 2006. http://www.rhul.ac.uk/mathematics/
techreports.

[20] S. Balfe and K. G. Paterson. e-EMV: Emulating EMV for Internet Payments
using Trusted Computing Technology. Technical Report RHUL-MA-2006-10,
Department of Mathematics, Royal Holloway, University of London, London,
UK, 2006. http://www.rhul.ac.uk/mathematics/techreports.
204

[21] S. Balfe and K. G. Paterson. Augmenting Internet-based Card Not Present
Transactions with Trusted Computing (Extended Abstract). In Proceedings
of the 12th International Conference of Financial Cryptography and Data Se-
curity (FC 2008), pages 171{175. Springer, January 2008.

[22] S. Balfe and K. G. Paterson. e-EMV: Emulating EMV for Internet Payments
with Trusted Computing Technologies. In Proceedings of the 3rd ACM Work-
shop on Scalable Trusted Computing (STC 2008). ACM Press, October 2008.

[23] B. Barak, O. Goldreich, R. Impagliazzo, S. Rudich, A. Sahai, S. Vadhan, and
K. Yang. On the (Im)possibility of Obfuscating Programs. In Proceedings
21st Annual International Cryptology Conference (Crypto 2001), pages 1{18,
August 2001.

[24] P. Barham, B. Dragovic, K. Fraser, S. Hand, T. Harris, A. Ho, R. Neugebauery,
I. Pratt, and A. War¯eld. XEN and the Art of Virtualization. In Proceedings
of the 19th ACM Symposium on Operating Systems Principles (SOSP 2003),
pages 164{177. ACM Press, October 2003.

[25] E. Bierman and E. Cloete. Classi¯cation of Malicious Host Threats in Mobile
Agent Computing. In Proceedings of the 2002 Annual Research Conference of
the South African Institute of Computer Scientists and Information Technol-
ogists on Enablement Through Technology (SAICSIT 2002), pages 141{148.
South African Institute for Computer Scientists and Information Technolo-
gists, September 2002.

[26] N. Borselius. Multi-agent System Security for Mobile Communication ). Tech-
nical Report RHUL-MA-2003-5, Department of Mathematics, Royal Holloway,
University of London, London, UK, September 2003. http://www.ma.rhul.
ac.uk/static/techrep/2003/RHUL-MA-2003-5.pdf.

[27] E. Brickell, J. Camenisch, and L. Chen. Direct Anonymous Attestation. In
B. P¯tzmann and P. Liu, editors, Proceedings of the 11th ACM Conference on
205
Computer and Communications Security (CCS 2004), pages 132{145. ACM
Press, October 2004.

[28] J. Camenisch. Direct Anonymous Attestation: Achieving Privacy in Re-
mote Authentication. Zurich Information Security Colloquium 2004. IBM
Zurich Information Security Center. http://www.zisc.ethz.ch/events/
infseccolloquium2004.

[29] J. Camenisch and A. Lysyanskaya. A Signature Scheme with E±cient Pro-
tocols. In S. Cimato, C. Galdi, and G. Persiano, editors, Proceedings of the
3rd International Conference on Security in Communication Networks (SCN
2002), volume 2576 of LNCS, pages 268{289. Springer, September 2003.

[30] D. L. Chaum. Untraceable Electronic Mail, Return addresses, and Digital
Pseudonyms. Communications of the ACM, 24(2):84{90, 1981.

[31] I. Clarke, O. Sandberg, B. Wiley, and T. W. Hong. Freenet: A Distributed
Anonymous Information Storage and Retrieval system. In Proceedings of In-
ternational Workshop on Design Issues in Anonymity and Unobservability,
volume 2009 of LNCS, pages 46{66. Springer{Verlag, 2001.

[32] S. Crane. Privacy Preserving Trust Agents. Technical Report HPL-2004-197,
Hewlett-Packard Laboratories, Bristol, UK, November 2004. http://www.
hpl.hp.com/techreports/2004/HPL-2004-197.pdf.

[33] E. Damiani, D. C. di Vimercati, S. Paraboschi, P. Samarati, and F. Violante.
A Reputation-based Approach for Choosing Reliable Resources in Peer-to-
PeerNetworks. In V. Atluri, editor, Proceedings of the 9th ACM Conference
on Computer and Communications Security (CCS 2002), pages 207{216. ACM
Press, November 2002.

[34] L. D'Anna, B. Matt, A. Reisse, T. Van Vleck, S. Schwab, and P. LeBlanc.
Self-Protecting Mobile Agents Obfuscation Report. Technical Report Report
206
03-015, Network Associates Laboratories, June 2003. http://www.au.af.
mil/au/awc/awcgate/darpa/obfreport.pdf.

