Building Secure Mashups D. K. Smetters PARC Usable.

Slides:

Advertisements

Similar presentations

MFA for Business Banking – Security Code Multifactor Authentication: Quick Tip Sheets Note to Financial Institutions: We are providing these QT sheets.

Advertisements

Brief-out: Isolation Working Group Topic discussion leader: Ken Birman.

GT 4 Security Goals & Plans Sam Meder

OWASP Secure Coding Practices Quick Reference Guide

CC Survey of IT Skills October When it comes to NOT SURE WHAT MY ADDRESS IS 1.4% 1 (TEST RESPONSE) HAVE AN ACCOUNT AND CHECK.

Operating System Security

BY: CHRISTOPHER COLE How to Get a Job. What do I know about getting jobs? Hindsight is 20/20  I got lucky and did things right.  I can look back and.

Designed-in Security Some Major Challenges Security Group Department of Computer Science University of California, Santa Barbara Trustworthy.

1 Privacy Prof. Ravi Sandhu Executive Director and Endowed Chair March 8, © Ravi Sandhu World-Leading Research.

Security that is... Ergonomic, Economical and Efficient! In every way! Stonesoft SSL VPN SSL VPN.

Students’ online profiles for employability and community Frances Chetwynd, Karen Kear, Helen Jefferis and John Woodthorpe The Open University.

Authentication Cristian Solano. Cryptography is the science of using mathematics to encrypt and decrypt data. Public Key Cryptography –Problems with key.

Lecture 2 Page 1 CS 236, Spring 2008 Security Principles and Policies CS 236 On-Line MS Program Networks and Systems Security Peter Reiher Spring, 2008.

Client/Server Computing Model of computing in which very powerful personal computers (clients) are connected in a network with one or more server computers.

It’s always better live. MSDN Events Security Best Practices Part 2 of 2 Reducing Vulnerabilities using Visual Studio 2008.

Introduction to PKI Seminar What is PKI? Robert Brentrup July 13, 2004.

Chapter 1 Introduction. Chapter Overview Overview of Operating Systems Secure Operating Systems Basic Concepts in Information Security Design of a Secure.

CMSC 414 Computer and Network Security Lecture 19 Jonathan Katz.

EEC 688/788 Secure and Dependable Computing Lecture 7 Wenbing Zhao Department of Electrical and Computer Engineering Cleveland State University

Group Accounts; Securing Resources with Permissions

Designing Security In Web Applications Andrew Tomkowiak 10/8/2013 UW-Platteville Software Engineering Department

Masud Hasan Secure Project 1. Secure It uses Digital Certificate combined with S/MIME capable clients to digitally sign and.

D ATABASE S ECURITY Proposed by Abdulrahman Aldekhelallah University of Scranton – CS521 Spring2015.

Lecture 18 Page 1 CS 111 Online Design Principles for Secure Systems Economy Complete mediation Open design Separation of privileges Least privilege Least.

LILAC 2008 Perceptions of information: The Net Generation Marian Smith and Dr. Mark Hepworth.

NENA Development Conference | October 2014 | Orlando, Florida Security Certificates Between i3 ESInet’s and FE’s Nate Wilcox Emergicom, LLC Brian Rosen.

Ethics CPTE 433 John Beckett. Ethics & Morals Morals tell us what is right and good. –Religious people believe morals come from God –SAs often say something.

Security Planning and Administrative Delegation Lesson 6.

70-294: MCSE Guide to Microsoft Windows Server 2003 Active Directory, Enhanced Chapter 5: Active Directory Logical Design.

OVERCOMING OBJECTIONS. I Don’t Have Time Is time really the issue or whether the current time is a bad time for you to present/offer the opportunity?

* Register as a developer * free for students, $99 per year for everyone else * Read the certification guidelines * Develop your app/game * Test your.

Lecture 13 Page 1 Advanced Network Security Authentication and Authorization in Local Networks Advanced Network Security Peter Reiher August, 2014.

Lecture 7 Page 1 CS 236, Spring 2008 Challenge/Response Authentication Authentication by what questions you can answer correctly –Again, by what you know.

Data Base Systems Some Thoughts. Ethics Guide–Nobody Said I Shouldn’t Kelly make a backup copy of his company’s database on CD and took it home and installed.

