categorizing analyzing managing third party trust
play

Categorizing, Analyzing, & Managing Third Party Trust Andy - PowerPoint PPT Presentation

Sep 21, 2023 •189 likes •1.15k views

Categorizing, Analyzing, & Managing Third Party Trust Andy Sayler TPRC44 10/01/16 The Internet By Randall Munroe, xkcd.com Third Party Services Questions What capabilities are we entrusting to third parties? What capabilities are we

  1. Categorizing, Analyzing, & Managing Third Party Trust Andy Sayler TPRC44 10/01/16

  2. The Internet

  3. By Randall Munroe, xkcd.com

  4. Third Party Services

  5. Questions

  6. What capabilities are we entrusting to third parties?

  7. What capabilities are we entrusting to third parties? How can this trust be violated?

  8. What capabilities are we entrusting to third parties? How can this trust be violated? Can we reduce the degree of required trust?

  9. What capabilities are we entrusting to third parties? How can this trust be violated? Can we reduce the degree of required trust? Can we reduce the likelihood of trust violations?

  10. Modeling Trust

  11. Degree of Trust (Capabilities) Types of Violation (Attacks)

  12. Degree of Trust (Capabilities) Types of Violation (Attacks)

  14. Degree of Trust Types of Violation Storage (S) Implicit (P) Access (R) Compelled (C) Manipulation (W) Unintentional (U) Meta-Analysis (M) Colluding (L)

  15. Degree of Trust Types of Violation Storage (S) Implicit (P) Access (R) Compelled (C) Manipulation (W) Unintentional (U) Meta-Analysis (M) Colluding (L)

  16. Degree of Trust Storage (S) Access (R) Manipulation (W) Meta-Analysis (M)

  17. Degree of Trust Storage (S) Can a third party faithfully store private user data and make it available to the user upon request? Access (R) Manipulation (W) Meta-Analysis (M)

  18. Degree of Trust Storage (S) Access (R) Can a third party read and interpret the private user data they store? Manipulation (W) Meta-Analysis (M)

  19. Degree of Trust Storage (S) Access (R) Manipulation (W) Can a third party modify the private user data to which they have access? Meta-Analysis (M)

  20. Degree of Trust Storage (S) Access (R) Manipulation (W) Meta-Analysis (M) Can a third party gather user metadata related to any stored private user data?

  21. Examples

  23. Storage (S)

  24. Storage (S) Access (R)

  25. Storage (S) Access (R) Manipulation (W)

  26. Storage (S) Access (R) Manipulation (W) Meta-Analysis (M)

  27. Storage (S) Access (R) Manipulation (W) Meta-Analysis (M)

  28. Storage (S) Access (R) Manipulation (W) Meta-Analysis (M)

  29. Degree of Trust Types of Violation Storage (S) Implicit (P) Access (R) Compelled (C) Manipulation (W) Unintentional (U) Meta-Analysis (M) Colluding (L)

  30. Degree of Trust Types of Violation Storage (S) Implicit (P) Access (R) Compelled (C) Manipulation (W) Unintentional (U) Meta-Analysis (M) Colluding (L)

  31. Types of Violation Implicit (P) Compelled (C) Unintentional (U) Colluding (L)

  32. Types of Violation Implicit (P) Occurs when a third party violates a user’s trust in a manner approved by the third party. Compelled (C) Unintentional (U) Colluding (L)

  33. Types of Violation Implicit (P) Compelled (C) Occurs when a third party is compelled by another actor to violate a user’s trust. Unintentional (U) Colluding (L)

  34. Types of Violation Implicit (P) Compelled (C) Unintentional (U) Occurs when a third party unintentionally violates a user’s trust. Colluding (L)

  35. Types of Violation Implicit (P) Compelled (C) Unintentional (U) Colluding (L) Occurs when multiple trusted parties collude to gain capabilities beyond what the user intended each to have.