[35] N. Daswani, H. Garcia-Molina, and B. Yang. Open Problems in Data-Sharing
Peer-to-Peer Systems. In D. Calvanese, M. Lenzerini, and R. Motwani, editors,
Proceedings of 9th International Conference on Database Theory (ICDT 2003),
volume 2572 of LNCS, pages 1{15. Springer{Verlag, January 2003.

[36] N. Daswani, P. Golle, S. Marti, H. Garcia-Molina, and D. Boneh. Eval-
uating Reputation Systems for Document Authenticity. Technical Report
2003-34, Computer Science Department, Stanford University, June 2003.
http://dbpubs.stanford.edu:8090/pub/2003-34.

[37] A. Datta, M. Hauswirth, and K. Aberer. Beyond \Web of Trust": Enabling
P2P E-Commerce. In R. Grinter, T. Rodden, P. Aoki, E. Cutrell, R. Je®ries,
and G. M. Olsen, editors, Proceedings of the 2003 IEEE Conference on Elec-
tronic Commerce (CEC 2003), pages 303{312. IEEE Computer Society, June
2003.

[38] S. Deering and C. Allen. RFC 2460 { Internet Protocol, Version 6 (IPv6)
Speci¯cation. Available On-line, December 1998. http://www.ietf.org/
rfc/rfc2460.txt.

[39] A.W. Dent and C.J. Mitchell. User's Guide to Cryptography and Standards.
Artech House, Boston, Massachusetts, USA, 2005.

[40] L. Detweiler. The Snakes of Medusa and Cyberspace { Inter-
net Identity Subversion. Available On-line, November 1993. http:
//www.interesting-people.org/archives/interesting-people/199311/
msg00054.html.

[41] R. Dhamija, J. D. Tygar, and M. Hearst. Why Phishing Works. In R. Grinter,
T. Rodden, P. Aoki, E. Cutrell, R. Je®ries, and G. M. Olsen, editors, Proceedings of the 2006 Conference on Human Factors in Computing Systems (CHI
2006), pages 581{590. ACM Press, April 2006.

[42] T. Dierks and C. Allen. RFC 4346 { The TLS Protocol Version 1.1. Available
On-line, April 2006. http://www.ietf.org/rfc/rfc4346.txt.

[43] J. R. Douceur. The Sybil Attack. In P. Druschel, M.F. Kaashoek, and A.I.T.
Rowstron, editors, Proceedings of the 1st International Workshop on Inter-
national Workshop on Peer-to-Peer Systems (IPTPS 2002), volume 2429 of
LNCS, pages 251{256. Springer{Verlag, March 2002.

[44] T. C. Du, E. Y. Li, and E. Wei. Mobile Agents for a Brokering Service in the
Electronic Marketplace. Decision Support Systems, 39(3):371{383, 2005.

[45] EMVCo. Book 3 { Application Speci¯cation, 4.0 edition, December 2000.
http://www.emvco.com.

[46] EMVCo. Book 1 { Application independent ICC to Terminal Interface require-
ments, 4.1 edition, May 2004. http://www.emvco.com.

[47] EMVCo. Book 2 { Security and Key Management, 4.1 edition, May 2004.
http://www.emvco.com.

[48] EMVCo. Book 3 { Application Speci¯cation, 4.1 edition, May 2004. http:
//www.emvco.com.

[49] EMVCo. Book 4 { Cardholder, Attendant, and Acquirer Interface Require-
ments, 4.1 edition, June 2004. http://www.emvco.com.

[50] W. M. Farmer, J. D. Guttman, and V. Swarup. Security for Mobile Agents:
Authentication and State Appraisal. In Proceedings of the 4th European Sym-
posium On Research In Computer Security (ESORICS 1996), pages 118{130.
Springer{Verlag, September 1996.

[51] Unlimited Freedom. Interesting Uses of Trusted Computing, Part 2. Available
On-line, March 2004. http://invisiblog.com/1c801df4aee49232/#mobile.

[52] Fuzen op. The FU Rootkit. Available On-line. http://www.rootkit.com/.

[53] S. Gajek, A.-R. Sadeghi, C. StÄuble, and M. Winandy. Compartmented Secu-
rity for Browsers { Or How to Thwart a Phisher with Trusted Computing. In
Proceedings of the The 2nd International Conference on Availability, Reliabil-
ity and Security (ARES 2007), pages 120{127. IEEE Computer Society, April
2007.

[54] E. Gallery and A. Tomlinson. Protection of Downloadable Software on SDR
Devices. In Proceedings of the 4th Software De¯ned Radio Forum Technical
Zonference (SDR 2005). Software De¯ned Radio Forum (SDRF), November
2005.

