A Security Framework for a World of Post-PC Clients and Infrastructure-based Services Steven Ross, Jason Hill, Michael Chen, Anthony D. Joseph, David E.

Slides:

Advertisements

Similar presentations

ICS 434 Advanced Database Systems

Advertisements

Filling the gap between users and objects: a multichannel interactive environment Davide Carboni, Gavino Paddeu, Stefano Sanna, Andrea Piras {dcarboni,

1Proprietary and Confidential AirVantage API – Getting started David SCIAMMA – June 13th 2014.

Grid Computing, B. Wilkinson, 20045a.1 Security Continued.

Topic 8: Secure communication in mobile devices. Choice of secure communication protocols, leveraging SSL for remote authentication and using HTTPS for.

1 Configuring Internet- related services (April 22, 2015) © Abdou Illia, Spring 2015.

CSCI 530 Lab Firewalls. Overview Firewalls Capabilities Limitations What are we limiting with a firewall? General Network Security Strategies Packet Filtering.

Module 5: Configuring Access for Remote Clients and Networks.

Client/Server Computing Model of computing in which very powerful personal computers (clients) are connected in a network with one or more server computers.

Notes to the presenter. I would like to thank Jim Waldo, Jon Bostrom, and Dennis Govoni. They helped me put this presentation together for the field.

Introduction to PKI Seminar What is PKI? Robert Brentrup July 13, 2004.

Towards I-Space Ninja Mini-Retreat June 11, 1997 David Culler, Steve Gribble, Mark Stemm, Matt Welsh Computer Science Division U.C. Berkeley.

Internet…issues Managing the Internet

OCT1 Principles From Chapter One of “Distributed Systems Concepts and Design”

The Case for ICEBERG Integrated services from diverse networks-- “PANS” (Potentially Any Network Services) Service infrastructure that allows user level.

ProActive Infrastructure Eric Brewer, David Culler, Anthony Joseph, Randy Katz Computer Science Division U.C. Berkeley ninja.cs.berkeley.edu Active Networks.

Distributed Information Systems - The Client server model

Interpret Application Specifications

How Clients and Servers Work Together. Objectives Learn about the interaction of clients and servers Explore the features and functions of Web servers.

Little Demonstration of the Power in Discovery Jason Hill, Steve Ross David E. Culler Computer Science Division U.C. Berkeley.

Client/Server Architecture

Installing and Maintaining ISA Server. Planning an ISA Server Deployment Understand the current network infrastructure Review company security policies.

Web-based Portal for Discovery, Retrieval and Visualization of Earth Science Datasets in Grid Environment Zhenping (Jane) Liu.

Managing Client Access

IT 210 The Internet & World Wide Web introduction.

Module 10: Designing an AD RMS Infrastructure in Windows Server 2008.

Aurora: A Conceptual Model for Web-content Adaptation to Support the Universal Accessibility of Web-based Services Anita W. Huang, Neel Sundaresan Presented.

Module 13: Network Load Balancing Fundamentals. Server Availability and Scalability Overview Windows Network Load Balancing Configuring Windows Network.

Chapter 6: Packet Filtering

MSS*: Chapter 3 Shopping carts & Payment gateways * McClure, Stuart, Saumil Shah, and Shreeraj Shah. Web Hacking: attacks and defense. Addison Wesley.

Implementing ISA Server Publishing. Introduction What Are Web Publishing Rules? ISA Server uses Web publishing rules to make Web sites on protected networks.

Jaeki Song ISQS6337 JAVA Lecture 16 Other Issues in Java.

Remote Access Chapter 4. Learning Objectives Understand implications of IEEE 802.1x and how it is used Understand VPN technology and its uses for securing.

Presented by Xiaoyu Qin Virtualized Access Control & Firewall Virtualization.

Designing System for Internet Commerce 6. Functional Architecture Jinwon Lee.

Chapter 1 Lecture 2 By :Jigar M Pandya WCMP 1. Architecture of Mobile Computing The three tier architecture contains the user interface or the presentation.

Protecting Internet Communications: Encryption  Encryption: Process of transforming plain text or data into cipher text that cannot be read by anyone.

