delega te
play

DELEGA TE TEE : Brokered Delegation DELE Using Trusted Execution - PowerPoint PPT Presentation

Nov 08, 2022 •405 likes •596 views

DELEGA TE TEE : Brokered Delegation DELE Using Trusted Execution Environments Sinisa Matetic and Moritz Schneider, ETH Zurich ; Andrew Miller, UIUC ; Ari Juels, Cornell Tech ; Srdjan Capkun, ETH Zurich CSC 6991 Presented by: Shikha Sikligar

  1. DELEGA TE TEE : Brokered Delegation DELE Using Trusted Execution Environments Sinisa Matetic and Moritz Schneider, ETH Zurich ; Andrew Miller, UIUC ; Ari Juels, Cornell Tech ; Srdjan Capkun, ETH Zurich CSC 6991 Presented by: Shikha Sikligar

  2. Overview • Background • Introduction • Problem Statement • DELEGA TEE • Security Analysis • Implementation • Performance Analysis • Limitations • Conclusion

  3. Background • Brokered Delegation – allows user’s to flexibly share and delegate access, without requiring explicit support from service providers • New type of delegation restricted under policy enforcements by a TEE enclave • Trusted Execution Environments (TEEs) - a secure area inside a main processor • Emergence of TEEs, such as Intel SGX, enables an alternative way to achieve delegation without trust between the Owner and Delegatee

  4. Introduction • Many online services either have limited support or no support for delegation • Delegation – the ability to share a portion of one’s authority with another • Delegation allows user’s to safely and selectively secure online accounts and services • Researcher’s created DELEGA TEE • Provides brokered delegation for many existing web services

  5. Problem Statement • Two major motivations: • To demonstrate the many settings in which brokered delegation gives rise to new functionality • To demonstrate how trusted hardware TEEs can transform any mandatory access control policy within online services into a discretionary one • DELEGA TEE allows users to delegate authority • Challenge: Without backend support two possible strategies • Owner remains online and mediate requests • Owner provides Delegatee with a resource for unmediated access

  6. DELEGA TEE Owner’s TEEs / Intel Delegation Web Credentials SGX Policy Service

  7. DELEGA TEE • Decentralized Peer-to-Peer System • A system in which a Delegatee uses brokered credentials to execute secure enclaves

  8. DELEGA TEE • Centralized Broker System • A system which operates through a third party

  9. DELEGA TEE System Design Details • DELEGATEE supports both identity-based (non-anonymous) and anonymous use models • Identity-based model • Anonymous model • Policy Creations and Enforcement • Aim to prevent attackers from modifying the policies or changing the enforcement • Burden remains on the Owner to choose an appropriate access control policy

  10. Security Analysis • Main security proprieties that DELEGATEE will ensure • Owner’s access credentials remain confidential • The use of the delegated credentials is defined by the access control policy which will not be violated. • Use of the credentials should only be granted to the intended Delegatee, as authorized by the Owner • DELEGA TEE system is designed in a way that breaking the SGX protection mechanism on an arbitrary enclave will not weaken the system • Attacker will need to break the exact enclave running DELEGATEE

  11. Implementation • DELEGATEE was implemented on four service specific enclaves • Mail • PayPal • Credit card/e-banking • Full website access • An additional enclave was implemented to authenticate users and store credentials • A browser extension was implemented to communicate with the Centrally Brokered system and Delegatee

  12. Implementation - Mail • DELEGATEE implemented in the mail enclave

  13. Implementation - PayPal • DELEGATEE was implemented using the no javascript fallback mechanism from PayPal • Tested using PayPal’s sandbox and real-world environment • Browser extension allows the user to choose DELEGATEE at checkout

  14. Implementation – Credit Card/E-Banking • Similar to the implementation of the PayPal enclave • Upon checkout the browser extension is triggered if a payment form is avaiable

