webinos Security privacy
•Télécharger en tant que PPTX, PDF•
1 j'aime•529 vues
An introduction to the security and privacy principles of webinos and the core security architectural principles Presented by John Lyle of The University of Oxford
Recommandé
Contenu connexe
Tendances
Tendances (20)
En vedette
En vedette (18)
Similaire à webinos Security privacy
Similaire à webinos Security privacy (20)
Dernier
Dernier (20)
webinos Security privacy
- 2. Background webinos creates networks of personal devices and exposes them to web applications. – Potential attack vector for malware – Potential for a loss of privacy webinos must be designed to protect stakeholders (primarily users) and be implemented securely
- 3. This presentation 1. Goals for security and privacy in webinos 2. Focus on: 1. One device 2. The personal zone 3. Inter-user security and privacy 3. Conclusions and future directions
- 4. Goals 1. Protect user data, devices and services 2. Balance security mechanisms against control and freedom 3. Provide a consistent user experience 4. Allow for management of applications, data and devices 5. Take into consideration other stakeholders
- 5. Security and privacy on one device API access mediated by an XACML-based security policy architecture – Based on WAC and BONDI – Extended for multi-device scenarios – Extended with privacy controls (TBD) Application signing – Widgets – based on WAC and W3C drafts/standards – Websites – SSL certificates Local authentication
- 6. Personal zones Device authentication – Public key infrastructure for every device – PZH acts as a certificate authority – Enrolment of new devices Secure communication OpenID authentication of users Policy synchronisation PZH interface to manage zones
- 7. Communication between users Personal zones can be bridged for inter- user communication Authentication – User identity expressed through OpenID / WebFinger / social network – Enables certificate exchange Authorisation – Policies mediate access to APIs and services
- 8. Conclusion Consistent, straightforward security framework Building on existing work, introducing personal zones In the future: – Interfaces – Better privacy management, expression – Integration of secure hardware? – More tools for users and developers
Notes de l'éditeur
- Notes:Primarily protecting against malware and malicious usersWe don’t want to put users at the risk of malware, but we don’t want to create a closed system like AppleUsability:An advantage webinos has is that it can present the same controls and interfaces across different devices. We’re still working on what these will be, but having a common policy model will be essential. Furthemore, the common policy model means users only need to define things once in some casesWe’ve implemented various design techniques to elicit misuse cases and misusability cases, which we hope will help us align user goals and security and privacy issuesInter-user, inter-device and inter-application communication can be managed. Management can be done on the most suitable device. Remote management of settings plannedIt would be easy to say ‘no’ to things like analytics, payment, etc. However, we’re trying to make a pragmatic system which provides a sensible trade-off.
- OpenID Authentication – users authenticate by logging into their PZH through an OpenID provider. This avoids the need for any new passwords or identities for those users (we hope). It also provides a means for users to authentication outside of the personal zone.