  36. Examples

  37. Implicit Violations

  38. Implicit Violations

  39. Implicit Violations

  40. Compelled Violations

  41. Compelled Violations

  42. Unintentional Violations

  43. Unintentional Violations

  44. Collusion Violations

  45. Collusion Violations ?

  46. Managing Trust

  47. Degree of Trust Types of Violation Storage (S) Implicit (P) Access (R) Compelled (C) Manipulation (W) Unintentional (U) Meta-Analysis (M) Colluding (L)

  48. Degree of Trust Types of Violation Storage (S) Implicit (P) Access (R) Compelled (C) Manipulation (W) Unintentional (U) Meta-Analysis (M) Colluding (L)

  49. Storage (S) Access (R) Manipulation (W) Meta-Analysis (M)

  50. Storage (S) Access (R) Manipulation (W) Meta-Analysis (M)

  51. Storage (S) Access (R) Manipulation (W) Meta-Analysis (M)

  52. Trust Surplus Access (R) Manipulation (W)

  53. Traditional Trust Model Feature Provider Storage (S) User Data Access (R) Unrestricted Manipulation (W) Access Meta-Analysis (M) Full Features Trust

  54. Client Trust Model Feature Provider Encrypted Storage (S) User Data Access (R) Controlled Access Manipulation (W) by Proxy Meta-Analysis (M) Minimal Features Trust

  55. Distributed Trust Model Feature Provider Encrypted User Data Controlled Secret Storage Access by Proxy Provider Controlled Access Secrets Storage (S) Features Access (R) Minimal Manipulation (W) Trust Meta-Analysis (M)

  56. Distributed Trust Model Secret Storage Feature Provider Providers Encrypted Controlled User Data Access Secret Shard Controlled Access by Proxy Controlled Access Secret Shard Storage (S) Features Access (R) Minimal Manipulation (W) Trust Meta-Analysis (M)

  57. Distributed Trust Model

  58. Distributed Trust Model

  59. Distributed Trust Model

  60. Degree of Trust Types of Violation Storage (S) Implicit (P) Access (R) Compelled (C) Manipulation (W) Unintentional (U) Meta-Analysis (M) Colluding (L)

  61. Degree of Trust Types of Violation Storage (S) Implicit (P) Access (R) Compelled (C) Manipulation (W) Unintentional (U) Meta-Analysis (M) Colluding (L)

  62. Distributed Trust Markets

  63. Distributed Trust Markets Storage Provider Storage Provider Storage Provider Secret Secret Secret Shard Shard Shard

  64. Digital Due Process

  65. Digital Due Process Feature Provider Encrypted User Data Secret Storage Provider Secrets Third Party Doctrine

  66. Digital Due Process Feature Provider Encrypted User Data Secret Storage Provider Secrets Warrant Third Party Doctrine

  67. Alternatively...

  68. Alternatively... Jurisdictional Arbitrage

  69. Third Party Liability

  70. Third Party Liability Storage Provider Secrets Liability

  71. Third Party Liability Storage Provider Secrets Liability Insurance

  72. Third Party Liability $$$ ? Secrets Liability Insurance

  73. Third Party Liability $$$ ??? Secret Shard Secret Shard Liability Insurance

  74. Third Party Liability Declare $$$ Secret Shard Secret Shard Liability Insurance

  75. Conclusion

  76. What capabilities are we entrusting to third parties? How can this trust be violated? Can we reduce the degree of required trust? Can we reduce the likelihood of trust violations?

  77. Thank You

  78. Questions?

  79. Extra Slides

  80. Storage (S) Access (R) Manipulation (W) Meta-Analysis (M)

  81. Storage (S) Access (R) Manipulation (W) Meta-Analysis (M)

  82. Storage (S) Access (R) Manipulation (W) Meta-Analysis (M)

  83. Compelled Violations

  84. Compelled Violations

  88. Application Storage Access Manipulation Meta-analysis Score Dropbox Full Full Full Full 12 Tresorit Full Partial Partial Full 10 Facebook Full Full Full Full 12 Gmail Full Full Full Full 12 PGP/GPG Full None None Full 6 Hangouts Full Full Full Full 12 TextSecure Full None None Minimal 4 LastPass Full Minimal Full Full 10 Amazon EC2 Full Full Full Full 12 Single SSP Full Partial Partial Full 10 Multiple SSPs Partial Minimal Minimal Partial 6 Degree of Third Party Trust Across Capabilities None Minimal Partial Full 0 1 2 3 Increasing Trust

