An introduction to the security and privacy principles of webinos and the core security architectural principles
Presented by John Lyle of The University of Oxford
2. Background
webinos creates networks of personal
devices and exposes them to web
applications.
– Potential attack vector for malware
– Potential for a loss of privacy
webinos must be designed to protect
stakeholders (primarily users) and be
implemented securely
3. This presentation
1. Goals for security and privacy in webinos
2. Focus on:
1. One device
2. The personal zone
3. Inter-user security and privacy
3. Conclusions and future directions
4. Goals
1. Protect user data, devices and services
2. Balance security mechanisms against
control and freedom
3. Provide a consistent user experience
4. Allow for management of applications,
data and devices
5. Take into consideration other
stakeholders
5. Security and privacy on
one device
API access mediated by an XACML-based
security policy architecture
– Based on WAC and BONDI
– Extended for multi-device scenarios
– Extended with privacy controls (TBD)
Application signing
– Widgets – based on WAC and W3C
drafts/standards
– Websites – SSL certificates
Local authentication
6. Personal zones
Device authentication
– Public key infrastructure for every device
– PZH acts as a certificate authority
– Enrolment of new devices
Secure communication
OpenID authentication of users
Policy synchronisation
PZH interface to manage zones
7. Communication between
users
Personal zones can be bridged for inter-
user communication
Authentication
– User identity expressed through OpenID /
WebFinger / social network
– Enables certificate exchange
Authorisation
– Policies mediate access to APIs and services
8. Conclusion
Consistent, straightforward security
framework
Building on existing work, introducing
personal zones
In the future:
– Interfaces
– Better privacy management, expression
– Integration of secure hardware?
– More tools for users and developers
Notes de l'éditeur
Notes:Primarily protecting against malware and malicious usersWe don’t want to put users at the risk of malware, but we don’t want to create a closed system like AppleUsability:An advantage webinos has is that it can present the same controls and interfaces across different devices. We’re still working on what these will be, but having a common policy model will be essential. Furthemore, the common policy model means users only need to define things once in some casesWe’ve implemented various design techniques to elicit misuse cases and misusability cases, which we hope will help us align user goals and security and privacy issuesInter-user, inter-device and inter-application communication can be managed. Management can be done on the most suitable device. Remote management of settings plannedIt would be easy to say ‘no’ to things like analytics, payment, etc. However, we’re trying to make a pragmatic system which provides a sensible trade-off.
OpenID Authentication – users authenticate by logging into their PZH through an OpenID provider. This avoids the need for any new passwords or identities for those users (we hope). It also provides a means for users to authentication outside of the personal zone.