[55] E. Gallery and A. Tomlinson. Secure Delivery of Conditional Access Applica-
tions to Mobile Receivers. In Mitchell [88], chapter 7, pages 195{238.

[56] T. Gar¯nkel, B. Pfa®, J. Chow, M. Rosenblum, and D. Boneh. Terra: A
Virtual Machine-based Platform for Trusted Computing. ACM SIGOPS Op-
erating Systems Review, 37(5):193{206, 2003.

[57] T. Gar¯nkel, M. Rosenblum, and D. Boneh. Flexible OS Support and Appli-
cations for Trusted Computing. In Proceedings of the 9th USENIX Workshop
on Hot Topics on Operating Systems (HotOS-IX), pages 145{150. USENIX
Association, May 2003.

[58] Y. Gasmi, A.-R. Sadeghi, P. Stewin, M. Unger, and N. Asokan. Beyond Secure
Channels. In S. Xu and M. Yung, editors, Proceedings of the 2007 ACM
Workshop on Scalable Trusted Computing (STC 2007), pages 30{40. ACM
Press, November 2007.
209

[59] L. Gong, G. Ellison, and M. Dageforde. Inside Java 2 Platform Security:
Architecture, API Design, and Implementation. Addison-Wesley Longman
Publishing, Inc., 2nd edition, 2003.

[60] D. Grawrock. The Intel Safer Computer Initiative: Building Blocks for Trusted
Computing, chapter Protected Input and Output, pages 143{164. Intel Press,
2006.

[61] F. Gri®el, M. T. Tu, M. MÄunke, M. Merz, W. Lamersdorf, and M. M. da Silva.
Electronic Contract Negotiation as an Application Niche for Mobile Agents.
In Proceedings of the 1st International Conference on Enterprise Distributed
Object Computing (EDOC 1997), pages 354{367. IEEE Computer Society,
October 1997.

[62] D. Gri±n, G. Pavlou, and P. Georgatsos. Providing Customisable Network
Management Services Through Mobile Agents. In Proceedings of the 7th In-
ternational Conference on Intelligence and Services in Networks (IS&N 2000),
pages 209{226. Springer{Verlag, February 2000.

[63] R. Grimes. Authenticode. Available On-line, 2008. http://technet.
microsoft.com/en-us/library/cc750035.aspx.

[64] P. Gutman. PKI: It's Not Dead, Just Resting. Computer, 35(8):41{49, 2002.

[65] V. Haldar, D. Chandra, and M. Franz. Semantic Remote Attestation: A
Virtual Machine Directed Approach to Trusted Computing. In Proceedings of
the 3rd Conference on Virtual Machine Research And Technology Symposium
(VM 2004). USENIX Association, May 2004.

[66] E. V. Herreweghen and U. Wille. Risks and Potentials of Using EMV for Inter-
net Payments. In In Proceedings of the 1st USENIX Workshop on Smartcard
Technology, pages 163{174. USENIX Association, May 1999.

[67] R. Housley, W. Ford, W. Polk, and D. Solo. Internet X.509 Public Key In-
frastructure Certi¯cate and CRL Pro¯le. Available On-line, January 1999.

[68] Intel. LaGrande Technology Architectural Overview. Technical Report
252491-001, Intel Corporation, September 2003. http://www.intel.com/
technology/security/downloads/LT_Arch_Overview.pdf.

[69] International Organisation for Standardization. Information processing sys-
tems { Open Systems Interconnection { Basic Reference Model { Part 2: Se-
curity Architecture. ISO/ITU, 1989.

[70] ITU-T Recommendation X.509, Information technology | Open Systems In-
terconnection | The Directory: Public-key and Attribute Certi¯cate Frame-
works. International Organization for Standardisation, Geneva, Switzerland,
2000. 4th edition.

[71] S. Iyer, A. Rowstron, and P. Druschel. Squirrel: A Decentralized Peer-to-Peer
Web Cache. In Proceedings of the 21st Annual Symposium on Principles Of
Distributed Computing (PODC 2002), pages 213{222. ACM Press, July 2002.

[72] C. Jackson, D. Boneh, and J. Mitchell. Spyware Resistant Web Authentica-
tion Using Virtual Machines. http://crypto.stanford.edu/antiphishing/
spyblock.pdf.

[73] C. Jackson, D. Boneh, and J. Mitchell. Transaction Generators: Root Kits
for Web. In Proceedings of 2nd USENIX Workshop on Hot Topics in Security
(HotSec 2007), pages 1{4. USENIX Association, August 2007.