  15. Implementation – Full Website Access • Implemented a HTTPS proxy enclave using cookies to set the correct host name and parse through requests

  16. Performance Analysis • Conducted on two i7-7700 machines with 16 GB RAM, connected via the internet and local network • Can serve up to 100 users • Mail, PayPal, Credit Card, and Full Website Access performed well • Testing conducted on streaming websites, such as Netflix, was the same to normal streaming

  17. Limitations • Development of a generic module to support a variety of services • Authentication challenges • Two-Step Authentication • IP Address changes • Simultaneous login attempts • Bandwidth to support video streaming • Secondary markets

  18. Conclusion • Proposed a new concept called Broker Delegation, which uses TEEs to enable flexible delegation • Implementation and experiments show that DELEGATEE can be applied to real-world applications • DELEGATEE runs with minimal overhead and preserves security against a strong attacker

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

New gTLD Pre-Delega.on Tes.ng 1 Agenda PDT

New gTLD Pre-Delega.on Tes.ng 1 Agenda PDT

New gTLD Pre-Delega.on Tes.ng 1 Agenda PDT Overview PDT Process PDT Status Update Preparing for PDT Communica.ons Q & A

465 views • 27 slides
Sister'Ci)es'and'Opportunity:' Open'World'Program' August'15,'2015'

Sister'Ci)es'and'Opportunity:' Open'World'Program' August'15,'2015'

Sister'Ci)es'and'Opportunity:' Open'World'Program' August'15,'2015' SoCal'Sister'Ci)es'Conference' San'Diego,'California' David'Edick'Jr.' ' Open'World'' Ocean'Science' 'Delega)on' From'Vladivostok,'Russia' April'24''May'2,'2015'

313 views • 19 slides
employee salaries & benefits Commission on Employee Retirement Security & Pension Reform

employee salaries & benefits Commission on Employee Retirement Security & Pension Reform

Octob ober 2016 Prior JLARC studies of state employee salaries & benefits Commission on Employee Retirement Security & Pension Reform JLARC is a joint commission with 15 members General Assembly Senate House e of Delega egates

533 views • 24 slides
Whistle-Blowing 1 Whistleblowing Disclosure, using other than approved organizational

Whistle-Blowing 1 Whistleblowing Disclosure, using other than approved organizational

Whistle-Blowing 1 Whistleblowing Disclosure, using other than approved organizational channels, of wrongdoing to someone in a position to take action. disclosure: information intentionally conveyed channels: chain of command,

429 views • 12 slides
Swiss cheese security or the real challenges faced by internet facing companies About me

Swiss cheese security or the real challenges faced by internet facing companies About me

Swiss cheese security or the real challenges faced by internet facing companies About me Almost 20 years in information security / hacking OWASP Project leader Latest research interests: Large scale RSA crypto survey

691 views • 49 slides
The Tor Project, Inc. Our mission is to be the global resource for technology, advocacy, research

The Tor Project, Inc. Our mission is to be the global resource for technology, advocacy, research

The Tor Project, Inc. Our mission is to be the global resource for technology, advocacy, research and education in the ongoing pursuit of freedom of speech, privacy rights online, and censorship circumvention. 1 Alice makes a session key with

741 views • 37 slides
Security Risks to Third-Party Genetic Genealogy Services Peter Ney , Luis Ceze, Tadayoshi Kohno

Security Risks to Third-Party Genetic Genealogy Services Peter Ney , Luis Ceze, Tadayoshi Kohno

Security Risks to Third-Party Genetic Genealogy Services Peter Ney , Luis Ceze, Tadayoshi Kohno Direct-to-Consumer (DTC) Genetic Testing and Analysis DTC Testing Company Genetic Interpretation 23andMe Health, Ethnicity, Relative Prediction,

620 views • 34 slides
Anonymous Personalization Without Leaving Drupal by Mike Lander Michael Lander Technical

Anonymous Personalization Without Leaving Drupal by Mike Lander Michael Lander Technical

DrupalCon Seattle 2019 Anonymous Personalization Without Leaving Drupal by Mike Lander Michael Lander Technical Director @ Elevated Third D.O.: @michaellander Twitter: @MikeLand3r Drupal Slack: @michaellander What is personalization?

