1. Security considerations for notifications

2. Issues  Security needs/threats  Application domains  Security areas  Trust models for security

3. Security application domains  Printing notifications  Stock market tickers  Online multi-player gaming  Inter-process communication  Presence information  Instant messages

4. Security needs  Authentication  A message is sent by the source it claims to be sent by  No spurious messages  Encryption  A message can only be received by the entity it is addressed to  ACLs  groups, delegation, revocation  by step, e.g. subscribe, send notifications, etc.

5. Security needs (contd.)  Subscriber information  Who’s subscribed  Who’s checking a resource  History of who’s checking a resource  Protect against denial-of-service attacks  Transaction volume (flood attacks)  Spurious hostnames  Attacks against sub-components  e.g. directory services

6. Security needs (contd.)  Protect against delay attacks for time-critical applications  Protect against message tampering  Secure billing systems  Tiered security  “Orange book” - style security?  Security vs simplicity

7. Trust models: “hop-by-hop” vs “end-to-end”  “Channel security” vs “Object security”  e.g. IP Sec, GSSAPI vs S/MIME  Which one?  Degree of control by intermediaries  Routing information  Granularity of control  Content-based filtering  Speed tradeoffs  Available infrastructure  User convenience  e.g. poor portability of certificates