ensuring resource trust and integrity in web browsers
play

Ensuring Resource Trust and Integrity in Web Browsers using - PowerPoint PPT Presentation

Jan 03, 2024 •251 likes •476 views

Introduction Conceptual Overview Peer Review Process Conclusion Ensuring Resource Trust and Integrity in Web Browsers using Blockchain Technology Benjamin Leiding 1 Clemens H. Cap 2 1 University of Gttingen, Germany

  1. Introduction Conceptual Overview Peer Review Process Conclusion Ensuring Resource Trust and Integrity in Web Browsers using Blockchain Technology Benjamin Leiding 1 Clemens H. Cap 2 1 University of Göttingen, Germany benjamin.leiding@cs.uni-goettingen.de 2 University of Rostock, Germany clemens.cap@uni-rostock.de June 11, 2018 Benjamin Leiding Ensuring Resource Trust and Integrity using Blockchain Technology | BIOC‘18 1 / 21

  2. Introduction Conceptual Overview Peer Review Process Conclusion About Me Academic • PhD student (University of Göttingen, Germany) • Security/Privacy background • Current research areas: • (Self-Sovereign) identity systems and authentication protocols → Authcoin protocol. • Architectures and designs of blockchain systems and applications. • Application of blockchain technology, e.g. Blockchain-based academic peer-review systems. • M2M economy among autonomous agents Benjamin Leiding Ensuring Resource Trust and Integrity using Blockchain Technology | BIOC‘18 2 / 21

  3. Introduction Conceptual Overview Peer Review Process Conclusion Overview 1 Introduction 2 Conceptual Overview 3 Peer Review Process 4 Conclusion Benjamin Leiding Ensuring Resource Trust and Integrity using Blockchain Technology | BIOC‘18 3 / 21

  4. Introduction Conceptual Overview Peer Review Process Conclusion Introduction Benjamin Leiding Ensuring Resource Trust and Integrity using Blockchain Technology | BIOC‘18 4 / 21

  5. Introduction Conceptual Overview Peer Review Process Conclusion Introduction Source: https://www.whisperkey.io Benjamin Leiding Ensuring Resource Trust and Integrity using Blockchain Technology | BIOC‘18 5 / 21

  6. Introduction Conceptual Overview Peer Review Process Conclusion Problem Statement Figure: Server-side code poising attack. Benjamin Leiding Ensuring Resource Trust and Integrity using Blockchain Technology | BIOC‘18 6 / 21

  7. Introduction Conceptual Overview Peer Review Process Conclusion State of the Art • Checking incoming JS manually? • Disabling JS? • CDN subresource integrity via hash-codes → Only protects against attacks from the CDN, not the server/programmer. Benjamin Leiding Ensuring Resource Trust and Integrity using Blockchain Technology | BIOC‘18 7 / 21

  8. Introduction Conceptual Overview Peer Review Process Conclusion Conceptual Overview Benjamin Leiding Ensuring Resource Trust and Integrity using Blockchain Technology | BIOC‘18 8 / 21

  9. Introduction Conceptual Overview Peer Review Process Conclusion General Overview Benjamin Leiding Ensuring Resource Trust and Integrity using Blockchain Technology | BIOC‘18 9 / 21

  10. Client Request Processing BPMN representation of the local client requesting and processing an incoming file.

  11. Introduction Conceptual Overview Peer Review Process Conclusion Peer Review Process Benjamin Leiding Ensuring Resource Trust and Integrity using Blockchain Technology | BIOC‘18 11 / 21

  12. Introduction Conceptual Overview Peer Review Process Conclusion Peer Review Review Report • ID • Project name • Project description • Link to resource/repository • Hash of the reviewed committed version • Resource itself • Reviewer information (ID, etc.) • Detailed report on review results • Boolean value → secure vs. insecure Similar to academic peer-review process. Benjamin Leiding Ensuring Resource Trust and Integrity using Blockchain Technology | BIOC‘18 12 / 21

  13. Introduction Conceptual Overview Peer Review Process Conclusion Conflict Resolution What is a good and objective criteria for insecure code? How to settle disputes on what constitutes a vulnerability? Benjamin Leiding Ensuring Resource Trust and Integrity using Blockchain Technology | BIOC‘18 13 / 21

  14. Introduction Conceptual Overview Peer Review Process Conclusion Conflict Resolution - CVEs The Common Vulnerabilities and Exposures (CVE) system provides a reference-method for publicly known information-security vulnerabilities and exposures. Benjamin Leiding Ensuring Resource Trust and Integrity using Blockchain Technology | BIOC‘18 14 / 21

