Security considerations for notifications

1
Security considerations for notifications
2
Issues

• Security needs/threats
• Application domains
• Security areas
• Trust models for security

3
Security application domains

• Printing notifications
• Stock market tickers
• Online multi-player gaming
• Inter-process communication
• Presence information
• Instant messages

4
Security needs

• Authentication
• A message is sent by the source it claims to be
  sent by
• No spurious messages
• Encryption
• A message can only be received by the entity it
  is addressed to
• ACLs
• groups, delegation, revocation
• by step, e.g. subscribe, send notifications, etc.

5
Security needs (contd.)

• Subscriber information
• Whos subscribed
• Whos checking a resource
• History of whos checking a resource
• Protect against denial-of-service attacks
• Transaction volume (flood attacks)
• Spurious hostnames
• Attacks against sub-components
• e.g. directory services

6
Security needs (contd.)

• Protect against delay attacks for time-critical
  applications
• Protect against message tampering
• Secure billing systems
• Tiered security
• Orange book - style security?
• Security vs simplicity

7
Trust models hop-by-hop vs end-to-end

• Channel security vs Object security
• e.g. IP Sec, GSSAPI vs S/MIME
• Which one?
• Degree of control by intermediaries
• Routing information
• Granularity of control
• Content-based filtering
• Speed tradeoffs
• Available infrastructure
• User convenience
• e.g. poor portability of certificates