Presentation is loading. Please wait.

Presentation is loading. Please wait.

Trusted Path Client- server applications Using COTS components Tommy Kristiansen

Published by Modified over 8 years ago

Similar presentations

Presentation on theme: "Trusted Path Client- server applications Using COTS components Tommy Kristiansen"— Presentation transcript:

1 Trusted Path Client- server applications Using COTS components Tommy Kristiansen tommy@the-wildbunch.net

2 Agenda Thesis Thesis Contributions Contributions Solution Solution Result Result Questions Questions

3 Background Bruce Schneier believes that "semantic attacks" are the next wave of attacks to be faced by computer users. These violate integrity and authenticity of data presented to the user, enticing him to perform actions benefiting the malfactor. Examples of direct user interactions where this threat can be found are online voting, online gambling, electronic signatures and financial transactions etc. Contributions thesis – Contributions – Solution – Result – Questions

4 Trusted Path Orange Book Orange Book Contributions thesis – Contributions – Solution – Result – Questions “A mechanism by which a person at a terminal can communicate directly with the Trusted Computing Base. This mechanism can only be activated by the person or the Trusted Computing Base and cannot be imitated by untrusted software.“ Validates to B2 but are often implemented even when not validated to B2 e.g. Windows NT C2. The trusted path mechanism guarantees that data typed by a user on a client keyboard is protected from any intrusion by unauthorized programs. It allows a user to create a non-forgeable and non- penetrable communication path between the user’s client and the trusted operating system software.

5 Trusted path with COTS Built on Hanno Langweg’s work Built on Hanno Langweg’s work –He looked at this with Client applications. Using Delphi to create a ActiveX Control where we use DirectX components to create a secure environment on a win32 platform. Using Delphi to create a ActiveX Control where we use DirectX components to create a secure environment on a win32 platform. Hopefully this will give authenticity and integrity of the user and server. Hopefully this will give authenticity and integrity of the user and server. Contributions thesis – Contributions – Solution – Result – Questions

6 Why use DirectX When we use DirectX DirectInput and DirectDraw no other program can interfere with them run in exclusive mode. When we use DirectX DirectInput and DirectDraw no other program can interfere with them run in exclusive mode. When we use DirectInput, there must be a user present to give input When we use DirectInput, there must be a user present to give input –Eliminates synthesizing –Gives authenticity of a user. When we use DirectDraw no other program can interfere with the integrity of what you see. When we use DirectDraw no other program can interfere with the integrity of what you see. Contributions thesis – Contributions – Solution – Result – Questions

7 Why use ActiveX Easy to implement DirectX components Easy to implement DirectX components No effort for the user to use it. No effort for the user to use it. Trusted by OS Trusted by OS –Signed ActiveX control –So you’ll have an trusted application that you need to verify origin of when installing the control. Contributions thesis – Contributions – Solution – Result – Questions

8 Hench SendInput SendInput Screen capture applications Screen capture applications User permissions installing ActiveX User permissions installing ActiveX Contributions thesis – Contributions – Solution – Result – Questions

9 Goals with thesis See if it’s possible to create such solution See if it’s possible to create such solution Look at existing solution to prevent phishing and compare them with this solution. Look at existing solution to prevent phishing and compare them with this solution. Look at the possibilities of implementing this in other environments. Look at the possibilities of implementing this in other environments. Contributions thesis – Contributions – Solution – Status – Questions

10 Contributions Provide software developers with a server-distributed component to establish integrity and authenticity with a local human user. Use existing software-based technology and operating system mechanisms to implement a trusted path without additional expensive hardware. Analyze and compare the security of this approach and alternatives. Build a working prototype for an existing general purpose operating system. Prevents phishing attacks Prevents phishing attacks More secure under login/sigin More secure under login/sigin Prevent effectiveness of Trojan horse/Malware Prevent effectiveness of Trojan horse/Malware Does not prevent keylogging!! Does not prevent keylogging!! Contributions thesis – Contributions – Solution – Status – Questions

11 Contributions Assuming Assuming –We can trust the OS(a assumption we already have when using e.g. e-banking) –That the connection between client-server is secure e.g. SSL Trojan horse and Malware Trojan horse and Malware –Is on top of the OS and only have the same rights as the user (no adm). Contributions thesis – Contributions – Solution – Status – Questions

12 Solution Contributions thesis – Contributions – Solution – Result – Questions

13

14 Results Gives advantages compared with existing solutions. Gives advantages compared with existing solutions. Limitations due to platform Limitations due to platform Found some other interesting platform to see if similar solutions are possible. Found some other interesting platform to see if similar solutions are possible. Contributions thesis – Contributions – Solution – Result – Questions

15 Questions ? Contributions thesis – Contributions – Solution – Status – Questions

Download ppt "Trusted Path Client- server applications Using COTS components Tommy Kristiansen"

Similar presentations

Security Issues in Mobile Code Systems David M.Chess, High Integrity Computing Lab, IBM T.J. Watson Research Center Hawthorne, NY, USA Mobile code systems.