  89. Application Storage Access Manipulation Meta-analysis Score Dropbox Full Full Full Full 12 Tresorit Full Partial Partial Full 10 Facebook Full Full Full Full 12 Gmail Full Full Full Full 12 PGP/GPG Full None None Full 6 Hangouts Full Full Full Full 12 TextSecure Full None None Minimal 4 LastPass Full Minimal Full Full 10 Amazon EC2 Full Full Full Full 12 Single SSP Full Partial Partial Full 10 Multiple SSPs Partial Minimal Minimal Partial 6 Degree of Third Party Trust Across Capabilities None Minimal Partial Full 0 1 2 3 Increasing Trust

  90. Application Storage Access Manipulation Meta-analysis Score Dropbox Full Full Full Full 12 Tresorit Full Partial Partial Full 10 Facebook Full Full Full Full 12 Gmail Full Full Full Full 12 PGP/GPG Full None None Full 6 Hangouts Full Full Full Full 12 TextSecure Full None None Minimal 4 LastPass Full Minimal Full Full 10 Amazon EC2 Full Full Full Full 12 Single SSP Full Partial Partial Full 10 Multiple SSPs Partial Minimal Minimal Partial 6 Degree of Third Party Trust Across Capabilities None Minimal Partial Full 0 1 2 3 Increasing Trust

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Supreme Leader Pulkit Party!!!!!! Party!!!!!! Just us Party!!!!!! What we have done

Supreme Leader Pulkit Party!!!!!! Party!!!!!! Just us Party!!!!!! What we have done

Supreme Leader Pulkit Party!!!!!! Party!!!!!! Just us Party!!!!!! What we have done Party!!!!!! Party!!!!!! Curling Orientation Party!!!!!! Party!!!!!! Party!!!!!! National day parade Airport picking-uping Party!!!!!!

1.18k views • 69 slides
Australian Pipeline Trust Australian Pipeline Trust Managing Directors Managing Directors

Australian Pipeline Trust Australian Pipeline Trust Managing Directors Managing Directors

Australian Pipeline Trust Australian Pipeline Trust Managing Directors Managing Directors Presentation Presentation Jim McDonald Sydney, 20 October, 2004 Agenda Agenda Operational Review Acquisition of the Southern Cross

722 views • 20 slides
2011 Delaware Trust Conference Options for Managing Trust Transfer Risk: A Practical Discussion

2011 Delaware Trust Conference Options for Managing Trust Transfer Risk: A Practical Discussion

A Presentation For The 2011 Delaware Trust Conference Options for Managing Trust Transfer Risk: A Practical Discussion on the Risks Involved in Determining Whether to Reform, Decant or Amend and Existing Trust when Moving it to Delaware Michael

338 views • 20 slides
Secure Multi-Party Computation Lecture 15 Must We Trust ? Must We Trust ? Can

Secure Multi-Party Computation Lecture 15 Must We Trust ? Must We Trust ? Can

Secure Multi-Party Computation Lecture 15 Must We Trust ? Must We Trust ? Can we have an auction without an auctioneer?! Must We Trust ? Can we have an auction without an auctioneer?! Must We Trust ? Can we

1.44k views • 114 slides
On a New Approach for Analyzing and Managing Macrofinancial Risks Robert C. Merton, PhD, School

On a New Approach for Analyzing and Managing Macrofinancial Risks Robert C. Merton, PhD, School

On a New Approach for Analyzing and Managing Macrofinancial Risks Robert C. Merton, PhD, School of Management Distinguished Professor of Finance, Massachusetts Institute of Technology, and Resident Scientist, Dimensional Holdings, Inc.

568 views • 22 slides
CLUSTERING AND CATEGORIZING A n a l y z i n g Q u a l i t a t i ve D a t a CODE DEVELOPMENT

CLUSTERING AND CATEGORIZING A n a l y z i n g Q u a l i t a t i ve D a t a CODE DEVELOPMENT

Sren Knudsen CLUSTERING AND CATEGORIZING A n a l y z i n g Q u a l i t a t i ve D a t a CODE DEVELOPMENT CODING SORTING SYTHESIZING THEORIZING Codes Categories Themes Theory Specific Abstract / General - adapted from

364 views • 25 slides
CLUSTERING AND CATEGORIZING A n a l y z i n g Q u a l i t a t i ve D a t a CODE DEVELOPMENT