[74] W. Jansen and T. Karygiannis. Mobile Agents and Security. NIST Special
Publication 800-19, National Institute of Standards and Technology (NIST),
Computer Security Division, Gaithersburg, MD, USA, 1999. http://src.
nist.gov/publications/nistpubs/800-19/sp800-19.pdf.
211

[75] R. Jha and S. Iyer. Performance Evaluation of Mobile Agents for E-commerce
Applications. In Proceedings of the 8th International Conference on High Per-
formance Computing (HiPC 2001), pages 331{340. Springer-Verlag, December
2001.

[76] A. JÄosang, R. Ismail, and C. Boyd. A Survey of Trust and Reputation Systems
for Online Service Provision. Decision Support Systems, 43(2):618{644, 2007.

[77] R. L. Kay. Trusted Computing is Real and its Here. Available On-line, January
2007. https://www.trustedcomputinggroup.org/news/Industry_Data/
Endpoint_Technologies_Associates_TCG_report_Jan_29_2007.pdf.

[78] V. Khu-Smith and C. J. Mitchell. Using EMV Cards to Protect E-commerce
Transactions. In K. Bauknecht A. M. Tjoa and G. Quirchmayr, editors, Pro-
ceedings of the 3rd International Conference on E-Commerce and Web Tech-
nologies (EC-WEB 2002), volume 2455 of LNCS, pages 388{399. Springer{
Verlag, January 2002.

[79] M. Kinateder and S. Pearson. A Privacy-enhanced Peer-to-Peer Reputation
System. In K. Bauknecht, A.M. Tjoa, and G. Quirchmayr, editors, Proceed-
ings of the 4th International Conference on Electronic Commerce and Web
Technologies (EC-Web 2003), volume 2738 of LNCS, pages 206{216. Springer{
Verlag, September 2003.

[80] S. T. King, P. M. Chen, Y-M. Wang, C. Verbowski, H. J. Wang, and J. R.
Lorch. SubVirt: Implementing Malware with Virtual Machines. In Proceedings
of the 2006 IEEE Symposium on Security and Privacy (S&P 2006), pages 314{
327. IEEE Computer Society, May 2006.

[81] J. Kubiatowicz, D. Bindel, Y. Chen, S. Czerwinski, P. Eaton, D. Geels,
R. Gummadi, S. Rhea, H. Weatherspoon, W. Weimer, C. Wells, and B. Zhao.
OceanStore: An Architecture for Global-Scale Persistent Storage. SIGPLAN
Notices, 35(11):190{201, November 2000.

[82] S. Marti and H. Garcia-Molina. Identity Crisis: Anonymity vs. Reputation in
P2P Systems. In Proceedings of the 3rd International Conference on Peer-to-
Peer Computing (P2P 2003), pages 134{141. IEEE Computer Society, Septem-
ber 2003.

[83] J. M. McCune, B. Parno, A. Perrig, M. K. Reiter, and A. Seshadri. Minimal
TCB Code Execution. In Proceedings of the 2007 IEEE Symposium on Security
and Privacy (S&P 2007), pages 267{272. IEEE Computer Society, May 2007.

[84] J. M. McCune, A. Perrig, and M. K. Reiter. Bump in the Ether: A Framework
for Securing Sensitive User Input. In Proceedings of the 2006 USENIX Annual
Technical Conference (USENIX 2006), pages 185{198. USENIX Assocation,
June 2006.

[85] P. Meadowcroft. Combating Card Fraud. Available On-line, January
2005. http://www.scmagazine.com/uk/news/article/459478/combating+
card+fraud/.

[86] A. Menezes, P. Van Oorschot, and S. Vanstone. Handbook of Applied Cryp-
tography, volume 6 of Discrete Mathematics and its Applications. CRC Press,
Boca Raton, Florida, USA, 1997.

[87] D. S. Milojicic, V. Kalogeraki, R. Lukose, K. Nagaraja, J. Pruyne, B. Richard,
S. Rollins, and Z. Xu. Peer-to-Peer computing. Technical Report HPL-2002-
57, Hewlett-Packard Laboratories, March 2002. http://www.hpl.hp.com/
techreports/2002/HPL-2002-57.html.

[88] C. J. Mitchell, editor. Trusted Computing. IEE Professional Applications of
Computing Series 6. The Institute of Electrical Engineers (IEE), April 2005.

[89] D. Molnar, R. Dingledine, and M. J. Freedman. Free Haven. In Oram [95],
chapter 12.

[90] G. C. Necula. Proof-Carrying Code. In Proceedings of the 24th ACM
SIGPLAN-SIGACT Symposium on Principles Of Programming Languages
(POPL 1997), pages 106{119. ACM Press, January 1997.