  15. General Overview

  16. Introduction Conceptual Overview Peer Review Process Conclusion Incentive Mechanism • Incentive for user: • Enhanced security • Incentive for reviewer: • Rewards (Steem 1 -like token system) • Reputation • Bounties by developers/users • Incentive for programmer/software provider: • Enhanced security of product based on external reviews. • Trustworthiness 1 https://steem.io/ Benjamin Leiding Ensuring Resource Trust and Integrity using Blockchain Technology | BIOC‘18 16 / 21

  17. Introduction Conceptual Overview Peer Review Process Conclusion Issues and Disadvantages • Depending on the stake-size, it might be still worth loosing the stake to launch a successful attack. • Incentivize reviewers. • Not all vulnerabilities are listed as CVEs. • Definition of vulnerability or insecure code. • Small and unknown projects might not be reviewed at all. Benjamin Leiding Ensuring Resource Trust and Integrity using Blockchain Technology | BIOC‘18 17 / 21

  18. Introduction Conceptual Overview Peer Review Process Conclusion Conclusion and Future Work Benjamin Leiding Ensuring Resource Trust and Integrity using Blockchain Technology | BIOC‘18 18 / 21

  19. Introduction Conceptual Overview Peer Review Process Conclusion Conclusion Take Home Message • Enable secure delivery and execution of code. • Prevent code manipulation by binding code to a review via a hash. • Browser validates review status, hash and code → Insecure code is not executed. • Concept is versatile and can be used for all kind of documents and software. Benjamin Leiding Ensuring Resource Trust and Integrity using Blockchain Technology | BIOC‘18 19 / 21

  20. Introduction Conceptual Overview Peer Review Process Conclusion Future Work Research Tasks • Prototype implementation starts in July (Browser extension + IOTA/Ethereum). • How to ensure that a reviewer invests sufficient time to produce a quality review? (Proof-of-X?) • Apply the same methodology in a more general way → Resource trust and integrity of files. • Reputation-driven distributed autonomous organization (DAO) for resource reviews based on an abstract review protocol. • Dispute resolution using a Semada 2 -like betting pool. 2 http://semada.io/ Benjamin Leiding Ensuring Resource Trust and Integrity using Blockchain Technology | BIOC‘18 20 / 21

  21. Introduction Conceptual Overview Peer Review Process Conclusion Questions? Benjamin Leiding Ensuring Resource Trust and Integrity using Blockchain Technology | BIOC‘18 21 / 21

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Enterprise Functionalities: 2 Data management Ensuring integrity, e.g., entity and referential

Enterprise Functionalities: 2 Data management Ensuring integrity, e.g., entity and referential

Enterprise Functionalities: 2 Data management Ensuring integrity, e.g., entity and referential integrity (richer than storage-level integrity) Enabling access under various kinds of problems, e.g., network partitions Supporting recovery,

487 views • 11 slides
Temporal Consistency of Integrity-Ensuring Computations and Applications to Embedded Systems

Temporal Consistency of Integrity-Ensuring Computations and Applications to Embedded Systems

Temporal Consistency of Integrity-Ensuring Computations and Applications to Embedded Systems Security Karim Eldefrawy Xavier Carpent Norrathep (Oak) Rattanavipanon Gene Tsudik University of California, Irvine SRI International Agenda

409 views • 38 slides
THE EVOLVING CYBER THREAT LANDSCAPE : Ensuring the Integrity and Value of Information Sean

THE EVOLVING CYBER THREAT LANDSCAPE : Ensuring the Integrity and Value of Information Sean

THE EVOLVING CYBER THREAT LANDSCAPE : Ensuring the Integrity and Value of Information Sean Kanuck Director of Cyber, Space and Future Conflict The International Institute for Strategic Studies NATO Parliamentary Assembly Warsaw, Poland 27

694 views • 10 slides
MICE SRI PERFORMANCE IS BAD INTEGRITY OVER ALL Recap Reference resource, include a hash of that

MICE SRI PERFORMANCE IS BAD INTEGRITY OVER ALL Recap Reference resource, include a hash of that

IETF 95 MICE SRI PERFORMANCE IS BAD INTEGRITY OVER ALL Recap Reference resource, include a hash of that resource <script src=https://other.origin.example/script.js integrity=sha384-dOTZf16X8p34q2/kYyEFm0jh8> Client

250 views • 9 slides
Research Revenue Integrity Responsible for ensuring all technical and professional services

Research Revenue Integrity Responsible for ensuring all technical and professional services

