Use cases for names and EPRs

Slides:



Advertisements
Similar presentations
0 McLean, VA August 8, 2006 SOA, Semantics and Security.
Advertisements

Policy Based Dynamic Negotiation for Grid Services Authorization Infolunch, L3S Research Center Hannover, 29 th Jun Ionut Constandache Daniel Olmedilla.
Chapter 14 – Authentication Applications
Authentication Applications. will consider authentication functions will consider authentication functions developed to support application-level authentication.
Operating System Security
Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown.
Domain Name System. DNS is a client/server protocol which provides Name to IP Address Resolution.
Chapter 4: Security Policies Overview The nature of policies What they cover Policy languages The nature of mechanisms Types Secure vs. precise Underlying.
Chapter 1 Introduction. Chapter Overview Overview of Operating Systems Secure Operating Systems Basic Concepts in Information Security Design of a Secure.
NextGRID & OGSA Data Architectures: Example Scenarios Stephen Davey, NeSC, UK ISSGC06 Summer School, Ischia, Italy 12 th July 2006.
PAWN: A Novel Ingestion Workflow Technology for Digital Preservation
IT:Network:Applications VIRTUAL DESKTOP INFRASTRUCTURE.
Data Security in Local Networks using Distributed Firewalls
70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network, Enhanced Chapter 7: Planning a DNS Strategy.
CORDRA Philip V.W. Dodds March The “Problem Space” The SCORM framework specifies how to develop and deploy content objects that can be shared and.
Understanding Active Directory
9.1. The Internet Domain Names and IP addresses. Aims Be able to compare terms such as Domain names and IP addresses URL,URI and URN Internet Registries.
1 Multi Cloud Navid Pustchi April 25, 2014 World-Leading Research with Real-World Impact!
Naming Examples UUID (universal unique ID) – 128 bit numbers, locally generated, guaranteed globally unique Uniform Resource Identifier (URI) URL (uniform.
Chapter 29 Domain Name System (DNS) Allows users to reference computer names via symbolic names translates symbolic host names into associated IP addresses.
WS-Trust Joseph Calandrino Vincent Noël Department of Computer Science University of Virginia February 9, 2004.
sec1 IEEE MEDIA INDEPENDENT HANDOVER DCN: sec Title: TGa_Proposal_Antonio_Izquierdo (Protecting the Information Service.
1 Chapter Overview Password Protection Security Models Firewalls Security Protocols.
Configuring Name Resolution and Additional Services Lesson 12.
Chapter 4: Security Policies Overview The nature of policies What they cover Policy languages The nature of mechanisms Types Secure vs. precise Underlying.
1 AHM, 2–4 Sept 2003 e-Science Centre GRID Authorization Framework for CCLRC Data Portal Ananta Manandhar.
MagicNET: XACML Authorization Policies for Mobile Agents Mr. Awais Shibli.
Active Directory Domain Services (AD DS). Identity and Access (IDA) – An IDA infrastructure should: Store information about users, groups, computers and.
PREPARED BY: MS. ANGELA R.ICO & MS. AILEEN E. QUITNO (MSE-COE) COURSE TITLE: OPERATING SYSTEM PROF. GISELA MAY A. ALBANO PREPARED BY: MS. ANGELA R.ICO.
Bologna, March 30, 2006 Riccardo Zappi / Luca Magnoni INFN-CNAF, Bologna.
Domain Name System: DNS To identify an entity, TCP/IP protocols use the IP address, which uniquely identifies the Connection of a host to the Internet.
DNS Security Risks Section 0x02. Joke/Cool thing traceroute traceroute c
System Administration(SAD622S) Name of Presenter: Shadreck Chitauro Lecturer 18 July 2016 Faculty of Computing and Informatics.
Understand Names Resolution
Name and Address Resolution Domain Name System (DNS)
DNS Security The Domain Name Service (DNS) translates human-readable names to IP addresses E.g., thesiger.cs.ucla.edu translates to DNS.
Security Issues with Domain Name Systems
DNS Security Advanced Network Security Peter Reiher August, 2014
Chapter 25 Domain Name System.
Module 5: Resolving Host Names by Using Domain Name System (DNS)
Using E-Business Suite Attachments
Sabri Kızanlık Ural Emekçi
Cryptography and Network Security
IMPLEMENTING NAME RESOLUTION USING DNS
Configuring and Troubleshooting DNS
Radius, LDAP, Radius used in Authenticating Users
Module 8: Securing Network Traffic by Using IPSec and Certificates
Configuring and Managing the DNS Server Role
THE STEPS TO MANAGE THE GRID
Network Services Interface
DNS Security The Domain Name Service (DNS) translates human-readable names to IP addresses E.g., thesiger.cs.ucla.edu translates to DNS.
Chapter 19 Domain Name System (DNS)
KMIP Server-to-server: use-cases and status
Goals Introduce the Windows Server 2003 family of operating systems
SQL Server 2000: Integration with AD and E2K
A New Approach to DNS Security (DNSSEC)
Kerberos.
Kerberos Kerberos is an authentication protocol for trusted hosts on untrusted networks.
Brief Introduction to OmniRAN P802.1CF
NET 536 Network Security Lecture 8: DNS Security
Data Security in Local Networks using Distributed Firewalls
NET 536 Network Security Lecture 6: DNS Security
Lesson 8: Configuring IP Settings MOAC : Configuring Windows Devices.
Module 8: Securing Network Traffic by Using IPSec and Certificates
Chapter 29: Program Security
Kerberos Part of project Athena (MIT).
Solutions for the Third Problem Set
IEEE Emergency Services
Computer Networks Presentation
DNS Security The Domain Name Service (DNS) translates human-readable names to IP addresses E.g., thesiger.cs.ucla.edu translates to DNS.
Presentation transcript:

Use cases for names and EPRs Takuya Mori <moritaku@bx.jp.nec.com> NEC Corporation Sep. 22, 2004

Objective To introduce a summary on a security issue To show some use cases in regarding with security To stimulate to agree on trust model Sep. 22, 2004

What is naming – brief overview Name Space Address Space Name Name  Address Mapping Address Hosting Environment Name Name Address Name Naming Authority Name Name Address Name Address Name Hosting Environment Name Name Abstract Location Independent (may be…) Unique Identifier Unique in a namespace Key for Security! Authentication Authorization (policy enforcement and policy description) Examples URI (URN, URL?) / X.500 Name / FQDN (DNS) Address Pointer to access point (endpoint) Location dependent Binding dependent Unique in an address space Endpoint Reference (EPR) EPRs are assumed to be “addresses” for service endpoints or resources Sep. 22, 2004

Basic Interaction What does “Client A” need? name: res_b address: adr_b key: key_b Client A Resource B name: res_b address: adr_b key: key_b “Resource B” => What does “Client A” need? Name to identify a resource Address to specify a service endpoint for the named resource Key to be used for authenticating the named resource Assumptions in this slides: A client connects to a resource if client’s policy allow itself to interact with a resource which is idenfified by name, address and key. A client knows a key for the named resource it wants to connect Sep. 22, 2004

Directory for Looking up Addresses Directory C query: address of “res_b”? name - address mapping res_b: adr_b :: address: adr_b Connect and authenticate … Client A Resource B name: res_b address: adr_b key: key_b name: res_b key: key_b “Resource B” => Assumptions “Client A” knows a name and a key of “Resource B” “Client A” does not know an address for “Resource B” “Directory C” maintains name to address mappings of resources and it can reply an address for a specified name to a requester “Client A” asks “Directory C” an address of “Resource B” Sep. 22, 2004

Possible Security Threats Directory C Naming Authority name - address Mapping :: res_b: adr_b name: address: adr_b key: key_b res_b Client A Resource B name: key: key_b res_b “Resource B” => Hosting Environment Assumptions Names and addresses are exchanged and stored in various entities Possible threats are: Alterations of names and addresses in storage or during communication Alterations of name to address mappings An unauthorized directory returns an unauthorized response about an address for an named resource Sep. 22, 2004

Use Case 2: Trusted Directory Service Directory C query: address of “res_b”? name - address mapping res_b: adr_b :: address: adr_b Client A Resource B name: res_b address: adr_b key: key_b name: key: key_b res_b “Resource B” => Assumptions “Client A” trusts “Directory C” and “Resource B”. “Client A” only knows a name and a key of “Resource B”. “Client A” asks “Directory C” an address “Directory C” replies to “Client A” with an address “adr_b” “Client A” trusts the address provided by “Directory C”, if the address has good integrity Sep. 22, 2004

Use Case 3: Untrusted Directory Service Directory C query: address of “res_b”? name - address mapping res_b: adr_b :: address: adr_b Client A Resource B name: res_b address: adr_b key: key_b name: key: key_b res_b “Resource B” => Assumptions “Client A” does not trust “Directory C” and “Resource B”. “Client A” only knows a name and a key of “Resource B”. “Client A” asks “Directory C” an address “Directory C” returns an address “res_b” to “Client A” “Client A” needs to verify that the given address is likely to be an address of “Resource B”. Because “Client A” does not trust “Directory C”, it cannot trust the address provided by “Directory C”. Sep. 22, 2004

Conclusion Need more use case analysis to find out more requirements for naming… Trust model for entities regarding with naming are basic but important => First we should agree on it… Sep. 22, 2004

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.