Unit – I CLIENT / SERVER ARCHITECTURE. Unit Structure  Evolution of Client/Server Architecture  Client/Server Model  Characteristics of Client/Server.

XMPP Concrete Implementation Updates: 1. Why XMPP 2 »XMPP protocol provides capabilities that allows realization of the NHIN Direct. Simple – Built on.

1 Vigil : Enforcing Security in Ubiquitous Environments Authors : Lalana Kagal, Jeffrey Undercoffer, Anupam Joshi, Tim Finin Presented by : Amit Choudhri.

1 Welcome to CSC 301 Web Programming Charles Frank.

Network Security. 2 SECURITY REQUIREMENTS Privacy (Confidentiality) Data only be accessible by authorized parties Authenticity A host or service be able.

Building Security into Your System Bill Major Gregory Ponto.

1 Security Protocols in the Internet Source: Chapter 31 Data Communications & Networking Forouzan Third Edition.

Week 10-11c Attacks and Malware III. Remote Control Facility distinguishes a bot from a worm distinguishes a bot from a worm worm propagates itself and.

Introduction Infrastructure for pervasive computing has many challenges: 1)pervasive computing is a large aspect which includes hardware side (mobile phones,portable.

Lecture 6: Sun: 8/5/1435 Distributed Applications Lecturer/ Kawther Abas CS- 492 : Distributed system & Parallel Processing.

1 CMPT 275 High Level Design Phase Modularization.

TCP/IP (Transmission Control Protocol / Internet Protocol)

PwC New Technologies New Risks. PricewaterhouseCoopers Technology and Security Evolution Mainframe Technology –Single host –Limited Trusted users Security.

Security Patterns for Web Services 02/03/05 Nelly A. Delessy.

Security fundamentals Topic 5 Using a Public Key Infrastructure.

ProActive Infrastructure Eric Brewer, David Culler, Anthony Joseph, Randy Katz Computer Science Division U.C. Berkeley ninja.cs.berkeley.edu Active Networks.

© Copyright 2009 SSLPost 01. © Copyright 2009 SSLPost 02 a recipient is sent an encrypted that contains data specific to that recipient the data.

NINJA. Project of UC Berkeley Computer Science Division Paper : The Ninja Architecture for Robust Internet-Scale Systems and Services

Introduction to Active Directory

PARALLEL AND DISTRIBUTED PROGRAMMING MODELS U. Jhashuva 1 Asst. Prof Dept. of CSE om.

START Application Spencer Johnson Jonathan Barella Cohner Marker.

E-commerce Architecture Ayşe Başar Bener. Client Server Architecture E-commerce is based on client/ server architecture –Client processes requesting service.

The Ninja Architecture for Robust Internet-Scale Systems and Services UC Berkeley Computer Science Division 2002 년 10 월 9 일 박준호.

Chapter 8 E-Commerce Technologies Introduction to Business Information Systems by Mark Huber, Craig Piercy, Patrick McKeown, and James Norrie.

Network Infrastructure Services Supporting WAP Clients

Server Concepts Dr. Charles W. Kann.

Software Design and Architecture

Distributed Systems Bina Ramamurthy 11/12/2018 From the CDK text.

Distributed Systems Bina Ramamurthy 11/30/2018 B.Ramamurthy.

Distributed Systems Bina Ramamurthy 12/2/2018 B.Ramamurthy.

THREE TIER MOBILE COMPUTING ARCHITECTURE

Windows Server Administration Fundamentals

Distributed Systems Bina Ramamurthy 4/22/2019 B.Ramamurthy.