458 views • 32 slides
Drug Testing and Marijuana in the New England Workplace Presented by: Charlie Einsiedler and

Drug Testing and Marijuana in the New England Workplace Presented by: Charlie Einsiedler and

Drug Testing and Marijuana in the New England Workplace Presented by: Charlie Einsiedler and Dan Strader October 11, 2018 Overview of Presentation What laws apply in each state? May employers prohibit use in and/ or outside

659 views • 41 slides
Verifying, testing and running smart contracts in ConCert Danil Annenkov, Mikkel Milo, Jakob

Verifying, testing and running smart contracts in ConCert Danil Annenkov, Mikkel Milo, Jakob

Verifying, testing and running smart contracts in ConCert Danil Annenkov, Mikkel Milo, Jakob Botsch Nielsen and Bas Spitters Aarhus University, Concordium Blockchain Research Center The Coq Workshop 2020, July 6 #1 Danil Annenkov, Mikkel Milo,

607 views • 28 slides
Continuous Kubernetes Security @sublimino and @controlplaneio Im: - Andy - Dev-like -

Continuous Kubernetes Security @sublimino and @controlplaneio Im: - Andy - Dev-like -

Continuous Kubernetes Security @sublimino and @controlplaneio Im: - Andy - Dev-like - Sec-ish - Ops-y Is this Kubernetes cluster secure? EPIC FAIL GIF How secure is Kubernetes? What this Kubernetes talk is about Common Pwns

1.18k views • 113 slides
Towards Refactoring-Aware Regression Test Selection Kaiyuan Wang , Chenguang Zhu, Ahmet Celik,

Towards Refactoring-Aware Regression Test Selection Kaiyuan Wang , Chenguang Zhu, Ahmet Celik,

Towards Refactoring-Aware Regression Test Selection Kaiyuan Wang , Chenguang Zhu, Ahmet Celik, Jongwook Kim, Don Batory, Milos Gligoric Funded in part by the US National Science Foundation and a Google Faculty Research Award 1 Regression

783 views • 31 slides
Computational Integrity with a Public Random String from Quasi-Linear PCPs Michael Riabzev

Computational Integrity with a Public Random String from Quasi-Linear PCPs Michael Riabzev

Goal Other approaches SCI overview Under the hood Measurements Acknowledgment Summary Computational Integrity with a Public Random String from Quasi-Linear PCPs Michael Riabzev Technion - Israel Institute of Technology EUROCRYPT 2017

469 views • 46 slides
Mixminion a best-of-breed anonymous remailer (systems track) Nick Mathewson, Roger Dingledine

Mixminion a best-of-breed anonymous remailer (systems track) Nick Mathewson, Roger Dingledine

Mixminion a best-of-breed anonymous remailer (systems track) Nick Mathewson, Roger Dingledine The Free Haven Project {nickm,arma}@freehaven.net Scope Introduction to anonymity How we got started Introduction to mix-nets

649 views • 27 slides
Intervention, and Referral to Treatment Tool Cindy Clouner HECAOD Powered by: The Ohio State

Intervention, and Referral to Treatment Tool Cindy Clouner HECAOD Powered by: The Ohio State

5/24/2018 ScreenU: Exploring a Screening, Brief Intervention, and Referral to Treatment Tool Cindy Clouner HECAOD Powered by: The Ohio State University The audio is by default through your computers speakers. If you would like to call

670 views • 19 slides
Privacy in Bitcoin On the Effectiveness of Clustering Jonas Nick March 15, 2016 Privacy in

Privacy in Bitcoin On the Effectiveness of Clustering Jonas Nick March 15, 2016 Privacy in

Bitcoin Clustering P2P wallet leak Analysis Conclusion Privacy in Bitcoin On the Effectiveness of Clustering Jonas Nick March 15, 2016 Privacy in Bitcoin Jonas Nick 1/34 Bitcoin Clustering P2P wallet leak Analysis Conclusion Privacy

1.22k views • 96 slides
? ! Richard Atterer , Albrecht Schmidt Recruit regular site How to make visitors as test users!

