REFEREE: Trust Management for Web Applications Yang-hua Chu (MIT/W3C) Joint Work with Joan Feigenbaum (AT&T Labs) Brian LaMacchia (AT&T Labs) Paul Resnick.

Slides:



Advertisements
Similar presentations
Towards Remote Policy Enforcement for Runtime Protection of Mobile Code Using Trusted Computing Xinwen Zhang Francesco Parisi-Presicce Ravi Sandhu
Advertisements

Secure Naming structure and p2p application interaction IETF - PPSP WG July 2010 Christian Dannewitz, Teemu Rautio and Ove Strandberg.
The Role of Trust Management in Distributed Systems Authors Matt Blaze, John Feigenbaum, John Ioannidis, Angelos D. Keromytis Presented By Akshay Gupte.
Policy Based Dynamic Negotiation for Grid Services Authorization Infolunch, L3S Research Center Hannover, 29 th Jun Ionut Constandache Daniel Olmedilla.
Cobalt: Separating content distribution from authorization in distributed file systems Kaushik Veeraraghavan Andrew Myrick Jason Flinn University of Michigan.
Spring 2000CS 4611 Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.
Building web applications on top of encrypted data using Mylar Presented by Tenglu Liang Tai Liu.
1 Network Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.
Grid Security Infrastructure Tutorial Von Welch Distributed Systems Laboratory U. Of Chicago and Argonne National Laboratory.
Identity Management Based on P3P Authors: Oliver Berthold and Marit Kohntopp P3P = Platform for Privacy Preferences Project.
Minding Your Own Business The Platform for Privacy Preferences Project and Privacy Minder Lorrie Faith Cranor AT&T Labs-Research
Grid Security. Typical Grid Scenario Users Resources.
DESIGNING A PUBLIC KEY INFRASTRUCTURE
Dorian Grid Identity Management and Federation Dialogue Workshop II Edinburgh, Scotland February 9-10, 2006 Stephen Langella Department.
16.1 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft® Windows® Server 2003 Active Directory Infrastructure.
Java Security Model Lab#1 I. Omaima Al-Matrafi. Safety features built into the JVM Type-safe reference casting Structured memory access (no pointer arithmetic)
LAB#2 JAVA SECURITY OVERVIEW Prepared by: I.Raniah Alghamdi.
Introduction to PKI Seminar What is PKI? Robert Brentrup July 13, 2004.
Spring 2002CS 4611 Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.
Introduction to PKI Mark Franklin September 10, 2003 Dartmouth College PKI Lab.
Fine Granularity Policy Based Device Access Security Claes Nilsson - Sony Ericsson
CMSC 414 Computer and Network Security Lecture 19 Jonathan Katz.
OpenID And the Future of Digital Identity Alicia Bozyk April 1, 2008.
Copyright, 1996 © Dale Carnegie & Associates, Inc. Digital Certificates Presented by Sunit Chauhan.
03 December 2003 Public Key Infrastructure and Authentication Mark Norman DCOCE Oxford University Computing Services.
Security Management.
1 CS 194: Distributed Systems Security Scott Shenker and Ion Stoica Computer Science Division Department of Electrical Engineering and Computer Sciences.
CAMP - June 4-6, Copyright Statement Copyright Robert J. Brentrup and Mark J. Franklin This work is the intellectual property of the authors.
Audumbar Chormale Advisor: Dr. Anupam Joshi M.S. Thesis Defense
Page 1 Sandboxing & Signed Software Paul Krzyzanowski Distributed Systems Except as otherwise noted, the content of this presentation.
Secure Systems Research Group - FAU Patterns for Digital Signature using hashing Presented by Keiko Hashizume.
D ATABASE S ECURITY Proposed by Abdulrahman Aldekhelallah University of Scranton – CS521 Spring2015.
Digital Certificates Public Key Deception Digital Certificates Certificate Authorities Public Key Infrastructures (PKIs)
MT311 Java Application Development and Programming Languages Li Tak Sing ( 李德成 )
