Presentation is loading. Please wait.

Presentation is loading. Please wait.

Security considerations for notifications. Issues  Security needs/threats  Application domains  Security areas  Trust models for security.

Similar presentations


Presentation on theme: "Security considerations for notifications. Issues  Security needs/threats  Application domains  Security areas  Trust models for security."— Presentation transcript:

1 Security considerations for notifications

2 Issues  Security needs/threats  Application domains  Security areas  Trust models for security

3 Security application domains  Printing notifications  Stock market tickers  Online multi-player gaming  Inter-process communication  Presence information  Instant messages

4 Security needs  Authentication  A message is sent by the source it claims to be sent by  No spurious messages  Encryption  A message can only be received by the entity it is addressed to  ACLs  groups, delegation, revocation  by step, e.g. subscribe, send notifications, etc.

5 Security needs (contd.)  Subscriber information  Who’s subscribed  Who’s checking a resource  History of who’s checking a resource  Protect against denial-of-service attacks  Transaction volume (flood attacks)  Spurious hostnames  Attacks against sub-components  e.g. directory services

6 Security needs (contd.)  Protect against delay attacks for time-critical applications  Protect against message tampering  Secure billing systems  Tiered security  “Orange book” - style security?  Security vs simplicity

7 Trust models: “hop-by-hop” vs “end-to-end”  “Channel security” vs “Object security”  e.g. IP Sec, GSSAPI vs S/MIME  Which one?  Degree of control by intermediaries  Routing information  Granularity of control  Content-based filtering  Speed tradeoffs  Available infrastructure  User convenience  e.g. poor portability of certificates


Download ppt "Security considerations for notifications. Issues  Security needs/threats  Application domains  Security areas  Trust models for security."

Similar presentations


Ads by Google