CLUSTERING AND CATEGORIZING A n a l y z i n g Q u a l i t a t i ve D a t a CODE DEVELOPMENT

Sren Knudsen CLUSTERING AND CATEGORIZING A n a l y z i n g Q u a l i t a t i ve D a t a CODE DEVELOPMENT CODING SORTING SYTHESIZING THEORIZING Codes Categories Themes Theory Specific Abstract / General - adapted from

506 views • 24 slides
Natural Language Processing with Python CS372: Spring, 20 15 Lecture 12 Categorizing and

Natural Language Processing with Python CS372: Spring, 20 15 Lecture 12 Categorizing and

Natural Language Processing with Python CS372: Spring, 20 15 Lecture 12 Categorizing and Tagging Words Jong C. Park Department of Computer Science Korea Advanced Institute of Science and Technology CATEGORIZING AND TAGGING WORDS Using a

688 views • 34 slides
Trust Forum Nassau, Bahamas Process of Analyzing Suspicious Transactions Reports Presented By:

Trust Forum Nassau, Bahamas Process of Analyzing Suspicious Transactions Reports Presented By:

Association of International Banks and Trust Forum Nassau, Bahamas Process of Analyzing Suspicious Transactions Reports Presented By: Mrs. Joann Fritz-Creary Legal Counsel and Training Officer (FIU) 13 th April 2016 Property of the

937 views • 11 slides
Secure Multi-Party Computation Lecture 13 Must We Trust ? Can we have an auction

Secure Multi-Party Computation Lecture 13 Must We Trust ? Can we have an auction

Secure Multi-Party Computation Lecture 13 Must We Trust ? Can we have an auction without an auctioneer?! Declared winning bid should be correct Only the winner and winning bid should be revealed Using data without sharing?

446 views • 20 slides
Liquidation and Litigation Trusts Structuring the Entity Agreement, Managing the Trust, and

Liquidation and Litigation Trusts Structuring the Entity Agreement, Managing the Trust, and

Presenting a live 90-minute webinar with interactive Q&A Representing Bankruptcy Post-Confirmation Liquidation and Litigation Trusts Structuring the Entity Agreement, Managing the Trust, and Representing the Trust as General or Special

1.02k views • 52 slides
JNCF 2017 2017/01/20 Private Multi-party Matrix Multiplication and Trust Computations

JNCF 2017 2017/01/20 Private Multi-party Matrix Multiplication and Trust Computations

1 2 JNCF 2017 2017/01/20 Private Multi-party Matrix Multiplication and Trust Computations Jean-Guillaume Dumas 1 ; Pascal Lafourcade 2 ; Jean-Baptiste Orfila 1 ; Maxime Puys 1 1 Public Key Infrastructure Alice wants to securely reach a

838 views • 60 slides
Multi-Party Construction Defect Litigation Managing Discovery, Allocating Liability and Damages,

Multi-Party Construction Defect Litigation Managing Discovery, Allocating Liability and Damages,

Presenting a live 90-minute webinar with interactive Q&A Multi-Party Construction Defect Litigation Managing Discovery, Allocating Liability and Damages, Avoiding Ethical Pitfalls TUES DAY, MARCH 6, 2012 1pm East ern | 12pm Cent ral

1.21k views • 82 slides
DE TRUST CONFERENCE 2017 The Price is Right: Managing Inherited Art and Other Collectibles within

DE TRUST CONFERENCE 2017 The Price is Right: Managing Inherited Art and Other Collectibles within

DE TRUST CONFERENCE 2017 The Price is Right: Managing Inherited Art and Other Collectibles within a Trust 1 Overall Market Growth Global Art market - $20 billion in 2003 to $56 billion in 2016 Increase in total art sales of 60% between

543 views • 23 slides
Evidence to All Party Parliamentary Group on British Muslims Omar Khan, Director, Runnymede Trust

Evidence to All Party Parliamentary Group on British Muslims Omar Khan, Director, Runnymede Trust

Evidence to All Party Parliamentary Group on British Muslims Omar Khan, Director, Runnymede Trust Islamophobia is anti-Muslim racism I am very happy to be speaking here today and thank the APPG and its co-chairs for this opportunity, and the

276 views • 6 slides
A Framework for Managing and Analyzing Changes of Security Policies Achim D. Brucker Helmut