1 1 Interoperating: MIT’s Fusion Center Prototype & JHU/APL’s Back End Attribute Exchange (Identity Management Testbed) January 2013.
Brian Padalino Sammy Lin Arnold Perez Helen Chen
Csci5233 Computer Security1 Bishop: Chapter 14 Representing Identity.
World Wide Web Hypertext model Use of hypertext in World Wide Web (WWW) WWW client-server model Use of TCP/IP protocols in WWW.
Lecture 23 Internet Authentication Applications modified from slides of Lawrie Brown.
Computer Science 725 – Software Security Presentation “Decentralized Trust Management” Decentralized Trust ManagementDecentralized Trust Management M.
Computer Security: Principles and Practice First Edition by William Stallings and Lawrie Brown Lecture slides by Lawrie Brown Chapter 22 – Internet Authentication.
Secure Credential Manager Claes Nilsson - Sony Ericsson
Certificate-Based Operations. Module Objectives By the end of this module participants will be able to: Define how cryptography is used to secure information.
Java Security Nathan Moore CS 665. Overview Survey of Java Inherent Security Properties Java Runtime Environment Java Virtual Machine Java Security Model.
Trust- and Clustering-Based Authentication Service in Mobile Ad Hoc Networks Presented by Edith Ngai 28 October 2003.
Supporting further and higher education The Akenti Authorisation System Alan Robiette, JISC Development Group.
DIGITAL SIGNATURE. GOOD OLD DAYS VS. NOW GOOD OLD DAYS FILE WHATEVER YOU WANT – PUT ‘NA’ OR ‘-’ OR SCRATCH OUT FILE BACK DATED, FILE BLANK FORMS, FILE.
Lightweight Consistency Enforcement Schemes for Distributed Proofs with Hidden Subtrees Adam J. Lee, Kazuhiro Minami, and Marianne Winslett University.
1 MSCS 237 Overview of web technologies (A specific type of distributed systems)
Copyright © cs-tutorial.com. Overview Introduction Architecture Implementation Evaluation.
Data and Applications Security Developments and Directions Dr. Bhavani Thuraisingham The University of Texas at Dallas Lecture #22 Secure Web Information.
Welcome to the Introduction of Digital Signature Submitted By: Ankit Saxena.
Module 7: Advanced Application and Web Filtering.
Security & Privacy. Learning Objectives Explain the importance of varying the access allowed to database elements at different times and for different.
SDSI -- A Simple Distributed Security Infrastructure by Ronald L. Rivest MIT Lab for Computer Science (joint work with Butler Lampson)
Web Security Lesson Summary ●Overview of Web and security vulnerabilities ●Cross Site Scripting ●Cross Site Request Forgery ●SQL Injection.
Deck 10 Accounting Information Systems Romney and Steinbart Linda Batch March 2012.
Key Management. Authentication Using Public-Key Cryptography  K A +, K B + : public keys Alice Bob K B + (A, R A ) 1 2 K A + (R A, R B,K A,B ) 3 K A,B.
1 Session 4 Module 6: Digital signatures. Digital Signatures / Session4 / 2 of 18 Module 4, 5 - Review (1)  Java 2 security model provides a consistent.
SDSI -- A Simple Distributed Security Infrastructure by Ronald L. Rivest MIT Lab for Computer Science (joint work with Butler Lampson)
8 th Semester, Batch 2009 Department Of Computer Science SSUET.
1 Authorization Sec PAL: A Decentralized Authorization Language.
Csci5233 Computer Security1 Bishop: Chapter 14 Representing Identity.
LAB#8 PKI & DIGITAL CERTIFICATE CPIT 425. Public Key Infrastructure PKI 2  Public key infrastructure is the term used to describe the laws, policies,
Building Preservation Environments with Data Grid Technology Reagan W. Moore Presenter: Praveen Namburi.
Decentralized Access Control: Overview Deepak Garg Foundations of Security and Privacy Fall 2009.
What are they? The Package Repository Client is a set of Tcl scripts that are capable of locating, downloading, and installing packages for both Tcl and.
Electronic Payment Security Technologies
Presentation transcript:

