1 / 8

SEVA: Securing Extranets

The SEVA framework addresses security in Extranets by automating access control management, allowing for role-based delegation and fine-grained authorizations. It enables transparent protection mechanisms for clients and servers without requiring software modifications. Key features include strong cryptographic mechanisms, network-level access control, and lightweight tagging for application-level verification. SEVA integrates embedded technologies to facilitate secure communication and access rights management, ensuring strong security while preserving user experience. This paper discusses deployment issues, user management, and the overall architecture of SEVA.

cynara
Télécharger la présentation

SEVA: Securing Extranets

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. SEVA: Securing Extranets Yves ROUDIER, Refik MOLVA Institut Eurécom http://www.eurecom.fr/~nsteam/SEVA/

  2. Extranets: Deployment Issues "client" intranet "server" intranet ? User UserManagement User User NetworkAccess Control ApplicationAccess Control HTTP request client(browser) server(web) firewall ? ?

  3. SEVA: Overview • Automated management of access control • configuration and collaboration of security devices • delegation + role based access control • Transparent mechanism • retrofitting clients / servers without modification • using a remote network like a local one • Strong security • cryptographic mechanisms • fine grained authorizations and resource scoping

  4. SEVA: Overall Architecture "client" intranet "server" intranet Initial Agreement(Role-Based Delegation) groups of resources Roles Defines Access Control rules - fine grained - application-level client(browser) server(web) Transparent and automatedenforcement

  5. User Interface "client" intranet "server" intranet • Transparent protection • unmodified client / server software • operation similar to local server • yet strong security • materialized by smartcard • enforced through traffic tagging Smartcard KS Updateaccess rights firewall client(browser) server(web) Traffic tagginglayer

  6. HTTP request HTTP request Traffic Tagging "client" intranet "server" intranet • Network-Level Access Control • stream authentication • Application-Level Access Control: • fine granularity (resource + operation) • application level • Lightweight Tagging • one-way function Traffic tagging Tag verification (access control) client(browser) server(web) firewall

  7. SEVA: Current Status • Working Prototype • Traffic tagging • Application-level verification mechanism • Role management and delegation • Resource management and scoping • Embedded technologies • SPKI • Handle System • Java Card • cryptography: Cryptix (Java), Cryptlib (C), GemXpresso

  8. Summary: Classical vs. SEVA Extranets • Access Control Management • identity / delegation+role • coarse / fine-grained • Access Control Location • definition: network+application / application only • enforcement: network+application / network only • Access Control Enforcement • configuration: manual / automated • user authentication: explicit / transparent

More Related