Security for Web Information Systems: Towards CompromiseResilient Architectures - PowerPoint PPT Presentation

1 / 27
About This Presentation
Title:

Security for Web Information Systems: Towards CompromiseResilient Architectures

Description:

Web Information Systems Engineering (WISE) 2005. November 21, 2005. Introduction. Security services play an important role in ... Answer: a WISE-Cracker ... – PowerPoint PPT presentation

Number of Views:51
Avg rating:3.0/5.0
Slides: 28
Provided by: BurtKa6
Category:

less

Transcript and Presenter's Notes

Title: Security for Web Information Systems: Towards CompromiseResilient Architectures


1
Security for Web Information SystemsTowards
Compromise-Resilient Architectures
  • Burt Kaliski, RSA SecurityWeb Information
    Systems Engineering (WISE) 2005November 21, 2005

2
Introduction
  • Security services play an important role in
    assuring the reliability and integrity of any
    information system
  • The dynamic, distributed nature of Web
    Information Systems also introduces multiple
    points of potential security compromise
  • Compromise resilience is as important as
    compromise resistance

3
Basic Model
Agent
Resource
Data
  • Model
  • Agents access Web information resources
  • Resources provide services and process data

4
Security Services
Agent
Resource
Data
Authentication Who are you? Authorization What
can you do? Data protection How is the data
secured?
5
Authentication ApproachesWho are you?
Agent
Resource
Data
AuthenticationAuthority
  • Agents, resources exchange claims of identity
  • Authentication authority issues credentials,
    helps validate claims
  • Agents and resources have authentication
    credentials associated with their identities

6
Authorization ApproachesWhat can you do?
Agent
Resource
Data
AuthorizationAuthority
  • Authorization authority supports policy
    decisions
  • Resources enforce policy

7
Data Protection ApproachesHow is the data
secured?
Agent
Resource
Data
KeyAuthority
  • Stored data is encrypted
  • Key authority manages keys
  • -- which also need access control!
  • Agents, resources exchange data through a
    secure channel

8
Typical Security Architecture
Agent
Resource
Data
AuthenticationAuthority
KeyAuthority
AuthorizationAuthority
  • Authorities support agents, resources in
    establishing security

9
Potential Security Compromises
Agent
Resource
Attack
Attack
Attack
Data
AuthenticationAuthority
KeyAuthority
Attack
Attack
AuthorizationAuthority
Attack
  • Compromises happen. Whats the impact?
  • Replicated, mobile nature of system introduces
    multiple points of compromise

10
Authentication Compromises
Agent
Resource
Attack
Data
AuthenticationAuthority
KeyAuthority
AuthorizationAuthority
  • Agent can be impersonated to resource

11
Authentication Compromises
Agent
Resource
Attack
Data
AuthenticationAuthority
KeyAuthority
AuthorizationAuthority
  • Resource can be impersonated to agent

12
Authentication Compromises
Agent
Resource
Data
AuthenticationAuthority
KeyAuthority
Attack
AuthorizationAuthority
  • Anyone can be impersonated!
  • Attack the authority, and/or its administrators

13
Authorization Compromises
Agent
Resource
Data
AuthenticationAuthority
KeyAuthority
AuthorizationAuthority
Attack
  • Anyone can be authorized!
  • Attack the authority, and/or its administrators

14
Data Protection Compromises
Agent
Resource
Data
AuthenticationAuthority
KeyAuthority
Attack
AuthorizationAuthority
  • Any key can be recovered!
  • But data remains secure unless encrypted data
    also compromised

15
Data Protection Compromises
Agent
Resource
Attack
Data
AuthenticationAuthority
KeyAuthority
AuthorizationAuthority
  • Any encrypted data can be recovered!
  • But data remains secure unless keys also
    compromised

16
Compromise Resilience
Agent
Resource
Attack
Attack
Attack
Data
AuthenticationAuthority
KeyAuthority
Attack
Attack
AuthorizationAuthority
Attack
  • How do you mitigate the risk?
  • Resilience vs. resistance

17
Authentication Compromise Resilience
Agent
Resource
Data
AuthenticationAuthority
HomeAgent
  • Agents credentials should be short-lived and
    context-specific
  • Home agent supports agent in obtaining them
  • Resources credentials can be similarly
    strengthened

18
Authentication Compromise Resilience
Agent
Resource
Data
AuthenticationAuthority
HomeAgent
  • Authentication authoritys credentials and
    validation data should be short-lived
  • Master authority manages distribution of data
    and credentials

MasterAuthenticationAuthority
19
Authentication Compromise Resilience
Agent
Resource
Data
AuthenticationAuthority
HomeAgent
  • Multi-administrator and multi-authority
    approaches can also help

MasterAuthenticationAuthority
20
Authorization Compromise Resilience
Agent
Resource
Data
AuthorizationAuthority
  • Authorization authoritys credentials should be
    short-lived
  • Multi-administrator or -authority also helps

MasterAuthorizationAuthority
21
Data Protection Compromise Resilience
Agent
Resource
Data
KeyAuthority
KeyAuthority
KeyAuthority
KeyAuthority
  • Secret sharing reduces impact of compromise of
    one key authority
  • Trusted execution protects keys in field

22
Data Protection Compromise Resilience
Agent
Resource
Data
KeyAuthority
KeyAuthority
KeyAuthority
KeyAuthority
  • Proactive secret sharing maintains resilience
    by updating shares periodically
  • Distributed cryptography uses keys in split form

23
A Resilient Security ArchitectureAnticipating
compromise mitigates risk
Agent
Resource
Data
KeyAuthority
KeyAuthority
AuthenticationAuthority
KeyAuthority
AuthorizationAuthority
HomeAgent
MasterAuthenticationAuthority
MasterAuthorizationAuthority
24
Observations
  • Countermeasures such as short-lived,
    context-specific credentials, secret sharing
    limit impact of security compromises
  • The distributed nature of Web Information Systems
    facilitates such countermeasures
  • New components easily introduced into
    architecture
  • Web Information Systems can lead the industry in
    compromise resilience

25
Conclusion Two Questions
  • What do you call an attacker who compromises a
    Web Information System?
  • Answer a WISE-Cracker
  • What do you call a Web Information System that is
    resilient against such compromise?
  • Answer a Web Information System Engineered
    with Resilience

WISER
26
Contact Information
  • Burt KaliskiChief Scientist, RSA LaboratoriesVP
    Research, RSA Securitybkaliski_at_rsasecurity.comht
    tp//www.rsasecurity.com/rsalabs

27
About RSA Security
RSA Security is the expert in protecting
identities and digital assets. RSA Security
invented the core security technologies for the
Internet and continues to build on its 20 year
history of innovation. RSA Laboratories, a team
of 8 researchers and standards developers, is the
companys research center.
27
27
Write a Comment
User Comments (0)
About PowerShow.com
Home About Us Terms and Conditions Privacy Policy Presentation Removal Request Contact Us
Copyright 2024 CrystalGraphics, Inc. — All rights Reserved. PowerShow.com is a trademark of CrystalGraphics, Inc.
The PowerPoint PPT presentation: "Security for Web Information Systems: Towards CompromiseResilient Architectures" is the property of its rightful owner.
Do you have PowerPoint slides to share? If so, share your PPT presentation slides online with PowerShow.com. It's FREE!