Presentation is loading. Please wait.

Presentation is loading. Please wait.

A Security Framework for a World of Post-PC Clients and Infrastructure-based Services Steven Ross, Jason Hill, Michael Chen, Anthony D. Joseph, David E.

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "A Security Framework for a World of Post-PC Clients and Infrastructure-based Services Steven Ross, Jason Hill, Michael Chen, Anthony D. Joseph, David E."— Presentation transcript:

1 A Security Framework for a World of Post-PC Clients and Infrastructure-based Services Steven Ross, Jason Hill, Michael Chen, Anthony D. Joseph, David E. Culler, Eric A. Brewer Computer Science Division U.C. Berkeley {stevross, jhill, mikechen, adj, culler, brewer}@cs.berkeley.edu http://www.cs.berkeley.edu/~stevross

2 Typical (Traditional) Internet Service Assumes: Private / trusted access device and software Sufficient computational resources to secure connection and display content HTTP/SSL

3 Scenario: Kiosks - Untrusted Endpoints Public (untrusted) computers will be pervasive Content filter –hides private information Control filter –limits operations performed Decrease the content value instead of increasing the security level

4 Scenario: Low Power Info Appliances Limited computational abilities Low physical security Low reliability Limited input and display capabilities Users have multiple devices

5 Enable Secure Access from all Devices Security is fundamental to Universal Computing Tremendous diversity emerging –No pre-planning: wide array of services and clients –Info flowing over wide array of insecure links and clients Key leverage: Composable Secure Services –Automating scalability and availability eases task authoring –Build new services from component services Key Tool: Transcoding Operators –Adapt content, and security level to desired use

6 Bridging the Gap Stock Trading Banking Mail PDA Kiosk Cell Phone Pager Desktop Laptop Trusted Infrastructure Composable Security Framework

7 Content Transformers Client Side –Decouple device I/O capabilities from services –New client transformer enables access existing content Server Side –Transform content and control to canonical representation »Filtered by application logic »Easily rendered by client side content transformer CT c CT s Stock Trading Banking Mail PDA Kiosk Cell Phone Pager Desktop Laptop Trusted Infrastructure Composable Security Framework CT: Content Transformer

8 Security Adaptors Secure channel in depends on device capabilities Secure channel out depends on Internet service Examples –Low power info appliance –International Kiosk SA Stock Trading Banking Mail PDA Kiosk Cell Phone Pager Desktop Laptop Trusted Infrastructure Composable Security Framework SA: Security Adapter CT: Content Transformer CT c CT s

9 Identity Service Secure repository Key component for enabling access from untrusted endpoints Critical level of indirection and information hiding Mitigates problem of replicating identities Promotes use of secure username/password pairs Identity Service SA CT c CT s SA Stock Trading Banking Mail PDA Kiosk Cell Phone Pager Desktop Laptop Trusted Infrastructure Composable Security Framework SA: Security Adapter CT: Content Transformer

10 Filter and Control Modifier Identity Translation Add new or remove existing control functionality –Add logout button –Remove ability to trade, write checks, drop class, etc. Remove sensitive content –Account balances, email addresses, names Identity Service SA CT c FCM CT s SA Stock Trading Banking Mail PDA Kiosk Cell Phone Pager Desktop Laptop Trusted Infrastructure Composable Security Framework SA: Security Adapter CT: Content Transformer FCM: Filter & Control Modifier

11 Illustration: Datek Access from Kiosk Kiosk browser interacts with security adaptor Identity Service SA SSL CT c FCM CT s SA SSL Datek Kiosk Trusted Infrastructure Composable Security Framework SSL SA: Security Adapter CT: Content Transformer FCM: Filter & Control Modifier

12 Illustration: Datek Access from Kiosk HTTP request passed to FCM no content transformer in prototype Identity Service SA SSL CT c FCM CT s SA SSL Datek Kiosk Trusted Infrastructure Composable Security Framework SSL SA: Security Adapter CT: Content Transformer FCM: Filter & Control Modifier

13 Illustration: Datek Access from Kiosk FCM authenticates pseudonym and one time password Substitutes real identity Identity Service SA SSL CT c FCM CT s SA SSL Datek Kiosk User Identity Trusted Infrastructure Composable Security Framework SSL SA: Security Adapter CT: Content Transformer FCM: Filter & Control Modifier

14 Illustration: Datek Access from Kiosk FCM passes substituted data through to outgoing security adaptor Identity Service SA SSL CT c FCM CT s SA SSL Datek Kiosk User Identity Trusted Infrastructure Composable Security Framework SSL SA: Security Adapter CT: Content Transformer FCM: Filter & Control Modifier