[91] C. Neuman, S. Hartman, and K. Raeburn. RFC 4120 { The Kerberos Network
Authentication Service (V5). Available On-line, July 2005. http://tools.
ietf.org/html/rfc4120.

[92] NIST. Speci¯cations for the SECURE HASH STANDARD. Technical Report
Federal Information Processing Standards Publication 180-2, The National
Institute of Standards and Technology (NIST), August 2002. http://csrc.
nist.gov/publications/fips/fips180-2/fips180-2.pdf.

[93] OMA. DRM architecture v2.0. Technical Speci¯cation OMA-DRM-ARCH-
V2 0-2004071515-C, The Open Mobile Alliance (OMA), July 2004.

[94] D. O'Mahony, M. Peirce, and H. Tewari. Electronic Payment Systems for
E-Commerce. Artech House, 2nd edition, 2001.

[95] A. Oram, editor. Peer-to-Peer: Harnessing the Power of Disruptive Technolo-
gies. O'Reilly & Associates, 2001.

[96] J. K. Ousterhout, J. Y. Levy, and B. B. Welch. The Safe-TCL Security
Model. Technical Report TR-97-60, Sun Microsystems Laboratories, Cali-
fornia, US, March 1997. http://research.sun.com/techrep/1997/smli_
tr-97-60.pdf.

[97] PCI Security Standards Council. Payment Card Industry Data Security
Standard { Version 1.1. Available On-line, September 2006. https://www.
pcisecuritystandards.org/tech/download_the_pci_dss.htm.

[98] S. Pearson. Trusted Agents that Enhance User Privacy by Self-Pro¯ling. Tech-
nical Report HPL-2002-196, Hewlett-Packard Laboratories, Bristol, UK, 15
July 2002. http://hpl.hp.co.uk/techreports/2002/HPL-2002-196.pdf.

[99] S. Pearson. Trusted Computing Platforms, the Next Security Solution. Tech-
nical Report HPL-2002-221, Hewlett-Packard Laboratories, November 2002.
http://www.hpl.hp.com/techreports/2002/HPL-2002-221.pdf.

[100] S. Pearson, editor. Trusted Computing Platforms: TCPA Technology in Con-
text. Prentice Hall, 2003.

[101] S. Pearson. How Trusted Computers can Enhance Privacy Preserving Mobile
Applications. In Proceedings of the 1st International IEEE Workshop on Trust,
Security and Privacy for Ubiquitous Computing (WOWMOM 2005), pages
609{613. IEEE Computer Society, June 2005.

[102] M. Peinado, Y. Chen, P. England, and J. Manferdelli. NGSCB: A Trusted
Open System. In H. Wang, J. Pieprzyk, and V. Varadharajan, editors, Pro-
ceedings of 9th Australasian Conference on Information Security and Privacy,
(ACISP 2004), volume 3108 of LNCS, pages 86{97. Springer{Verlag, July
2004.

[103] M. Peinado, P. England, and Y. Chen. An Overview of NGSCB. In Mitchell
[88], chapter 7, pages 115{141.

[104] B. P¯tzmann, J. Riordan, C. StÄuble, M. Waidner, and A. Weber. The
PERSEUS System Architecture. Technical Report RZ 3335 (#93381), IBM
Research Division, Zurich Laboratory, April 2001.

[105] D. Piper. RFC 2407 { The Internet IP Security Domain of Interpretation for
ISAKMP. Available On-line, November 1998. http://www.ietf.org/rfc/
rfc2407.txt.

[106] G. Price. PKI { An Insider's View (Extended Abstract). Technical Report
RHUL-MA-2005-8, Department of Mathematics, Royal Holloway, University
of London, London, UK, June 2005. http://www.ma.rhul.ac.uk/static/
techrep/2005/RHUL-MA-2005-8.pdf.

[107] A. Pridgen and C. Julien. A Secure Modular Mobile Agent System. In Proceed-
ings of the 2006 international workshop on Software Engineering for Large-
scale Multi-Agent Systems (SELMAS 2006), pages 67{74. ACM Press, May
2006.

[108] G. J. Proudler. Concepts of Trusted Computing. In Mitchell [88], chapter 2,
pages 11{27.

[109] D. Qiu and R. Srikant. Modeling and Performance Analysis of BitTorrent-like
Peer-to-Peer Networks. In Proceedings of the 2004 conference on Applica-
tions, Technologies, Architectures, and Protocols for Computer Communica-
tions (SIGCOMM 2004), pages 367{378. ACM Press, August 2004.

[110] C. Radu. Implementing Electronic Card Payment Systems. Artech House,
November 2002.