Research Revenue Integrity Responsible for ensuring all technical and professional services provided under a clinical research study at any UC Irvine Health location are identified, coded, recharged and/or billed correctly. What is Research

324 views • 11 slides
Ensuring data integrity with asynchronous programming in a cloud IoT core Europython 2020

Ensuring data integrity with asynchronous programming in a cloud IoT core Europython 2020

Ensuring data integrity with asynchronous programming in a cloud IoT core Europython 2020 George Python Enthusiast, Angular addicted. Currently working as a Zisopoulos Full-Stack Engineer at Veturilo.io Theofanis Python Fanatic, Elixir and

348 views • 31 slides
Ensuring Organic Integrity Periodic Residue Sampling FOR WEBINAR AUDIO Dial 1-719-955-0562

Ensuring Organic Integrity Periodic Residue Sampling FOR WEBINAR AUDIO Dial 1-719-955-0562

Ensuring Organic Integrity Periodic Residue Sampling FOR WEBINAR AUDIO Dial 1-719-955-0562 Passcode 665 716 # Tuesday, August 19 2014 | 10:00 AM Pacific |1:00 PM Eastern Welcome! Presenter Nathaniel Lewis Organic Trade Association Senior

600 views • 34 slides
Print Books with Browsers Designing books in browsers using Paged.js Julie Blanc (@julieblancfr)

Print Books with Browsers Designing books in browsers using Paged.js Julie Blanc (@julieblancfr)

Print Books with Browsers Designing books in browsers using Paged.js Julie Blanc (@julieblancfr) Digital Publishing Summit May 26, 2019 Automated typesetting and pagination for print Make PDF outputs of HTML contents from browsers Flux

823 views • 67 slides
KILOBAR KILOBAR KILOBAR INTEGRITY KILOBAR KILOBAR KILOBAR KILOBAR INTEGRITY KILOBAR

KILOBAR KILOBAR KILOBAR INTEGRITY KILOBAR KILOBAR KILOBAR KILOBAR INTEGRITY KILOBAR

KILOBAR KILOBAR KILOBAR INTEGRITY KILOBAR KILOBAR KILOBAR KILOBAR INTEGRITY KILOBAR INTEGRITY INTEGRITY INTEGRITY INTEGRITY INTEGRITY INTEGRITY Blockchain & Security Ruth Crowell, Chief Executive Asia Pacific Precious Metals

460 views • 10 slides
Gods stories Gods stories Trust Trust To Rely Upon Something Totally Trust trust:

Gods stories Gods stories Trust Trust To Rely Upon Something Totally Trust trust:

Gods stories Gods stories Trust Trust To Rely Upon Something Totally Trust trust: confidence in, or an assured reliance on, the character, integrity, ability, strength, or truth of someone or something faith: Confidence or

784 views • 33 slides
Research Infrastructures ensuring the trust and quality of data Session 5A Simon Hodson,

Research Infrastructures ensuring the trust and quality of data Session 5A Simon Hodson,

ICRI 2018 Vienna 13 September 2018 Research Infrastructures ensuring the trust and quality of data Session 5A Simon Hodson, Executive Director, CODATA www.codata.org What contributes to quality and trust? What principles and practices are

409 views • 8 slides
Ensuring consistency between LSE load forecasts for CRR and Resource Adequacy (RA) purposes

Ensuring consistency between LSE load forecasts for CRR and Resource Adequacy (RA) purposes

California Independent System Operator Corporation Ensuring consistency between LSE load forecasts for CRR and Resource Adequacy (RA) purposes Stakeholder Meeting June 14, 2007 Saurabh Monga Market Operations - CRR Team California

584 views • 8 slides
Scottsdale Capital Conference Corporate Presentation April 2017 1 Trust | Respect | Integrity

Scottsdale Capital Conference Corporate Presentation April 2017 1 Trust | Respect | Integrity

Presentation Title Scottsdale Capital Conference Corporate Presentation April 2017 1 Trust | Respect | Integrity Camp at Bornite 2 Trust | Respect | Integrity 2 Forward Looking Statements This presentation includes certain Forward

714 views • 45 slides
Integrity measurements for stronger cloud-based authentication John Zic 1 Thomas Hardjono 2 1

Integrity measurements for stronger cloud-based authentication John Zic 1 Thomas Hardjono 2 1

Integrity measurements for stronger cloud-based authentication John Zic 1 Thomas Hardjono 2 1 CSIRO Computational Informatics 2 MIT Kerberos and Internet of Trust Trust in the Digital World: Enabling the Economies of Trust Zic and

371 views • 19 slides
Run-time firmware integrity verification: what if you cant trust your network card? Loc

Run-time firmware integrity verification: what if you cant trust your network card? Loc

Run-time firmware integrity verification: what if you cant trust your network card? Loc Duflot , Yves-Alexis Perez , Benjamin Morin Agence Nationale de la Scurit des Systmes dInformation Introduction & reminder Last year...

