1 / 28

A Security Framework for a World of Post-PC Clients and Infrastructure-based Services

A Security Framework for a World of Post-PC Clients and Infrastructure-based Services. Steven Ross, Jason Hill, Michael Chen, Anthony D. Joseph, David E. Culler, Eric A. Brewer Computer Science Division U.C. Berkeley {stevross, jhill, mikechen, adj, culler, brewer}@cs.berkeley.edu

moyle
Download Presentation

A Security Framework for a World of Post-PC Clients and Infrastructure-based Services

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. A Security Framework for a World of Post-PC Clients and Infrastructure-based Services Steven Ross, Jason Hill, Michael Chen, Anthony D. Joseph, David E. Culler, Eric A. Brewer Computer Science Division U.C. Berkeley {stevross, jhill, mikechen, adj, culler, brewer}@cs.berkeley.edu http://www.cs.berkeley.edu/~stevross

  2. Typical (Traditional) Internet Service The Internet HTTP/SSL • Assumes: • Private / trusted access device and software • Sufficient computational resources to secure connection and display content

  3. Scenario: Kiosks - Untrusted Endpoints Public (untrusted) computers will be pervasive Content filter hides private information Control filter limits operations performed Decrease the content value instead of increasing the security level

  4. Scenario: Low Power Info Appliances • Limited computational abilities • Low physical security • Low reliability • Limited input and display capabilities • Users have multiple devices

  5. Enable Secure Access from all Devices • Security is fundamental to Universal Computing • Tremendous diversity emerging • No pre-planning: wide array of services and clients • Info flowing over wide array of insecure links and clients • Key leverage: Composable Secure Services • Automating scalability and availability eases task authoring • Build new services from component services • Key Tool: Transcoding Operators • Adapt content, and security level to desired use

  6. Bridging the Gap Composable Security Framework PDA Stock Trading Trusted Infrastructure Kiosk Banking Cell Phone Mail Pager Laptop Desktop

  7. Content Transformers Composable Security Framework • Client Side • Decouple device I/O capabilities from services • New client transformer enables access existing content • Server Side • Transform content and control to canonical representation • Filtered by application logic • Easily rendered by client side content transformer PDA Stock Trading Trusted Infrastructure Kiosk Banking Cell Phone CTc CTs Mail Pager CT: Content Transformer Laptop Desktop

  8. Composable Security Framework PDA Stock Trading Trusted Infrastructure Kiosk SA Banking Cell Phone Mail Pager SA Laptop Desktop Security Adaptors • Secure channel in depends on device capabilities • Secure channel out depends on Internet service • Examples • Low power info appliance • International Kiosk CTc CTs SA: Security Adapter CT: Content Transformer

  9. Identity Service Identity Service Composable Security Framework • Secure repository • Key component for enabling access from untrusted endpoints • Critical level of indirection and information hiding • Mitigates problem of replicating identities • Promotes use of secure username/password pairs PDA Stock Trading Trusted Infrastructure Kiosk SA Banking Cell Phone CTc CTs Mail Pager SA SA: Security Adapter CT: Content Transformer Laptop Desktop

  10. Filter and Control Modifier Composable Security Framework • Identity Translation • Add new or remove existing control functionality • Add logout button • Remove ability to trade, write checks, drop class, etc. • Remove sensitive content • Account balances, email addresses, names PDA Stock Trading Trusted Infrastructure Kiosk SA Banking Cell Phone CTc CTs Mail FCM Pager SA SA: Security Adapter CT: Content Transformer FCM: Filter & Control Modifier Laptop Identity Service Desktop

  11. Illustration: Datek Access from Kiosk Composable Security Framework • Kiosk browser interacts with security adaptor Datek Trusted Infrastructure SA SSL SSL Kiosk CTc SA: Security Adapter CT: Content Transformer FCM: Filter & Control Modifier CTs FCM SA SSL Identity Service

  12. Illustration: Datek Access from Kiosk Composable Security Framework • HTTP request passed to FCM • no content transformer in prototype Datek Trusted Infrastructure SA SSL SSL Kiosk CTc SA: Security Adapter CT: Content Transformer FCM: Filter & Control Modifier CTs FCM SA SSL Identity Service

  13. Illustration: Datek Access from Kiosk Composable Security Framework • FCM authenticates pseudonym and one time password • Substitutes real identity Datek Trusted Infrastructure SA SSL SSL Kiosk CTc SA: Security Adapter CT: Content Transformer FCM: Filter & Control Modifier CTs FCM SA SSL User Identity Identity Service

  14. Illustration: Datek Access from Kiosk Composable Security Framework • FCM passes substituted data through to outgoing security adaptor Datek Trusted Infrastructure SA SSL SSL Kiosk CTc SA: Security Adapter CT: Content Transformer FCM: Filter & Control Modifier CTs FCM SA SSL User Identity Identity Service