Security Issues in Mobile Code Systems David M.Chess, High Integrity Computing Lab, IBM T.J. Watson Research Center Hawthorne, NY, USA Mobile code systems.
Operating System Security

Operating System Security
DARPA OASIS PI Meeting – Santa Fe – July 24-27, 2001Slide 1 Aegis Research Corporation Not for Public Release Survivability Validation Framework for Intrusion.

DARPA OASIS PI Meeting – Santa Fe – July 24-27, 2001Slide 1 Aegis Research Corporation Not for Public Release Survivability Validation Framework for Intrusion.
The Mobile Code Paradigm and Its Security Issues Anthony Chan and Michael Lyu September 27, 1999.

The Mobile Code Paradigm and Its Security Issues Anthony Chan and Michael Lyu September 27, 1999.
Information Security 1 Information Security: Security Tools Jeffy Mwakalinga.

Information Security 1 Information Security: Security Tools Jeffy Mwakalinga.
SCRUB: Secure Computing Research for Users’ Benefit David Wagner 1.

SCRUB: Secure Computing Research for Users’ Benefit David Wagner 1.
Network Isolation Using Group Policy and IPSec Paula Kiernan Senior Consultant Ward Solutions.

Network Isolation Using Group Policy and IPSec Paula Kiernan Senior Consultant Ward Solutions.
Fundamentals of Computer Security Geetika Sharma Fall 2008.

Fundamentals of Computer Security Geetika Sharma Fall 2008.
Lecture 2 Page 1 CS 236, Spring 2008 Security Principles and Policies CS 236 On-Line MS Program Networks and Systems Security Peter Reiher Spring, 2008.

Lecture 2 Page 1 CS 236, Spring 2008 Security Principles and Policies CS 236 On-Line MS Program Networks and Systems Security Peter Reiher Spring, 2008.
1 An Overview of Computer Security computer security.

1 An Overview of Computer Security computer security.
Information Security 1 Information Security: Demo of Some Security Tools Jeffy Mwakalinga.

Information Security 1 Information Security: Demo of Some Security Tools Jeffy Mwakalinga.
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.

8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
Chapter 1 Introduction. Chapter Overview Overview of Operating Systems Secure Operating Systems Basic Concepts in Information Security Design of a Secure.

Chapter 1 Introduction. Chapter Overview Overview of Operating Systems Secure Operating Systems Basic Concepts in Information Security Design of a Secure.
MJ10/07041 Session 10 Accounting, Security Management Adapted from Network Management: Principles and Practice © Mani Subramanian 2000 and solely used.

MJ10/07041 Session 10 Accounting, Security Management Adapted from Network Management: Principles and Practice © Mani Subramanian 2000 and solely used.
Lesson 11-Virtual Private Networks. Overview Define Virtual Private Networks (VPNs). Deploy User VPNs. Deploy Site VPNs. Understand standard VPN techniques.

Lesson 11-Virtual Private Networks. Overview Define Virtual Private Networks (VPNs). Deploy User VPNs. Deploy Site VPNs. Understand standard VPN techniques.
Vijay krishnan Avinesh Dupat  Collection of tools (programs) that enable administrator-level access to a computer or computer network.  The main purpose.

Vijay krishnan Avinesh Dupat  Collection of tools (programs) that enable administrator-level access to a computer or computer network.  The main purpose.
An Introduction to Operating Systems. Definition  An Operating System, or OS, is low-level software that enables a user and higher-level application.

An Introduction to Operating Systems. Definition  An Operating System, or OS, is low-level software that enables a user and higher-level application.
SHASHANK MASHETTY Email security. Introduction Electronic mail most commonly referred to as email or e- mail. Electronic mail is one of the most commonly.

SHASHANK MASHETTY security. Introduction Electronic mail most commonly referred to as or e- mail. Electronic mail is one of the most commonly.
Threat Modeling for Cloud Computing (some slides are borrowed from Dr. Ragib Hasan) Keke Chen 1.

Threat Modeling for Cloud Computing (some slides are borrowed from Dr. Ragib Hasan) Keke Chen 1.
Wolfgang Schneider NSI: A Client-Server-Model for PKI Services.

Wolfgang Schneider NSI: A Client-Server-Model for PKI Services.

Similar presentations

Ads by Google