Virtual Workspaces Kate Keahey Argonne National Laboratory.

For brownies this PowerPoint will help you understand computer viruses and help stop them!!!!

HEPSYSMAN UCL, 26 Nov 2002Jens G Jensen, CLRC/RAL UK e-Science Certification Authority Status and Deployment.

The TAOS Authentication System: Reasoning Formally About Security Brad Karp UCL Computer Science CS GZ03 / M th November, 2008.

Claims-Based Identity Solution Architect Briefing zoli.herczeg.ro Taken from David Chappel’s work at TechEd Berlin 2009.

MEMBERSHIP AND IDENTITY Active server pages (ASP.NET) 1 Chapter-4.

“Trust me …” Policy and Practices in PKI David L. Wasley Fall 2006 PKI Workshop.

Security: The Goal Computers are as secure as real world systems, and people believe it. This is hard because: Computers can do a lot of damage fast. There.

ISPAB Panel on Usable Security Mary Frances Theofanos - NIST Ellen Cram Kowalczyk - Microsoft.

- NCSU project goals and requirements - Adoption Drivers - Current challenges and pain points - Identacor at NCSU - Identacor Features - NCSU Key Benefits.

Configuring and Troubleshooting Identity and Access Solutions with Windows Server® 2008 Active Directory®

1 WORKING IN THE SMALL BUSINESS SECTOR X420 Discussion Session #82 THE WORLD OF SMALL BUSINESS. IS IT RIGHT FOR YOU? OR.

Copyright © Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE September Integrating Policy with Applications.

Interview with Employee/ Entrepreneur Assignment Dylan Bragg Nov. 2, 2015 Interview with Jack Parsons Co-owner K&P Contracting.

INTRODUCTION TO BIOMATRICS ACCESS CONTROL SYSTEM Prepared by: Jagruti Shrimali Guided by : Prof. Chirag Patel.

CHAPTER 5 MANAGING USER ACCOUNTS & GROUPS. User Accounts Windows 95, 98 & Me do not need a user account like Windows XP Professional to access computer.

Attribute Delivery - Level of Assurance Jack Suess, VP of IT

VOMS Attribute Authorities Michael Helm ESnet/LBNL 23 Feb 2007.

1 Public Key Infrastructure Rocky K. C. Chang 6 March 2007.

Lecture 3 Page 1 CS 236 Online Security Mechanisms CS 236 On-Line MS Program Networks and Systems Security Peter Reiher.

HTCondor Security Basics HTCondor Week, Madison 2016 Zach Miller Center for High Throughput Computing Department of Computer Sciences.

FRANCHISE INFORMATION. How Sassi Gifts works You will have a set agreed area – selling into residential and care sectors plus corporate sales and home.

Maryknoll Wireless Network Access Steps for Windows 7 As of Aug 20, 2012.

PROFESSIONALISM AND SOCIAL MEDIA Created by: Bedig Galladian.

Prof. Reuven Aviv, Nov 2013 Public Key Infrastructure1 Prof. Reuven Aviv Tel Hai Academic College Department of Computer Science Public Key Infrastructure.

Get Secure! Facebook Privacy Tutorial Becky Benishek | November 2013.

Joy Jamerson Introduction. Background Hi! My name is Joy Jamerson. I am born and raised in St. Louis, MO even though sometimes I feel like I’m from somewhere.

Information Guide to Cyber Bullying. Cyber bullying is a relatively new form of bullying which has started happening a lot on social networking sites,

Soapbox (S-Series) Certificate Validation Jens Jensen, STFC.

Outline The basic authentication problem

Data Virtualization Tutorial… SSL with CIS Web Data Sources

Full Page Watermarking

HTCondor Security Basics HTCondor Week, Madison 2016

Grid Security M. Jouvin / C. Loomis (LAL-Orsay)

The main cause for that are the famous phishing attacks, in which the attacker directs users to a fake web page identical to another one and steals the.