15 Illustration: Datek Access from Kiosk SA communicates with Datek Service FCM Filters all remaining traffic –Removes sensitive information: i.e. account name, email address –Performs control filtering: adds logout button Identity Service SA SSL CT c FCM CT s SA SSL Datek Kiosk User Identity Trusted Infrastructure Composable Security Framework SSL SA: Security Adapter CT: Content Transformer FCM: Filter & Control Modifier

16 Illustration: Datek Access from PDA Pilot connects to security adaptor Identity Service SA Blowfish CT c FCM CT s SA SSL Stock Trading PDA Trusted Infrastructure Composable Security Framework Blowfish SA: Security Adapter CT: Content Transformer FCM: Filter & Control Modifier

17 Illustration: Datek Access from PDA Shared secret key identity verified Identity Service SA Blowfish CT c FCM CT s SA SSL Stock Trading PDA Trusted Infrastructure Composable Security Framework SA: Security Adapter CT: Content Transformer FCM: Filter & Control Modifier

18 Illustration: Datek Access from PDA Content transformer –simple pilot commands to http requests –html to plain text pilot app format Identity Service SA Blowfish CT c FCM CT s SA SSL Stock Trading PDA Trusted Infrastructure Composable Security Framework SA: Security Adapter CT: Content Transformer FCM: Filter & Control Modifier

19 Illustration: Datek Access from PDA FCM examines HTTP requests performs identity substitution Identity Service SA Blowfish CT c FCM CT s SA SSL Stock Trading PDA Auth Client User Identity Trusted Infrastructure Composable Security Framework SA: Security Adapter CT: Content Transformer FCM: Filter & Control Modifier

20 Illustration: Datek Access from PDA Modified packets sent to security adaptor Identity Service SA Blowfish CT c FCM CT s SA SSL Stock Trading PDA Auth Client User Identity Trusted Infrastructure Composable Security Framework SA: Security Adapter CT: Content Transformer FCM: Filter & Control Modifier

21 Illustration: Datek Access from PDA Security Adaptor establishes HTTPS connection to Datek service Identity Service SA Blowfish CT c FCM CT s SA SSL Stock Trading PDA Auth Client User Identity Trusted Infrastructure Composable Security Framework SA: Security Adapter CT: Content Transformer FCM: Filter & Control Modifier

22 Composable Security Framework Paths from devices to services can be dynamically created Multiple transcoders may be composed for a path Identity Service SA CT c FCM CT s SA FCM Stock Trading Banking Mail PDA Kiosk Cell Phone Pager Desktop Laptop Auth Client User Identity Auth Service Trusted Infrastructure Composable Security Framework SA: Security Adapter CT: Content Transformer FCM: Filter & Control Modifier

23 Key Design Points Security and Content both transformed –Security adaptors based on device capability and link –Information hiding based on device, user role, and link Composing services –Trust model must be carefully considered Extensible –New devices easily added by writing appropriate component if it doesn’t already exist Scalability/ Fault Tolerance –Runs in Ninja distributed execution environment –Components replicated among nodes in cluster

24 Other Applications Meta-trade environment –Aggregation: provide most valuable composition of content Multi-user or manager account –Owner of account can view all content –Account manager only views selected pieces essential to role –Example: Trade-bot only needs stock quotes and rules –Account value, and private information hidden from Trade-bot Short lived and persistent pseudonyms Support sharing of PDAs –Now have untrusted low power device –Compose kiosk FCM and PDA components to handle scenario

25 Security Assessment Untrusted endpoint –May still alter information Identity Service –A primary point to attack PDA Keys –I/O methods limit strength of generated keys Dynamic Trust Model –New Functionality added »I.e. Citibank online payment –User must explicitly grant functionality for each profile

26 Future Work Implementation of additional content, control and security transformer –Additional web services –Other services » IMAP, LDAP, e-commerce, etc –Additional Devices »Pagers, phones Development of common data change format for FCM –XML for canonical representation, XSL for rendering to device

27 Take-Away New security requirements of Post-PC devices –Supports access from insecure endpoints –Precise control of information exposure (access device / role) Composable Services in the infrastructure –New level of “programming” Towards an Architecture for Universal Computing –Diverse concurrent development: 1 to many, meta-svcs, aggregation svcs –Many to one, heterogeneous clients Eureka phenomenon –Most fundamental services probably yet to be discovered »Ex: identity service –Only find them by building the world and living in it

28 A Security Framework for a World of Post-PC Clients and Infrastructure-based Services Steven Ross, Jason Hill, Michael Chen, Anthony D. Joseph, David E. Culler, Eric A. Brewer Computer Science Division U.C. Berkeley {stevross, jhill, mikechen, adj, culler, brewer}@cs.berkeley.edu http://www.cs.berkeley.edu/~stevross

Download ppt "A Security Framework for a World of Post-PC Clients and Infrastructure-based Services Steven Ross, Jason Hill, Michael Chen, Anthony D. Joseph, David E."