  15. Illustration: Datek Access from Kiosk Composable Security Framework • SA communicates with Datek Service • FCM Filters all remaining traffic • Removes sensitive information: i.e. account name, email address • Performs control filtering: adds logout button Datek Trusted Infrastructure SA SSL SSL Kiosk SSL CTc SA: Security Adapter CT: Content Transformer FCM: Filter & Control Modifier CTs FCM SA SSL User Identity Identity Service

  16. Illustration: Datek Access from PDA Composable Security Framework • Pilot connects to security adaptor PDA Stock Trading Trusted Infrastructure SA Blowfish Blowfish SA: Security Adapter CT: Content Transformer FCM: Filter & Control Modifier CTc CTs FCM SA SSL Identity Service

  17. Illustration: Datek Access from PDA Composable Security Framework • Shared secret key identity verified PDA Stock Trading Trusted Infrastructure SA Blowfish SA: Security Adapter CT: Content Transformer FCM: Filter & Control Modifier CTc CTs FCM SA SSL Identity Service

  18. Illustration: Datek Access from PDA Composable Security Framework • Content transformer • simple pilot commands to http requests • html to plain text pilot app format PDA Stock Trading Trusted Infrastructure SA Blowfish SA: Security Adapter CT: Content Transformer FCM: Filter & Control Modifier CTc CTs FCM SA SSL Identity Service

  19. Illustration: Datek Access from PDA Composable Security Framework • FCM examines HTTP requests performs identity substitution PDA Stock Trading Trusted Infrastructure SA Blowfish SA: Security Adapter CT: Content Transformer FCM: Filter & Control Modifier CTc CTs FCM SA SSL User Identity Auth Client Identity Service

  20. Illustration: Datek Access from PDA Composable Security Framework • Modified packets sent to security adaptor PDA Stock Trading Trusted Infrastructure SA Blowfish SA: Security Adapter CT: Content Transformer FCM: Filter & Control Modifier CTc CTs FCM SA SSL User Identity Auth Client Identity Service

  21. Illustration: Datek Access from PDA Composable Security Framework • Security Adaptor establishes HTTPS connection to Datek service PDA Stock Trading Trusted Infrastructure SA Blowfish SA: Security Adapter CT: Content Transformer FCM: Filter & Control Modifier CTc CTs FCM SA SSL User Identity Auth Client Identity Service

  22. SA SA SA SA SA SA Composable Security Framework Composable Security Framework • Paths from devices to services canbe dynamically created • Multiple transcoders may be composed for a path PDA Stock Trading Trusted Infrastructure Kiosk CTc CTs Banking FCM Cell Phone CTc CTs Mail FCM Pager SA: Security Adapter CT: Content Transformer FCM: Filter & Control Modifier Laptop User Identity Auth Service Auth Client Identity Service Desktop

  23. Key Design Points • Security and Content both transformed • Security adaptors based on device capability and link • Information hiding based on device, user role, and link • Composing services • Trust model must be carefully considered • Extensible • New devices easily added by writing appropriate component if it doesn’t already exist • Scalability/ Fault Tolerance • Runs in Ninja distributed execution environment • Components replicated among nodes in cluster

  24. Other Applications Meta-trade environment Aggregation: provide most valuable composition of content Multi-user or manager account Owner of account can view all content Account manager only views selected pieces essential to role Example: Trade-bot only needs stock quotes and rules Account value, and private information hidden from Trade-bot Short lived and persistent pseudonyms Support sharing of PDAs Now have untrusted low power device Compose kiosk FCM and PDA components to handle scenario

  25. Security Assessment Untrusted endpoint May still alter information Identity Service A primary point to attack PDA Keys I/O methods limit strength of generated keys Dynamic Trust Model New Functionality added I.e. Citibank online payment User must explicitly grant functionality for each profile

  26. Future Work Implementation of additional content, control and security transformer Additional web services Other services IMAP, LDAP, e-commerce, etc Additional Devices Pagers, phones Development of common data change format for FCM XML for canonical representation, XSL for rendering to device

  27. Take-Away • New security requirements of Post-PC devices • Supports access from insecure endpoints • Precise control of information exposure (access device / role) • Composable Services in the infrastructure • New level of “programming” • Towards an Architecture for Universal Computing • Diverse concurrent development: 1 to many, meta-svcs, aggregation svcs • Many to one, heterogeneous clients • Eureka phenomenon • Most fundamental services probably yet to be discovered • Ex: identity service • Only find them by building the world and living in it

  28. A Security Framework for a World of Post-PC Clients and Infrastructure-based Services Steven Ross, Jason Hill, Michael Chen, Anthony D. Joseph, David E. Culler, Eric A. Brewer Computer Science Division U.C. Berkeley {stevross, jhill, mikechen, adj, culler, brewer}@cs.berkeley.edu http://www.cs.berkeley.edu/~stevross

More Related