By Topic

Spyware Security Management via a Public Key Infrastructure for Client-Side Web Communicating Applications

Sign In

Cookies must be enabled to login.After enabling cookies , please use refresh or reload or ctrl+f5 on the browser for the login options.

Formats Non-Member Member
$31 $13
Learn how you can qualify for the best price for this item!
Become an IEEE Member or Subscribe to
IEEE Xplore for exclusive pricing!
close button

puzzle piece

IEEE membership options for an individual and IEEE Xplore subscriptions for an organization offer the most affordable access to essential journal articles, conference papers, standards, eBooks, and eLearning courses.

Learn more about:

IEEE membership

IEEE Xplore subscriptions

1 Author(s)
Clutterbuck, P. ; UQ Bus. Sch., Univ. of Queensland, Brisbane, QLD, Australia

Internet technologies continue to revolutionize the legitimate collection of information from targeted host machines and its transmission to remote servers. The term `spyware' refers to that subset of information collection software that operates illicitly and non-consensually. Two fundamental issues continue to complicate spyware legislation development and operational control strategies. Firstly, unlike the clearly criminal distribution of virus infections, the distribution of spyware is mainly a commercial venture. Secondly, spyware utilizes the same technologies that underpin essential, legitimate information collection applications. This paper describes a security framework to manage these two issues. The security framework, at its core, requires the authentication by the host operating system of each outgoing Web session initiated by each software application running on that host machine. This authentication requires that each software application initiating Web communications be uniquely named via a Public Key Infrastructure digital certificate - and must use this name in all initiated Web communications. This framework facilitates the user-management of all Web communication streams emanating from the host - and this in turn supports the identification of software that engages in the deceptive, misleading, and fraudulent practices already proscribed in existing technology-focused legislation.

Published in:

Computer and Information Technology (CIT), 2010 IEEE 10th International Conference on

Date of Conference:

June 29 2010-July 1 2010