Similar presentations

ICS 434 Advanced Database Systems

ICS 434 Advanced Database Systems
Filling the gap between users and objects: a multichannel interactive environment Davide Carboni, Gavino Paddeu, Stefano Sanna, Andrea Piras {dcarboni,

Filling the gap between users and objects: a multichannel interactive environment Davide Carboni, Gavino Paddeu, Stefano Sanna, Andrea Piras {dcarboni,
1Proprietary and Confidential AirVantage API – Getting started David SCIAMMA – June 13th 2014.

1Proprietary and Confidential AirVantage API – Getting started David SCIAMMA – June 13th 2014.
Grid Computing, B. Wilkinson, 20045a.1 Security Continued.

Grid Computing, B. Wilkinson, 20045a.1 Security Continued.
Topic 8: Secure communication in mobile devices. Choice of secure communication protocols, leveraging SSL for remote authentication and using HTTPS for.

Topic 8: Secure communication in mobile devices. Choice of secure communication protocols, leveraging SSL for remote authentication and using HTTPS for.
1 Configuring Internet- related services (April 22, 2015) © Abdou Illia, Spring 2015.

1 Configuring Internet- related services (April 22, 2015) © Abdou Illia, Spring 2015.
CSCI 530 Lab Firewalls. Overview Firewalls Capabilities Limitations What are we limiting with a firewall? General Network Security Strategies Packet Filtering.

CSCI 530 Lab Firewalls. Overview Firewalls Capabilities Limitations What are we limiting with a firewall? General Network Security Strategies Packet Filtering.
Module 5: Configuring Access for Remote Clients and Networks.

Module 5: Configuring Access for Remote Clients and Networks.
Client/Server Computing Model of computing in which very powerful personal computers (clients) are connected in a network with one or more server computers.

Client/Server Computing Model of computing in which very powerful personal computers (clients) are connected in a network with one or more server computers.
Notes to the presenter. I would like to thank Jim Waldo, Jon Bostrom, and Dennis Govoni. They helped me put this presentation together for the field.

Notes to the presenter. I would like to thank Jim Waldo, Jon Bostrom, and Dennis Govoni. They helped me put this presentation together for the field.
Introduction to PKI Seminar What is PKI? Robert Brentrup July 13, 2004.

Introduction to PKI Seminar What is PKI? Robert Brentrup July 13, 2004.
Towards I-Space Ninja Mini-Retreat June 11, 1997 David Culler, Steve Gribble, Mark Stemm, Matt Welsh Computer Science Division U.C. Berkeley.

Towards I-Space Ninja Mini-Retreat June 11, 1997 David Culler, Steve Gribble, Mark Stemm, Matt Welsh Computer Science Division U.C. Berkeley.
Internet…issues Managing the Internet

Internet…issues Managing the Internet
OCT1 Principles From Chapter One of “Distributed Systems Concepts and Design”

OCT1 Principles From Chapter One of “Distributed Systems Concepts and Design”
The Case for ICEBERG Integrated services from diverse networks-- “PANS” (Potentially Any Network Services) Service infrastructure that allows user level.

The Case for ICEBERG Integrated services from diverse networks-- “PANS” (Potentially Any Network Services) Service infrastructure that allows user level.
ProActive Infrastructure Eric Brewer, David Culler, Anthony Joseph, Randy Katz Computer Science Division U.C. Berkeley ninja.cs.berkeley.edu Active Networks.

ProActive Infrastructure Eric Brewer, David Culler, Anthony Joseph, Randy Katz Computer Science Division U.C. Berkeley ninja.cs.berkeley.edu Active Networks.
Distributed Information Systems - The Client server model

Distributed Information Systems - The Client server model
Interpret Application Specifications

Interpret Application Specifications
How Clients and Servers Work Together. Objectives Learn about the interaction of clients and servers Explore the features and functions of Web servers.

How Clients and Servers Work Together. Objectives Learn about the interaction of clients and servers Explore the features and functions of Web servers.
Little Demonstration of the Power in Discovery Jason Hill, Steve Ross David E. Culler Computer Science Division U.C. Berkeley.

Little Demonstration of the Power in Discovery Jason Hill, Steve Ross David E. Culler Computer Science Division U.C. Berkeley.

Similar presentations

Ads by Google