Presentation is loading. Please wait.

Presentation is loading. Please wait.

19 December 1998EMGnet meeting INRIA Rhône-Alpes1 An Overview of Security Issues in the Web José KAHAN OBLATT W3C/INRIA 19 December 1998.

Published byCecilia Bennett Modified over 9 years ago

Similar presentations

Presentation on theme: "19 December 1998EMGnet meeting INRIA Rhône-Alpes1 An Overview of Security Issues in the Web José KAHAN OBLATT W3C/INRIA 19 December 1998."— Presentation transcript:

1 19 December 1998EMGnet meeting INRIA Rhône-Alpes1 An Overview of Security Issues in the Web José KAHAN OBLATT W3C/INRIA jose@w3.org 19 December 1998

2 EMGnet meeting INRIA Rhône-Alpes2 Disclaimer The following slides represent the author’s personal opinion and not necessarily that of the W3C or of INRIA.

3 19 December 1998EMGnet meeting INRIA Rhône-Alpes3 Outline Architecture Web Security problems Security measures Conclusion

4 19 December 1998EMGnet meeting INRIA Rhône-Alpes4 Hypertext information model (linking of documents) Client/Server consultation protocol ? documentsserver usertransaction Internet Architecture of the Web

5 19 December 1998EMGnet meeting INRIA Rhône-Alpes5 Unauthorized release of information Security problems : confidentiality ? ? Internet pirate user

6 19 December 1998EMGnet meeting INRIA Rhône-Alpes6 Security problems: integrity Unauthorized modification of information ? Internet pirate user

7 19 December 1998EMGnet meeting INRIA Rhône-Alpes7 Security measures authentication authorization firewalls encryption Access control

8 19 December 1998EMGnet meeting INRIA Rhône-Alpes8 Mathematical transformation of a message -Document confidentiality -Document integrity -Server authentication -Client authentication EncryptDecrypt Hello Hel Hello plaintextcyphertextplaintext encryption key decryption key Encryption: principles

9 19 December 1998EMGnet meeting INRIA Rhône-Alpes9 Symmetric (secret key) cryptography Same key used for encryption and decryption Asymmetric (public key) cryptography Different keys used for encryption and decryption Supported by commercial browsers: SSL, TLS BUT: legal problems in some countries Encryption: mechanisms

10 19 December 1998EMGnet meeting INRIA Rhône-Alpes10 Reference Monitor user resources request operation noeuds deny authorize security database guard consult security administrator update Access control model

11 19 December 1998EMGnet meeting INRIA Rhône-Alpes11 Access control: authentication Verifying the identity of a user identity, proof of identity security database

12 19 December 1998EMGnet meeting INRIA Rhône-Alpes12 Web authentication mechanisms

13 19 December 1998EMGnet meeting INRIA Rhône-Alpes13 Access control: authorization Verifying the access rights of a user identity, proof of identity security database ?

14 19 December 1998EMGnet meeting INRIA Rhône-Alpes14 Web authorization mechanisms Access control lists (ACL) Roles, groups : simple user administration Capabilities : exchange of access control information in the request

15 19 December 1998EMGnet meeting INRIA Rhône-Alpes15 Personal experience Existing security mechanisms can solve most of the problems of confidentiality and integrity Difficult part: defining a security policy set of rules describing the behavior of users in a system Choice of security mechanisms: performance versus simple user administration User education is important

16 19 December 1998EMGnet meeting INRIA Rhône-Alpes16 Some security issues in EMGnet Encryption of data exchanges? Which authentication mechanism? Distribution or centralization of security database? Set of access rights? ACLs, capabilities, or both? User administration! Tip: reuse existing technology when possible

Download ppt "19 December 1998EMGnet meeting INRIA Rhône-Alpes1 An Overview of Security Issues in the Web José KAHAN OBLATT W3C/INRIA 19 December 1998."

Similar presentations

Chapter 10 Encryption: A Matter of Trust. Awad –Electronic Commerce 1/e © 2002 Prentice Hall 2 OBJECTIVES What is Encryption? Basic Cryptographic Algorithm.

Chapter 10 Encryption: A Matter of Trust. Awad –Electronic Commerce 1/e © 2002 Prentice Hall 2 OBJECTIVES What is Encryption? Basic Cryptographic Algorithm.
Public Key Infrastructure and Applications

Public Key Infrastructure and Applications
Akshat Sharma Samarth Shah

Akshat Sharma Samarth Shah
Spring 2000CS 4611 Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.

Spring 2000CS 4611 Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.
Cryptography Chapter 7 Part 4 Pages 833 to 874. PKI Public Key Infrastructure Framework for Public Key Cryptography and for Secret key exchange.

Cryptography Chapter 7 Part 4 Pages 833 to 874. PKI Public Key Infrastructure Framework for Public Key Cryptography and for Secret key exchange.
TLS. 14.1 Introduction 14.2 TLS Record Protocol 14.3 TLS Handshake Protocol 14.4 Summary.

TLS Introduction 14.2 TLS Record Protocol 14.3 TLS Handshake Protocol 14.4 Summary.
Cryptography and Network Security

Cryptography and Network Security
Slides by Kent Seamons and Tim van der Horst Last Updated: Nov 8, 2013.

Slides by Kent Seamons and Tim van der Horst Last Updated: Nov 8, 2013.
Environmental Council of States Network Authentication and Authorization Services The Shared Security Component February 28, 2005.

Environmental Council of States Network Authentication and Authorization Services The Shared Security Component February 28, 2005.
Public Key Infrastructure (PKI) Providing secure communications and authentication over an open network.

Public Key Infrastructure (PKI) Providing secure communications and authentication over an open network.
Exchange Network Key Management Services A Security Component February 28, 2005 The Exchange Network Node Mentoring Workshop.

Exchange Network Key Management Services A Security Component February 28, 2005 The Exchange Network Node Mentoring Workshop.
Principles of Information Security, 2nd edition1 Cryptography.

Principles of Information Security, 2nd edition1 Cryptography.
Client/Server Computing Model of computing in which very powerful personal computers (clients) are connected in a network with one or more server computers.

Client/Server Computing Model of computing in which very powerful personal computers (clients) are connected in a network with one or more server computers.
Lecture III : Communication Security, Services & Mechanisms Internet Security: Principles & Practices John K. Zao, PhD SMIEEE National Chiao-Tung University.

Lecture III : Communication Security, Services & Mechanisms Internet Security: Principles & Practices John K. Zao, PhD SMIEEE National Chiao-Tung University.
Lesson Title: Introduction to Cryptography Dale R. Thompson Computer Science and Computer Engineering Dept. University of Arkansas

Lesson Title: Introduction to Cryptography Dale R. Thompson Computer Science and Computer Engineering Dept. University of Arkansas
Spring 2003CS 4611 Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.

Spring 2003CS 4611 Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.
Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.

Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.
Internet Security Terms and Techniques Chris Avram Faculty of Information Technology Monash University 1U-Cubed ‘99Chris Avram.

Internet Security Terms and Techniques Chris Avram Faculty of Information Technology Monash University 1U-Cubed ‘99Chris Avram.
Chapter 8 Web Security.

Chapter 8 Web Security.
Seguridad en Sistemas de Información Francisco Rodríguez Henríquez SSL/TLS: An Introduction.

Seguridad en Sistemas de Información Francisco Rodríguez Henríquez SSL/TLS: An Introduction.

Similar presentations

Ads by Google