Presentation transcript:

A Security Framework for a World of Post-PC Clients and Infrastructure-based Services Steven Ross, Jason Hill, Michael Chen, Anthony D. Joseph, David E. Culler, Eric A. Brewer Computer Science Division U.C. Berkeley {stevross, jhill, mikechen, adj, culler,

Typical (Traditional) Internet Service Assumes: Private / trusted access device and software Sufficient computational resources to secure connection and display content HTTP/SSL

Scenario: Kiosks - Untrusted Endpoints Public (untrusted) computers will be pervasive Content filter –hides private information Control filter –limits operations performed Decrease the content value instead of increasing the security level

Scenario: Low Power Info Appliances Limited computational abilities Low physical security Low reliability Limited input and display capabilities Users have multiple devices

Enable Secure Access from all Devices Security is fundamental to Universal Computing Tremendous diversity emerging –No pre-planning: wide array of services and clients –Info flowing over wide array of insecure links and clients Key leverage: Composable Secure Services –Automating scalability and availability eases task authoring –Build new services from component services Key Tool: Transcoding Operators –Adapt content, and security level to desired use

Bridging the Gap Stock Trading Banking Mail PDA Kiosk Cell Phone Pager Desktop Laptop Trusted Infrastructure Composable Security Framework

Content Transformers Client Side –Decouple device I/O capabilities from services –New client transformer enables access existing content Server Side –Transform content and control to canonical representation »Filtered by application logic »Easily rendered by client side content transformer CT c CT s Stock Trading Banking Mail PDA Kiosk Cell Phone Pager Desktop Laptop Trusted Infrastructure Composable Security Framework CT: Content Transformer

Security Adaptors Secure channel in depends on device capabilities Secure channel out depends on Internet service Examples –Low power info appliance –International Kiosk SA Stock Trading Banking Mail PDA Kiosk Cell Phone Pager Desktop Laptop Trusted Infrastructure Composable Security Framework SA: Security Adapter CT: Content Transformer CT c CT s

Identity Service Secure repository Key component for enabling access from untrusted endpoints Critical level of indirection and information hiding Mitigates problem of replicating identities Promotes use of secure username/password pairs Identity Service SA CT c CT s SA Stock Trading Banking Mail PDA Kiosk Cell Phone Pager Desktop Laptop Trusted Infrastructure Composable Security Framework SA: Security Adapter CT: Content Transformer

Filter and Control Modifier Identity Translation Add new or remove existing control functionality –Add logout button –Remove ability to trade, write checks, drop class, etc. Remove sensitive content –Account balances, addresses, names Identity Service SA CT c FCM CT s SA Stock Trading Banking Mail PDA Kiosk Cell Phone Pager Desktop Laptop Trusted Infrastructure Composable Security Framework SA: Security Adapter CT: Content Transformer FCM: Filter & Control Modifier

Illustration: Datek Access from Kiosk Kiosk browser interacts with security adaptor Identity Service SA SSL CT c FCM CT s SA SSL Datek Kiosk Trusted Infrastructure Composable Security Framework SSL SA: Security Adapter CT: Content Transformer FCM: Filter & Control Modifier

Illustration: Datek Access from Kiosk HTTP request passed to FCM no content transformer in prototype Identity Service SA SSL CT c FCM CT s SA SSL Datek Kiosk Trusted Infrastructure Composable Security Framework SSL SA: Security Adapter CT: Content Transformer FCM: Filter & Control Modifier

Illustration: Datek Access from Kiosk FCM authenticates pseudonym and one time password Substitutes real identity Identity Service SA SSL CT c FCM CT s SA SSL Datek Kiosk User Identity Trusted Infrastructure Composable Security Framework SSL SA: Security Adapter CT: Content Transformer FCM: Filter & Control Modifier

Illustration: Datek Access from Kiosk FCM passes substituted data through to outgoing security adaptor Identity Service SA SSL CT c FCM CT s SA SSL Datek Kiosk User Identity Trusted Infrastructure Composable Security Framework SSL SA: Security Adapter CT: Content Transformer FCM: Filter & Control Modifier

Illustration: Datek Access from Kiosk SA communicates with Datek Service FCM Filters all remaining traffic –Removes sensitive information: i.e. account name, address –Performs control filtering: adds logout button Identity Service SA SSL CT c FCM CT s SA SSL Datek Kiosk User Identity Trusted Infrastructure Composable Security Framework SSL SA: Security Adapter CT: Content Transformer FCM: Filter & Control Modifier

