Скачать презентацию SEVA Securing Extranets Yves ROUDIER Refik MOLVA Institut Скачать презентацию SEVA Securing Extranets Yves ROUDIER Refik MOLVA Institut

c3cbc7a0a89ddf6f85baac0c9771616e.ppt

  • Количество слайдов: 8

SEVA: Securing Extranets Yves ROUDIER, Refik MOLVA Institut Eurécom http: //www. eurecom. fr/~nsteam/SEVA/ SEVA: Securing Extranets Yves ROUDIER, Refik MOLVA Institut Eurécom http: //www. eurecom. fr/~nsteam/SEVA/

Extranets: Deployment Issues Extranets: Deployment Issues "client" intranet User "server" intranet ? User Management Network Access Control client (browser) Application Access Control HTTP request ? firewall server (web) ?

SEVA: Overview n Automated management of access control – configuration and collaboration of security SEVA: Overview n Automated management of access control – configuration and collaboration of security devices – delegation + role based access control n Transparent mechanism – retrofitting clients / servers without modification – using a remote network like a local one n Strong security – cryptographic mechanisms – fine grained authorizations and resource scoping

SEVA: Overall Architecture SEVA: Overall Architecture "client" intranet Initial Agreement (Role-Based Delegation) Roles "server" intranet groups of resources Defines client (browser) Access Control rules - fine grained - application-level Transparent and automated enforcement server (web)

User Interface User Interface "client" intranet Transparent protection "server" intranet -unmodified client / server software -operation similar to local server yet strong security -materialized by smartcard -enforced through traffic tagging Smartcard KS Update access rights firewall client (browser) Traffic tagging layer server (web)

Traffic Tagging Traffic Tagging "client" intranet "server" intranet Lightweight Tagging Network-Level Access Control -stream authentication -one-way function Application-Level Access Control: -fine granularity (resource + operation) -application level Traffic tagging HTTP request Tag verification (access control) HTTP request client (browser) firewall server (web)

SEVA: Current Status n Working Prototype – – n Traffic tagging Application-level verification mechanism SEVA: Current Status n Working Prototype – – n Traffic tagging Application-level verification mechanism Role management and delegation Resource management and scoping Embedded technologies – – SPKI Handle System Java Card cryptography: Cryptix (Java), Cryptlib (C), Gem. Xpresso

Summary: Classical vs. SEVA Extranets n Access Control Management – identity / delegation+role – Summary: Classical vs. SEVA Extranets n Access Control Management – identity / delegation+role – coarse / fine-grained n Access Control Location – definition: network+application / application only – enforcement: network+application / network only n Access Control Enforcement – configuration: manual / automated – user authentication: explicit / transparent