A Framework for Managing and Analyzing Changes of Security Policies Achim D. Brucker Helmut

A Framework for Managing and Analyzing Changes of Security Policies Achim D. Brucker Helmut Petritsch { achim.brucker, helmut.petritsch } @sap.com SAP Research Karlsruhe Germany IEEE International Symposium on Policies for Distributed Systems

662 views • 17 slides
FinTech Workshop No. 1: Blockchain Brussels, Nov. 14 th - 2017 Prof. Dr. Rainer Lenz Technology

FinTech Workshop No. 1: Blockchain Brussels, Nov. 14 th - 2017 Prof. Dr. Rainer Lenz Technology

FinTech Workshop No. 1: Blockchain Brussels, Nov. 14 th - 2017 Prof. Dr. Rainer Lenz Technology > Individual > Society Technology Technology Individual Applications Communication Computer Search/Exchange of Change of

95 views • 8 slides
1 2 Overview What is the blockchain? How does it work? Why is there so much interest? Some

1 2 Overview What is the blockchain? How does it work? Why is there so much interest? Some

1 2 Overview What is the blockchain? How does it work? Why is there so much interest? Some example applications Implications of blockchain technology 3 The Blockchain A digital ledger that records the transfer of digital assets. But also

579 views • 36 slides
Special Topics in Cryptography Mohammad Mahmoody Logistics Most submitted PS3. If you have

Special Topics in Cryptography Mohammad Mahmoody Logistics Most submitted PS3. If you have

Special Topics in Cryptography Mohammad Mahmoody Logistics Most submitted PS3. If you have not you will get delay, but email it to me ASAP. Deadline for project reports/drafts + slides : This Thursday 5pm. There will be a collab post for

348 views • 19 slides
Jan Mller Co-founder, CTO Chainalysis How Does Bitcoin Actually Work? This talk is not

Jan Mller Co-founder, CTO Chainalysis How Does Bitcoin Actually Work? This talk is not

Jan Mller Co-founder, CTO Chainalysis How Does Bitcoin Actually Work? This talk is not about the poli:cal or economical impact of Bitcoin. This talk is not about how to buy, sell, spend, or secure your bitcoins. This talk is about

1.14k views • 41 slides
Jan Mller Co-founder, CTO Chainalysis How Does Bitcoin Actually Work?

Jan Mller Co-founder, CTO Chainalysis How Does Bitcoin Actually Work?

Jan Mller Co-founder, CTO Chainalysis How Does Bitcoin Actually Work? This talk is not about the poli:cal or economical impact of Bitcoin. This talk is

862 views • 40 slides
Yarrping the Internet Robert Beverly Naval Postgraduate School February 12, 2016 Active

Yarrping the Internet Robert Beverly Naval Postgraduate School February 12, 2016 Active

Yarrping the Internet Robert Beverly Naval Postgraduate School February 12, 2016 Active Internet Measurements (AIMS) Workshop R. Beverly (NPS) Yarrp AIMS 2016 1 / 17 Motivation Active Topology Probing Years (and years) of prior work on

577 views • 19 slides
Tutorial Slides for Week 4 ENEL 353: Digital Circuits Fall 2013 Term Steve Norman, PhD, PEng

Tutorial Slides for Week 4 ENEL 353: Digital Circuits Fall 2013 Term Steve Norman, PhD, PEng

Tutorial Slides for Week 4 ENEL 353: Digital Circuits Fall 2013 Term Steve Norman, PhD, PEng Electrical & Computer Engineering Schulich School of Engineering University of Calgary 1 October, 2013 slide 2/8 ENEL 353 F13 T02 Tutorial

117 views • 8 slides
Gossip Peer Sampling in Real World Amir H. Payberah (amir@sics.se) Amir H. Payberah 22 June

Gossip Peer Sampling in Real World Amir H. Payberah (amir@sics.se) Amir H. Payberah 22 June

Gossip Peer Sampling in Real World Amir H. Payberah (amir@sics.se) Amir H. Payberah 22 June 2010 1/55 Gossip Peer Sampling Amir H. Payberah 22 June 2010 2/55 Peer Sampling Service The peer sampling service provides each node with

597 views • 55 slides

More recommend