[111] J. Reid, J. M. Gonzalez Nieto, and E. Dawson. Privacy and Trusted Com-
puting. In Proceedings of the 14th International Workshop on Database and
Expert Systems Applications (DEXA 2003), pages 383{388. IEEE Computer
Society, September 2003.

[112] M. K. Reiter and A. D. Rubin. Crowds: Anonymity for Web Transactions.
ACM Transactions on Information and System Security (TISSEC), 1(1):66{
92, 1998.

[113] M. Rennhard and B. Plattner. Practical Anonymity for the Masses with Mix-
Networks. In Proceedings of the 12th International Workshop on Enabling
Technologies (WETICE 2003), pages 255{262. IEEE Computer Society, June
2003.

[114] P. Resnick, K. Kuwabara, R. Zeckhauser, and E. Friedman. Reputation Sys-
tems. In Communications of ACM, volume 43, pages 45{48. ACM Press,
December 2000.
216

[115] J. Riordan and B. Schneier. Environmental Key Generation Towards Clueless
Agents. In G. Vigna, editor, Mobile Agents and Security, volume 1419 of
LNCS, pages 15{24. Springer{Verlag, 1998.

[116] V. Roth. Secure Recording of Itineraries through Co-operating Agents. In
Proceedings of the 12th European Conference on Object-Oriented Programming
(ECOOP 1998), pages 297{298. Springer{Verlag, July 1998.

[117] K. Rothermel and M. Schwehm. Mobile Agents. In A. Kent and J.G. Williams,
editors, Encyclopedia for Computer Science and Technology, volume 40, pages
155{176. M. Dekker Inc., 1999.

[118] S. Schoen, Electronic Frontier Foundation. Trusted Computing: Promise
and Risk. Available On-line, October 2003. http://www.eff.org/
Infrastructure/trusted\_computing/20031001_tc.pdf.

[119] A.-R. Sadeghi, M. Selhorst, C. StÄuble, C. Wachsmann, and M. Winandy. TCG
Inside?: A Note on TPM Speci¯cation Compliance. In Proceedings of the 1st
ACM Workshop on Scalable Trusted Computing (STC 2006), pages 47{56.
ACM Press, November 2006.

[120] A.-R. Sadeghi and C. StÄuble. Property-based Attestation for Computing Plat-
forms: Caring About Properties, Not Mechanisms. In C.F. Hempelmann
and V. Raskin, editors, Proceedings of the 2004 Workshop on New Security
Paradigms (NSPW 2004), pages 67{77. ACM Press, 2004.

[121] A.-R. Sadeghi, C. StÄuble, and N. Pohlmann. European Multilateral Secure
Computing Base: Open Trusted Computing for You and Me. Available On-
line, 2004. http://www.prosec.rub.de/Publications/SaStPo2004Web.pdf.

[122] R. Sandhu and X. Zhang. Peer-to-Peer Access Control Architecture Using
Trusted Computing Technology. In Proceedings of the 10th ACM Symposium
on Access Control Models And Technologies (SACMAT 2005), pages 147{158.
ACM Press, June 2005.

[123] L. F. G. Sarmenta, M. van Dijk, C. W. O'Donnell, J. Rhodes, and S. De-
vadas. Virtual Monotonic Counters and Count-Limited Objects Using a TPM
Without a Trusted OS. In Proceedings of the 1st ACM Workshop on Scalable
Trusted Computing (STC 2006), pages 47{56. ACM Press, November 2006.

[124] S. E. Schechter, R. A. Greenstadt, and M. D. Smith. Trusted Computing,
Peer-To-Peer Distribution and the Economics of Pirated Entertainment. In
Proceedings of 2nd Workshop on Economics and Information Security. May
2003.

[125] J. Schiller. RFC 4307 { Cryptographic Algorithms for Use in the Internet
Key Exchange Version 2 (IKEv2). Available On-line, December 2005. http:
//www.rfc-editor.org/rfc/rfc4307.txt.

[126] S. Schoen. Comments on LT Policy on Owner/User Choice and Control 0.8.
Available On-line, December 2003. http://www.eff.org/Infrastructure/
trusted_computing/eff_comments_lt_policy.pdf.

[127] S. Schoen. Give TCPA an Owner Override. Available On-line, December 2003.
http://www.linuxjournal.com/article/7055.

[128] S. Schoen. Comments on TCG Design, Implementation and Us-
age Principles 0.95. Available On-line, October 2004. http:
//www.eff.org/Infrastructure/trusted_computing/20041004\_eff\
_comments\_tcg_principles.pdf.

[129] S. Schoen. Compatibility, Competition, and Control in Trusted Computing
Environments. Information Security Technical Report, 10(2):105{119, 2005.

