1 / 26

Security for Web Information Systems: Towards Compromise-Resilient Architectures

Security for Web Information Systems: Towards Compromise-Resilient Architectures. Web Information Systems Engineering (WISE). Introduction. Security services play an important role in assuring the reliability and integrity of any information system

marygreen
Télécharger la présentation

Security for Web Information Systems: Towards Compromise-Resilient Architectures

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Security for Web Information Systems:Towards Compromise-Resilient Architectures Web Information Systems Engineering (WISE) confidential

  2. Introduction • Security services play an important role in assuring the reliability and integrity of any information system • The dynamic, distributed nature of Web Information Systems also introduces multiple points of potential security compromise • Compromise resilience is as important as compromise resistance confidential

  3. Basic Model Data Resource Agent • Model • Agents access Web information resources • Resources provide services and process data confidential

  4. Security Services Agent Resource Data Authentication: Who are you? Authorization: What can you do? Data protection: How is the data secured? confidential

  5. Authentication ApproachesWho are you? Agent Resource Data • Agents, resources exchange claims of identity • Authentication authority issues credentials, helps validate claims AuthenticationAuthority • Agents and resources have authentication credentials associated with their identities confidential

  6. Authorization ApproachesWhat can you do? Agent Resource Data • Authorization authority supports policy decisions • Resources enforce policy AuthorizationAuthority confidential

  7. Data Protection ApproachesHow is the data secured? Data Agent Resource • Stored data is encrypted • Key authority manages keys • -- which also need access control! KeyAuthority • Agents, resources exchange data through a secure channel confidential

  8. Typical Security Architecture Agent Resource Data AuthenticationAuthority KeyAuthority AuthorizationAuthority • Authorities support agents, resources in establishing security confidential

  9. Potential Security Compromises Agent Resource Attack Attack Attack Data AuthenticationAuthority KeyAuthority Attack Attack • Compromises happen. What’s the impact? • Replicated, mobile nature of system introduces multiple points of compromise AuthorizationAuthority Attack confidential

  10. Authentication Compromises Agent Resource Attack Data AuthenticationAuthority KeyAuthority AuthorizationAuthority • Agent can be impersonated to resource confidential

  11. Authentication Compromises Agent Resource Attack Data AuthenticationAuthority KeyAuthority AuthorizationAuthority • Resource can be impersonated to agent confidential

  12. Authentication Compromises Agent Resource Data AuthenticationAuthority KeyAuthority Attack AuthorizationAuthority • Anyone can be impersonated! • Attack the authority, and/or its administrators confidential

  13. Authorization Compromises Agent Resource Data AuthenticationAuthority KeyAuthority AuthorizationAuthority Attack • Anyone can be authorized! • Attack the authority, and/or its administrators confidential

  14. Data Protection Compromises Agent Resource Data AuthenticationAuthority KeyAuthority Attack • Any key can be recovered! • But data remains secure unless encrypted data also compromised AuthorizationAuthority confidential

  15. Data Protection Compromises Agent Resource Attack Data AuthenticationAuthority KeyAuthority AuthorizationAuthority • Any encrypted data can be recovered! • But data remains secure unless keys also compromised confidential

  16. Compromise Resilience Agent Resource Attack Attack Attack Data AuthenticationAuthority KeyAuthority Attack Attack AuthorizationAuthority Attack • How do you mitigate the risk? • Resilience vs. resistance confidential

  17. Authentication Compromise Resilience Agent Resource Data • Agent’s credentials should be short-lived and context-specific • Home agent supports agent in obtaining them • Resource’s credentials can be similarly strengthened AuthenticationAuthority HomeAgent confidential

  18. Authentication Compromise Resilience Agent Resource Data • Authentication authority’s credentials and validation data should be short-lived • Master authority manages distribution of data and credentials AuthenticationAuthority HomeAgent MasterAuthenticationAuthority confidential

  19. Authentication Compromise Resilience Agent Resource Data AuthenticationAuthority HomeAgent • Multi-administrator and multi-authority approaches can also help MasterAuthenticationAuthority confidential

  20. Authorization Compromise Resilience Agent Resource Data AuthorizationAuthority • Authorization authority’s credentials should be short-lived • Multi-administrator or -authority also helps MasterAuthorizationAuthority confidential

  21. Data Protection Compromise Resilience Agent Resource Data KeyAuthority KeyAuthority KeyAuthority KeyAuthority • Secret sharing reduces impact of compromise of one key authority • Trusted execution protects keys in field confidential

  22. Data Protection Compromise Resilience Agent Resource Data KeyAuthority KeyAuthority KeyAuthority KeyAuthority • Proactive secret sharing maintains resilience by updating shares periodically • Distributed cryptography uses keys in split form confidential

  23. ResilienceManager A Resilient Security ArchitectureAnticipating compromise mitigates risk Agent Resource Data KeyAuthority KeyAuthority AuthenticationAuthority KeyAuthority AuthorizationAuthority HomeAgent MasterAuthenticationAuthority MasterAuthorizationAuthority confidential

  24. Observations • Countermeasures such as short-lived, context-specific credentials, secret sharing limit impact of security compromises • The distributed nature of Web Information Systems facilitates such countermeasures • New components easily introduced into architecture • Web Information Systems can lead the industry in compromise resilience confidential

  25. Conclusion: Two Questions • What do you call an attacker who compromises a Web Information System? Answer : a WISE-Cracker • What do you call a Web Information System that is resilient against such compromise? Answer : a Web Information System Engineered with Resilience = WISER confidential

  26. confidential 26 26

More Related