Windows Vista Inside Out

Presentation transcript:

Building Secure Mashups D. K. Smetters PARC Usable

The promise of Web 2.0 Your data, anytime anywhere… your friends your family your employer anybody elses you can get your hands on… combined with that of

Whats a mashup? Inputs: – User-generated data often personal user-generated data, such as photographs generated by the mashup user and their friends, family, favorite presidential canidates, cat, neighbors, and so on – Social network information another form of private, and even valuable data – Public or semi-public data sources databases of available information (e.g. Google Maps) with varying guarantees of correctness and constraints on use – Private data sources e.g. corporate data subject to some form of access control, subscription data, etc. Outputs: – User-focused result (e.g. a visualization) – A derived data source input for yet another mashup

Goal The goal of all browser/mashup security mechanisms is to ensure that: The data the user intends Is processed in the way the user intends By the entities s/he chooses Subject to additional constraints imposed by others with interest in that data. And nothing else.

Why is this hard? Securing mashups requires building systems designed for flexible, ad-hoc cross-organization delegation of limited access to sensitive data – all under easy user control. Data Owner Data Holders Data Transformation Service

Data Holders Why is this hard? Securing mashups requires building systems designed for flexible, ad-hoc cross-organization delegation of limited access to sensitive data – all under easy user control. Data Owner/User Data Holders Data Transformation Service Data Holders Data Transformation Service Data Holders Data Transformation Service

Approaches

Avoid Use only public (or semi-public) data.

Embrace All your credentials are belong to us.

Reduce it to a previously solved problem Mashup services provided by trusted data holders themselves. (Or other sites the user chooses to trust.)

Looking Under the Lamppost Identify sets of a priori interesting data and enable delegation of access to those.

Building a Bridge Special privileges, accounts and relationships established to enable access to particular data for a particular purpose.

Outsourcing Identity provider or authorization service handles the problem and manages the relationship with the user(s).

Usability Challenges

Who are the users? Mashup developers – and the people who build their toolkits, etc. Owners and creators of data to be mashed Administrators of any of the hosts involved End users of resulting mashups

Connecting the Providers They Intend

Identifying Data Should site have access to your Misc folder? Does it mean the same Misc folder I think it means? What did I put in that folder anyway?

Specifying Policies Only members of the finance department can read the current revenue information. Only the people I like can see whether Im going to the party tomorrow. Only members of the finance department can read the current revenue information. But only if theyre like, just going to read it. Not if theyre going to, say, average it against the public data from other companies in our sector. Except maybe when it makes us look good. Or when its my friends, trying to figure out if now is the time to look for a different job, or.. Only members of the finance department can read the current revenue information. But only if theyre like, just going to read it. Not if theyre going to, say, average it against the public data from other companies in our sector. Except maybe when it makes us look good. Or when its my friends, trying to figure out if now is the time to look for a different job, or..

Making the user an ally How can the user figure out what the system is doing (or trying to do)? How can they decide what to do when something goes wrong? This is hard enough when users are face to face with the site they need to authenticate – what about when its buried in a processing pipeline?

Love me, love my mechanism… I used to use Facebook, but I got off it because I wasnt happy with their iframe isolation… …oh, they have an expired cert, but at least its ev… …you cant put any stock in that – its not chrome…

The Error Attack As long as configuration errors are common, attacks can masquerade successfully as errors – and users will be acting rationally if they ignore them.

Whats a developer to do? the Service Provider MUST inform the User if it is unable to assure the Consumers true identity. The method in which the Service Provider informs the User and the quality of the identity assurance is beyond the scope of this specification. It is assumed that the Consumer has provided its RSA public key in a verified way to the Service Provider, in a manner which is beyond the scope of this specification. Mashup developers are focused on mashing, not securing. Will use the easisest mechanism available. Hopefully, thats the right one. Users are at the mercy of the mechanisms chosen by the services they want or need to use.

Points to Remember Security is a secondary goal – People do care. They just care about other things more. Dont make them choose – They dont care about understanding it in your terms. Love me, love my mechanism… This stuff is hard for people to understand. – After 10+ years, people still screw up SSL certs more often than not. Whatever you think of SSL, people ought to have figured out how to make it easier to manage by now. Its not hard to do. Whatever easiest-to-deploy cr*p option makes it through the current fragout will be with us for longer than we care to think. – The examples used to promote various alternatives are way too simple. They dont begin to enable people to evaluate how things will work down the road.