[130] U.S. Securities and Exchange Commission. Form 10-K { The TJX Compa-
nies, INC. Available On-line, January 2007. http://www.sec.gov/Archives/
edgar/data/109198/000095013507001906/b64407tje10vk.htm.

[131] IBM Global Services. IBM Global Business Security Index Report, February
2005. http://www-935.ibm.com/services/us/index.wss/offering/bcrs/
a1008776.

[132] A. Seshadri, M. Luk, N. Qu, and A. Perrig. SecVisor: A Tiny Hypervisor
to Provide Lifetime Kernel Code Integrity for Commodity OSes. In T. Bres-
soud and F. Kaashoek, editors, Proceedings of 21st ACM SIGOPS Symposium
on Operating Systems Principles (SOSP 2007), pages 335{350. ACM Press,
October 2007.

[133] SETCo. SET Secure Electronic Transaction 1.0 Speci¯cation { The Formal
Protocol De¯nition. Available On-line, May 1997. http://www.cl.cam.ac.
uk/research/security/resources/SET/.

[134] E. Shi, A. Perrig, and L. V. Doorn. BIND: A Fine-Grained Attestation Service
for Secure Distributed Systems. In Proceedings of the 2005 IEEE Symposium
on Security and Privacy (S&P 2005), pages 154{168. IEEE Computer Society,
May 2005.

[135] A. Spalka, A. B. Cremers, and H. Langweg. Protecting the Creation of Digital
Signatures with Trusted Computing Platform Technology against Attacks by
Trojan Horse Programs. In M. Dupuy and P. Paradinas, editors, Proceedings
of the 16th Annual Working Conference on Information Security (IFIP/Sec
2001), volume 193 of IFIP Conference Proceedings, pages 403{419. Kluwer
Academic Publishers, 11{13 June 2001.

[136] C. Spyrou, G. Samaras, E. Pitoura, and P. Evripidou. Mobile Agents for
Wireless Computing: The Convergence of Wireless Computational Models
with Mobile-agent Technologies. Mobile Networks and Applications, 9(5):517{
528, October 2004.

[137] R. Stallman. Free Software, Free Society: Selected Essays of Richard M. Stall-
man, chapter 17, pages 115{119. GNU Press, 2002.

[138] F. Stumpf, A. Fuchs, S. Katzenbeisser, and C. Eckert. Improving the Scala-
bility of Platform Attestation. In Proceedings of the 3rd ACM Workshop on
Scalable Trusted Computing (STC 2008). ACM Press, October 2008.

[139] F. Stumpf, O. Tafreschi, P. RÄoder, and C. Eckert. A Robust Integrity Report-
ing Protocol for Remote Attestation. In Proceedings of the 2nd Workshop on
Advances in Trusted Computing (WATC 2006), November 2006.

[140] Sun Microsystems. The Java Tutorials: Signing and Verifying JAR Files.
Available On-line, 2008. http://java.sun.com/docs/books/tutorial/
deployment/jar/signindex.html.

[141] Symantec. Infostealer.Bankash.G. Available On-line, Febuary 2006.
http://www.symantec.com/security_response/writeup.jsp?docid=
2006-010317-5218-99.

[142] Symantec. Symantec Internet Security Threat Report Volume XI. Available
On-line, March 2007. http://www.symantec.com/enterprise/theme.jsp?
themeid=threatreport.

[143] P. F. Syverson, D. M. Goldschlag, and M. G. Reed. Anonymous Connections
and Onion Routing. In Proceedings of the 1997 IEEE Symposium on Security
and Privacy (S&P 1997), page 44. IEEE Computer Society, May 1997.

[144] TCG. Interoperability Speci¯cation for Backup and Migration Services. TCG
speci¯cation Version 1.0, The Trusted Computing Group (TCG), May 2005.

[145] TCG. Subject Key Attestation Evidence Extension. TCG speci¯cation version
1.0 revision 7, The Trusted Computing Group (TCG), June 2005.

[146] TCG. TCG Generic Server Speci¯cation. TCG speci¯cation Version 1.0, The
Trusted Computing Group (TCG), July 2005.

[147] TCG. TCG Infrastructure Working Group Reference Architecture for Inter-
operability (Part I). TCG speci¯cation version 1.0 revision 1, The Trusted
Computing Group (TCG), June 2005.

[148] TCG. TCG PC Client Speci¯c Implementation Speci¯cation For conventional
BIOS. TCG speci¯cation Version 1.2 Final, The Trusted Computing Group
(TCG), July 2005.

