1 / 8

SEVA: Securing Extranets

SEVA: Securing Extranets. Yves ROUDIER, Refik MOLVA Institut Eurécom. http://www.eurecom.fr/~nsteam/SEVA/. Extranets: Deployment Issues. "client" intranet. "server" intranet. ?. User. User Management. User. User. Network Access Control. Application Access Control. HTTP request.

cynara
Download Presentation

SEVA: Securing Extranets

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. SEVA: Securing Extranets Yves ROUDIER, Refik MOLVA Institut Eurécom http://www.eurecom.fr/~nsteam/SEVA/

  2. Extranets: Deployment Issues "client" intranet "server" intranet ? User UserManagement User User NetworkAccess Control ApplicationAccess Control HTTP request client(browser) server(web) firewall ? ?

  3. SEVA: Overview • Automated management of access control • configuration and collaboration of security devices • delegation + role based access control • Transparent mechanism • retrofitting clients / servers without modification • using a remote network like a local one • Strong security • cryptographic mechanisms • fine grained authorizations and resource scoping

  4. SEVA: Overall Architecture "client" intranet "server" intranet Initial Agreement(Role-Based Delegation) groups of resources Roles Defines Access Control rules - fine grained - application-level client(browser) server(web) Transparent and automatedenforcement

  5. User Interface "client" intranet "server" intranet • Transparent protection • unmodified client / server software • operation similar to local server • yet strong security • materialized by smartcard • enforced through traffic tagging Smartcard KS Updateaccess rights firewall client(browser) server(web) Traffic tagginglayer

  6. HTTP request HTTP request Traffic Tagging "client" intranet "server" intranet • Network-Level Access Control • stream authentication • Application-Level Access Control: • fine granularity (resource + operation) • application level • Lightweight Tagging • one-way function Traffic tagging Tag verification (access control) client(browser) server(web) firewall

  7. SEVA: Current Status • Working Prototype • Traffic tagging • Application-level verification mechanism • Role management and delegation • Resource management and scoping • Embedded technologies • SPKI • Handle System • Java Card • cryptography: Cryptix (Java), Cryptlib (C), GemXpresso

  8. Summary: Classical vs. SEVA Extranets • Access Control Management • identity / delegation+role • coarse / fine-grained • Access Control Location • definition: network+application / application only • enforcement: network+application / network only • Access Control Enforcement • configuration: manual / automated • user authentication: explicit / transparent

More Related