Illustration: Datek Access from PDA Pilot connects to security adaptor Identity Service SA Blowfish CT c FCM CT s SA SSL Stock Trading PDA Trusted Infrastructure Composable Security Framework Blowfish SA: Security Adapter CT: Content Transformer FCM: Filter & Control Modifier

Illustration: Datek Access from PDA Shared secret key identity verified Identity Service SA Blowfish CT c FCM CT s SA SSL Stock Trading PDA Trusted Infrastructure Composable Security Framework SA: Security Adapter CT: Content Transformer FCM: Filter & Control Modifier

Illustration: Datek Access from PDA Content transformer –simple pilot commands to http requests –html to plain text pilot app format Identity Service SA Blowfish CT c FCM CT s SA SSL Stock Trading PDA Trusted Infrastructure Composable Security Framework SA: Security Adapter CT: Content Transformer FCM: Filter & Control Modifier

Illustration: Datek Access from PDA FCM examines HTTP requests performs identity substitution Identity Service SA Blowfish CT c FCM CT s SA SSL Stock Trading PDA Auth Client User Identity Trusted Infrastructure Composable Security Framework SA: Security Adapter CT: Content Transformer FCM: Filter & Control Modifier

Illustration: Datek Access from PDA Modified packets sent to security adaptor Identity Service SA Blowfish CT c FCM CT s SA SSL Stock Trading PDA Auth Client User Identity Trusted Infrastructure Composable Security Framework SA: Security Adapter CT: Content Transformer FCM: Filter & Control Modifier

Illustration: Datek Access from PDA Security Adaptor establishes HTTPS connection to Datek service Identity Service SA Blowfish CT c FCM CT s SA SSL Stock Trading PDA Auth Client User Identity Trusted Infrastructure Composable Security Framework SA: Security Adapter CT: Content Transformer FCM: Filter & Control Modifier

Composable Security Framework Paths from devices to services can be dynamically created Multiple transcoders may be composed for a path Identity Service SA CT c FCM CT s SA FCM Stock Trading Banking Mail PDA Kiosk Cell Phone Pager Desktop Laptop Auth Client User Identity Auth Service Trusted Infrastructure Composable Security Framework SA: Security Adapter CT: Content Transformer FCM: Filter & Control Modifier

Key Design Points Security and Content both transformed –Security adaptors based on device capability and link –Information hiding based on device, user role, and link Composing services –Trust model must be carefully considered Extensible –New devices easily added by writing appropriate component if it doesn’t already exist Scalability/ Fault Tolerance –Runs in Ninja distributed execution environment –Components replicated among nodes in cluster

Other Applications Meta-trade environment –Aggregation: provide most valuable composition of content Multi-user or manager account –Owner of account can view all content –Account manager only views selected pieces essential to role –Example: Trade-bot only needs stock quotes and rules –Account value, and private information hidden from Trade-bot Short lived and persistent pseudonyms Support sharing of PDAs –Now have untrusted low power device –Compose kiosk FCM and PDA components to handle scenario

Security Assessment Untrusted endpoint –May still alter information Identity Service –A primary point to attack PDA Keys –I/O methods limit strength of generated keys Dynamic Trust Model –New Functionality added »I.e. Citibank online payment –User must explicitly grant functionality for each profile

Future Work Implementation of additional content, control and security transformer –Additional web services –Other services » IMAP, LDAP, e-commerce, etc –Additional Devices »Pagers, phones Development of common data change format for FCM –XML for canonical representation, XSL for rendering to device

Take-Away New security requirements of Post-PC devices –Supports access from insecure endpoints –Precise control of information exposure (access device / role) Composable Services in the infrastructure –New level of “programming” Towards an Architecture for Universal Computing –Diverse concurrent development: 1 to many, meta-svcs, aggregation svcs –Many to one, heterogeneous clients Eureka phenomenon –Most fundamental services probably yet to be discovered »Ex: identity service –Only find them by building the world and living in it

A Security Framework for a World of Post-PC Clients and Infrastructure-based Services Steven Ross, Jason Hill, Michael Chen, Anthony D. Joseph, David E. Culler, Eric A. Brewer Computer Science Division U.C. Berkeley {stevross, jhill, mikechen, adj, culler,