[149] TCG. TCG Software Stack (TSS) Speci¯cation. TCG Speci¯cation Version
1.2 Level 1, The Trusted Computing Group (TCG), January 2006.

[150] TCG. TPM Main, Part 2: TPM Data Structures. TCG Speci¯cation Version
1.2 Revision 103, The Trusted Computing Group (TCG), July 2006.
[151] TCG. TCG Speci¯cation Architecture Overview. TCG speci¯cation Version
1.4, The Trusted Computing Group (TCG), August 2007.

[152] TCG. TNC Architecture for Interoperability. TCG Speci¯cation Version 1.2
Revision 4, The Trusted Computing Group (TCG), September 2007.

[153] TCG. TPM Main, Part 1: Design Principles. TCG Speci¯cation Version 1.2
Revision 103, The Trusted Computing Group (TCG), July 2007.

[154] TCG. TPM Main, Part 3: Commands. TCG Speci¯cation Version 1.2 Revision
103, The Trusted Computing Group (TCG), July 2007.

[155] TCG MPWG. TCG Mobile Trusted Module Speci¯cation. TCG Speci¯cation
Version 1.0 Revision 1, The Trusted Computing Group (TCG), September
2007.

[156] The Sunday Times. Don't Use Cards At Petrol Stations. Available On-line,
Febuary 18 2007. http://business.timesonline.co.uk/.

[157] US Department of Homeland Security, SRI International Identity Theft
Technology Council and the Anti-Phishing Working Group. The Crime-
ware Landscape: Malware, Phishing, Identity Theft and Beyond. Avail-
able On-line, October 2006. http://www.antiphishing.org/reports/APWG_
CrimewareReport.pdf.

[158] G. Vigna. Cryptographic Traces for Mobile Agents. In G. Vigna, editor, Mobile
Agents and Security, volume 1419 of LNCS, pages 137{153. Springer{Verlag,
1998.

[159] Visa. Cardholder Information Security { Program Bulletin 102307 { Visa
Announces New Payment Application Security Mandates. Available On-line,
October 2007. http://usa.visa.com/merchants/risk_management/cisp_
payment_applications.html.

[160] Visa. Cardholder Information Security Program { List of Validated Pay-
ment Applications. Available On-line, October 2007. http://usa.visa.com/
merchants/risk_management/cisp_payment_applications.html.

[161] VMWare. VMWare Server: Free Virtualization for Windows and
Linux Servers. Available On-line. http://www.vmware.com/pdf/server_
datasheet.pdf.

[162] F. von Lohmann. Meditations on Trusted Computing. Available On-
line, 2003. http://www.eff.org/Infrastructure/trusted_computing/
20031001_meditations.php.

[163] R. Wahbe, S. Lucco, T. E. Anderson, and S. L. Graham. E±cient Software-
based Fault Isolation. In Proceedings of the 14th ACM symposium on Operating
systems principles (SOSP 1993), pages 203{216, December 1993.

[164] D. S. Wallach. A Survey of Peer-to-Peer Security Issues. In M. Okada, B. C. { Theories and Systems, International Symposium, (ISSS 2002), volume 2609
of LNCS, pages 42{57. Springer{Verlag, November 2002.

[165] T. Weigold, T. Kramp, R. Hermann, F. Horing, P. Buhler, and M. Baentsch.
The Zurich Trusted Information Channel | An E±cient Defence Against
Man-in-the-Middle and Malicious Software Attacks. In Proceedings of TRUST
2008, volume 4968 of LNCS, pages 75{91. Springer{Verlag, 2008.

[166] U.G. Wilhelm, S. Staamann, and L. Butty. Introducing Trusted Third Parties
to the Mobile Agent Paradigm. In J. Vitek and C. Jensen, editors, Secure
Internet Programming: Security Issues for Mobile and Distributed Objects,
volume 1603 of LNCS, pages 469{489. Springer{Verlag, 1999.

[167] B. S. Yee. A Sanctuary for Mobile Agents. In J. Vitek and C. D. Jensen, edi-
tors, Secure Internet programming: Security Issues for Mobile and Distributed
Objects, pages 261{273. Springer{Verlag, 1999.

[168] M. Yung. Trusted Computing Platforms: The Good, the Bad, and the Ugly.
In R.N. Wright, editor, Proceedings of the 7th International Conference of
Financial Cryptography (FC 2003), volume 2742 of LNCS, pages 250{254.
Springer{Verlag,Springer, January 2003.

[169] K. Zetter. CardSystems' Data Left Unsecured. Available On-line, July 2005.
http://www.wired.com/news/technology/0,1282,67980,00.html.

[170] P. Zimmermann. PGP Source Code and Internals. MIT Press, Cambridge,
MA, USA, 1995.