REFEREE: Trust Management for Web Applications Yang-hua Chu (MIT/W3C) Joint Work with Joan Feigenbaum (AT&T Labs) Brian LaMacchia (AT&T Labs) Paul Resnick (AT&T Labs) Martin Strauss (AT&T Labs)

Outline Problem statement Trust management REFEREE trust management system REFEREE reference implementation demo Conclusion

Example: code signing Away from shrink-wrapped model Toward code distribution through network

Trust FAQ Does X contain a virus that will erase my HD? [security] Does X secretly collect information without my knowledge? [privacy] Will X run on my 386? [capability] Is X fun to play? [content] Has X been tampered with? [integrity] Who wrote X? [authentication] Should I trust Y who vouches for X [delegation]?

Current technology is not enough: why should I trust those bits? Digital Signature (RSA, DSA) –How many bits of signature is trustworthy? –What does the signature mean [PICS]? –How do I get the right public key to verify the signature? Public Key Infrastructure (X.509, PGP, SDSI) –How do I get the CA’s public key? –What is this certificate authorized to do? Whom do I trust to vouch for X? –X=give me public key of person Y, sign code, authenticate document, make this assertion, …etc.

Trust management ‘Decentralized Trust Management’ [BFL96] Probes the question –‘Does this requested action, supported by credentials, conform to my policy?’ PolicyMaker –certificates are programs

Trust management in code signing Requested action: download and run this code. Security policy: download the code only if signed by two entities that MIT endorses, and both entities must state in the signature that X is ‘safe’ according to MIT’s code safety practice. Security credentials: relevant PICS labels and certificates.

Other trust management applications in WWW document authentication and integrity access control on-line negotiation electronic commerce privacy protection intellectual property rights … more

REFEREE “Rule-controlled Environment For Evaluation of Rules and Everything Else” Joint effort by researchers from AT&T Labs and W3C Goal: create a general-purpose trust management system for Web applications

REFEREE design principle A ‘policy’ is a program –has a fixed language syntax and semantics –may call another policy ‘Policy’ controls everything –order of execution under policy control –credential fetching under policy control –departure from PolicyMaker[BFL96] approach

REFEREE API a sub-system embedded inside a Web application –can be in a browser, a proxy, or a server Application REFEREE Input API : request with arguments Output API : answer with justification Dispatch Actions

REFEREE Primitive Data Types tri-values –TRUE, FALSE, UNKNOWN statements and statement-lists –each statement is an s-expression –a pair of (, ), both are also s-expressions ( “code-signing”, ((virus-checked 1) (network-access 0) … ) )

REFEREE Primitive Data Types (continued) policy –a triplet (,, ) –(“code-signing”,..., “code-signing-language”) –(“code-signing”,, “Java”) interpreter –a pair (, ) –(“code-signing-language”, )

Bootstrapping REFEREE The host application loads REFEREE initial setting: –trust assertions –a database of policies –a database of interpreters all bootstrapping information is unconditionally trusted

Invoking REFEREE input a requested action and additional arguments REFEREE gets the corresponding policy for that action REFEREE executes the policy with the additional arguments output a tri-value and a list of statements

REFEREE Demo in English: “I only execute code if PCWeek says OK according to MIT code safety practice.” (invoke "load-label" STATEMENT-LIST URL " (" (invoke "check-hash" STATEMENT-LIST) (false-if-unknown (match (("check-hash" *) (* ((version "PICS-1.1") * (service " * (by * (ratings * (RESTRICT > overall 8) * )))) STATEMENT-LIST))

Components of the REFEREE Calling Module REFEREE Fetcher Profiles-0.92 Label-loader Check-hash bootstrapinvoke

Sample Query application calls REFEREE –(“code-signing”, “ line 1: gets the PICS label from the label bureau “ (PICS-1.1 " labels by md5 "7A2B1a2bA72BxyzyplehJQ==" ratings (crash 2 overall 10 virus 0))

Sample Query (Continued) line 2: authenticates the signature and checks the source integrity line 3: checks the confidence level > 8 return TRUE (10 > 8)

Recap of major REFEREE design principles Local policy controls everything Separate security policy specification from policy evaluation –policies are programs –Profiles-0.92 vs. PICS RULZ Systematic, consistent, and modular management of trust

Conclusion: Now and Future Trust management is an important component for Web applications REFEREE is our initial attempt to tackle the problem in the context of the WWW and it provides insight for future research and development.

Reference REFEREE Website – –link to the REFEREE demo –link to [BFL96] paper M. Blaze, J. Feigenbaum, J. Lacy, “Decentralized Trust Management”, in Proceedings of the 1996 Symposium on Security and Privacy, pp Friday, 4/11, 4pm-5:30pm –trust management for Electronic Commerce

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.