? ! Richard Atterer , Albrecht Schmidt Recruit regular site How to make visitors as test users!

Tracking the Interaction of Users with AJAX Applications for Usability Testing ? ! Richard Atterer , Albrecht Schmidt Recruit regular site How to make visitors as test users! usability tests of Use AJAX technology websites easier to record

332 views • 10 slides
Tails: Security, Maintainability and Usability Pick three! Julien Voisin Jrme Boursier

Tails: Security, Maintainability and Usability Pick three! Julien Voisin Jrme Boursier

Tails: Security, Maintainability and Usability Pick three! Julien Voisin Jrme Boursier July 4, 2016 Nuit du Hack Who are we ? Who are we ? Julien Voisin Radare2 NBS-System dustri.org Jrme Boursier AdwCleaner

1.53k views • 94 slides
Inf1-OP Bonus Lecture - JUnit, Lambdas and Streams Volker Seeker School of Informatics March

Inf1-OP Bonus Lecture - JUnit, Lambdas and Streams Volker Seeker School of Informatics March

Inf1-OP Bonus Lecture - JUnit, Lambdas and Streams Volker Seeker School of Informatics March 20, 2019 Automatic Testing with JUnit Test Driven Development Source: https://dzone.com/articles/what-is-refactoring Simple Calculator Calculator

1.09k views • 45 slides
Human-Computer Interaction 12. Evaluating User Interface (3) Dr. Sunyoung Kim School of

Human-Computer Interaction 12. Evaluating User Interface (3) Dr. Sunyoung Kim School of

Human-Computer Interaction 12. Evaluating User Interface (3) Dr. Sunyoung Kim School of Communication & Information Rutgers university Recap: Why doing evaluation? If we build a product, service, an interface, etc., how do we know:

576 views • 39 slides
Unit 3: Foundations for inference 3. Hypothesis tests PS 3 due Monday 12.30pm STA 104 -

Unit 3: Foundations for inference 3. Hypothesis tests PS 3 due Monday 12.30pm STA 104 -

Announcements Unit 3: Foundations for inference 3. Hypothesis tests PS 3 due Monday 12.30pm STA 104 - Summer 2017 PA 3 due Monday 12.30pm Midterm grades? Duke University, Department of Statistical Science Midterm course feedback

187 views • 4 slides
Using the Samba Testsuite Andrew Tridgell Samba Team tridge@osdl.org Torture yourself! The

Using the Samba Testsuite Andrew Tridgell Samba Team tridge@osdl.org Torture yourself! The

Using the Samba Testsuite Andrew Tridgell Samba Team tridge@osdl.org Torture yourself! The Samba4 torture suite is an extensive, general purpose CIFS test suite. It is not Samba specific. All CIFS vendors should take advantage of it to

377 views • 21 slides
rt tt ss

rt tt ss

rt tt ss Prt ss rts

815 views • 32 slides
Detection of False Sharing Using Machine Learning Sanath Jayasena , Asanka Abeyweera, Gayashan

Detection of False Sharing Using Machine Learning Sanath Jayasena , Asanka Abeyweera, Gayashan

Detection of False Sharing Using Machine Learning Sanath Jayasena , Asanka Abeyweera, Gayashan Amarasinghe, Himeshi De Silva, University of Moratuwa Sunimal Rathnayake, Sri Lanka Saman Amarasinghe, Xiaoqiao Meng, Yanbin Liu T.J. Watson

756 views • 39 slides

More recommend