467 views • 44 slides
Run-time firmware integrity verification: what if you cant trust your network card?

Run-time firmware integrity verification: what if you cant trust your network card?

Run-time firmware integrity verification: what if you cant trust your network card? International Symposium on Recent Advances in Intrusion Detection Menlo Park, September 2011 Loc Duflot, Yves-Alexis Perez, Benjamin Morin ANSSI French

627 views • 37 slides
Testing Model Transformations in Model Driven Engineering Benoit Baudry INRIA IRISA

Testing Model Transformations in Model Driven Engineering Benoit Baudry INRIA IRISA

Testing Model Transformations in Model Driven Engineering Benoit Baudry INRIA IRISA (currently visiting CSU) Outline What about model transformation testing? Triskells contributions Coverage criteria Model synthesis

389 views • 35 slides
TypeChef: Towards Correct Variability Analysis of Unpreprocessed C Code for Software Product

TypeChef: Towards Correct Variability Analysis of Unpreprocessed C Code for Software Product

Introduction The C preprocessor Partial Preprocessing Examples of partial preprocessing Boolean formula manipulation TypeChef: Towards Correct Variability Analysis of Unpreprocessed C Code for Software Product Lines Paolo G. Giarrusso 04

426 views • 28 slides
Opening the Item Report Builder Open ESTmep or CAMduct and go to File --> Print Layout

Opening the Item Report Builder Open ESTmep or CAMduct and go to File --> Print Layout

Opening the Item Report Builder Open ESTmep or CAMduct and go to File --> Print Layout --> Item Reports . CADmep users can type REPORTS at the command line, this can also be accessed via the Shift/Right Click menu CADmep -->

315 views • 13 slides
Data Modelling and Multimedia Databases LM International Second cycle degree programme (LM) in

Data Modelling and Multimedia Databases LM International Second cycle degree programme (LM) in

ALMA MATER STUDIORUM - UNIVERSIT DI BOLOGNA Data Modelling and Multimedia Databases LM International Second cycle degree programme (LM) in Digital Humanities and Digital Knowledge (DHDK) University of Bologna Course presentation Academic

758 views • 6 slides
Formal Ethics for Social Robots Martin Mose Bentzen, Associate Professor, DTU Management

Formal Ethics for Social Robots Martin Mose Bentzen, Associate Professor, DTU Management

Formal Ethics for Social Robots Martin Mose Bentzen, Associate Professor, DTU Management Engineering , Technical University of Denmark 2017 Introduction Few in the field believe that there are intrinsic limits to machine intelligence, and

656 views • 37 slides
GAUTENG PROVINCIAL COMMAND COUNCIL Weekly Media Update on COVID-19 7 August 2020 Gauteng

GAUTENG PROVINCIAL COMMAND COUNCIL Weekly Media Update on COVID-19 7 August 2020 Gauteng

GAUTENG PROVINCIAL COMMAND COUNCIL Weekly Media Update on COVID-19 7 August 2020 Gauteng COVID-19 response: Six pillars Comprehensive Health Response Law Food Security Enforcement and Social and Relief Compliance with Regulations

673 views • 56 slides
"The Mis-education of Softw are Testers: Rethinking and Relearning Softw are Quality"

"The Mis-education of Softw are Testers: Rethinking and Relearning Softw are Quality"

BT4 Concurrent Session 6/14/2012 10:15 AM "The Mis-education of Softw are Testers: Rethinking and Relearning Softw are Quality" Presented by: Clinton Sprauve Micro Focus Brought to you by: 340 Corporate Way, Suite 300, Orange Park,

446 views • 10 slides
C ENTER FOR A DVANCED S TUDIES W HEELER H IGH S CHOOL STEM Certified & STEAM Inspired The

C ENTER FOR A DVANCED S TUDIES W HEELER H IGH S CHOOL STEM Certified & STEAM Inspired The

C ENTER FOR A DVANCED S TUDIES W HEELER H IGH S CHOOL STEM Certified & STEAM Inspired The Center for Advanced Studies At Wheeler High School a unique 4-year STEM magnet program for academically advanced students Biology Chemistry

927 views • 34 slides

More recommend