Download presentation
Presentation is loading. Please wait.
Published byJeffery Stafford Modified over 8 years ago
1
Security considerations for notifications
2
Issues Security needs/threats Application domains Security areas Trust models for security
3
Security application domains Printing notifications Stock market tickers Online multi-player gaming Inter-process communication Presence information Instant messages
4
Security needs Authentication A message is sent by the source it claims to be sent by No spurious messages Encryption A message can only be received by the entity it is addressed to ACLs groups, delegation, revocation by step, e.g. subscribe, send notifications, etc.
5
Security needs (contd.) Subscriber information Who’s subscribed Who’s checking a resource History of who’s checking a resource Protect against denial-of-service attacks Transaction volume (flood attacks) Spurious hostnames Attacks against sub-components e.g. directory services
6
Security needs (contd.) Protect against delay attacks for time-critical applications Protect against message tampering Secure billing systems Tiered security “Orange book” - style security? Security vs simplicity
7
Trust models: “hop-by-hop” vs “end-to-end” “Channel security” vs “Object security” e.g. IP Sec, GSSAPI vs S/MIME Which one? Degree of control by intermediaries Routing information Granularity of control Content-based filtering Speed tradeoffs Available infrastructure User convenience e.g. poor portability of certificates
Similar presentations
© 2025 SlidePlayer.com. Inc.
All rights reserved.