Current approaches to access control on Web servers do not scale to enterprise-wide systems because they are mostly based on individual user identities. Hence we were motivated by the need to manage and enforce the strong and efficient RBAC access control technology in large-scale Web environments. To satisfy this requirement, we identify two different architectures for RBAC on the Web, called user-pull and server-pull. To demonstrate feasibility, we implement each architecture by integrating and extending well-known technologies such as cookies, X.509, SSL, and LDAP, providing compatibility with current Web technologies. We describe the technologies we use to implement RBAC on the Web in different architectures. Based on our experience, we also compare the tradeoffs of the different approaches.

Traditional Public Key Infrastructures (PKI) have not lived up to their promise because there are too many ways to define PKIs, too many cryptographic primitives to build them with, and too many administrative domains with incompatible roots of trust. Alpaca is an authentication and authorization framework that embraces PKI diversity by enabling one PKI to “plug in ” another PKI’s credentials and cryptographic algorithms, allowing users of the latter to authenticate themselves to services using the former using their existing, unmodified certificates. Alpaca builds on Proof-Carrying Authorization (PCA) [8], expressing a credential as an explicit proof of a logical claim. Alpaca generalizes PCA to express not only delegation policies but also the cryptographic primitives, credential formats, and namespace structure needed to use foreign credentials directly. To achieve this goal, Alpaca introduces a method of creating and naming new principals which behave according to arbitrary rules, a modular approach to logical axioms, and a domain-specific language specialized for reasoning about authentication. We have implemented Alpaca as a Python module that assists applications in generating proofs (e.g., in a client requesting access to a resource), and in verifying those proofs via a compact 800-line TCB (e.g., in a server providing that resource). We present examples demonstrating Alpaca’s extensibility in scenarios involving inter-organization PKI interoperability and secure remote PKI upgrade.

Security-typed languages are an evolving tool for implementing systems with provable security guarantees. However, to date, these tools have only been used to build simple “toy ” programs. As described in this paper, we have developed the first real-world, security-typed application: a secure email system written in the Java language variant Jif. Real-world policies are mapped onto the information flows controlled by the language primitives, and we consider the process and tractability of broadly enforcing security policy in commodity applications. We find that while the language provided the rudimentary tools to achieve low-level security goals, additional tools, services, and language extensions were necessary to formulate and enforce application policy. We detail the design and use of these tools. We also show how the strong guarantees of Jif in conjunction with our policy tools can be used to evaluate security. This work serves as a starting point–we have demonstrated that it is possible to implement real-world systems and policy using security-typed languages. However, further investigation of the developer tools and supporting policy infrastructure is necessary before they can fulfill their considerable promise of enabling more secure systems. 1

Abstract. This paper proposes aresilient, alternative monetary system on the Internet called i-WAT, based on WAT System[1] which uses a form of promissory note as the medium of exchanging goods and services. i-WAT uses an electronic version of the note, ownership of which is transferred by exchanging messages signed in OpenPGP[2]. i-WAT can be used as the basis of various interpersonal/corporative transactions in the globally distributed computing environment. Specific applications being investigated include distributed consumer reports, an alternative copyright system and spam-free e-mail exchange. Aprototype of an i-WAT checkbook has been developed as a plug-in for a Jabber[3] client. Experiments are ongoing. 1

Network-layer innovation has proven surprisingly difficult, in part because internetworking protocols ignore competing economic interests and because a few protocols dominate, enabling layer violations that entrench technologies. Many shortcomings of today’s internetwork layer result from its inflexibility with respect to the policies of the stakeholders: users and service providers. The consequences of these failings are well-known: various hacks, layering violations, and overloadings are introduced to enforce policies and attempt to get the upper hand in various “tussles”. The result is a network that is increasingly brittle, hostile to innovation, vulnerable to attack, and insensitive to concerns about accountability and privacy. Our project aims to design, implement, and evaluate through daily use a minimalist internetwork layer and auxiliary functionality that anticipates tussles and allows them to be played out in policy space, as opposed to in the packet-forwarding path. We call our approach postmodern internetwork architecture, because it is a reaction against many established network layer design concepts. The overall goal of the project is to make a larger portion of the network design space accessible without sacrificing the economy of scale offered by the unified Internet. We will use the postmodern architecture to explore basic architectural questions. These include: • What mechanisms should be supported by the network such that any foreseeable policy requirement can be

We revisit the venerable question of "pure password"-based key derivation and encryption,and expose security weaknesses in current implementations that stem from structural flaws in Key Derivation Functions (KDF). We advocate a fresh redesign, named Halting KDF (HKDF),which we thoroughly motivate on these grounds: 1. By letting password owners choose the hash iteration count, we gain operational flexibilityand eliminate the rapid obsolescence faced by many existing schemes. 2. By throwing a Halting-Problem wrench in the works of guessing that iteration count, wewiden the security gap with any attacker to its theoretical optimum. 3. By parallelizing the key derivation, we let legitimate users exploit all the computationalpower they can muster, which in turn further raises the bar for attackers. HKDFs are practical and universal: they work with any password, any hardware, and aminor change to the user interface. As a demonstration, we offer real-world implementations for the TrueCrypt and GnuPG packages, and discuss their security benefits in concrete terms.

The rapid increase in Internet users triggered a number of new Internet services and applications such as online shopping, video conferencing, Internet games or distance education. A larger part of those ones requires multicast support for efficient data distribution. A number of secure group communication protocols have been published recently, but the preservation of privacy of the single group member is still an unsolved problem.

This dissertation describes a distributed storage system that is able to provide its users with highly available, secure and shareable storage. The design of distributed file systems has traditionally been based on the assumptions of strong connectivity, centralized administration, and a relatively small and stable set of nodes (‘first-class server’) as the heart of the system. We argue that all these assumptions need to be challenged in order to increase the availability of data in today’s and future networked information systems. The popularization and commercialization of the Internet has facilitated a range of distributed collaborative applications, like electronic shops and netbanking, that operate across administrative domains and involve nodes that are only loosely coupled. Users share an ever increasing amount of data with a variety of service providers and they also share data directly with other users inside and outside their own administrative domain. Because no storage infrastructure exists today

A prompting protocol permits users to securely retrieve secrets with greater entropy than passwords. The retrieved user secrets can have enough entropy to be used to derive cryptographic keys.

This paper details the construction of an access-driven sidechannel attack by which a malicious virtual machine (VM) extracts fine-grained information from a victim VM running on the same physical computer. This attack is the first such attack demonstrated on a symmetric multiprocessing system virtualized using a modern VMM (Xen). Such systems are very common today, ranging from desktops that use virtualization to sandbox application or OS compromises, to clouds that co-locate the workloads of mutually distrustful customers. Constructing such a side-channel requires overcoming challenges including core migration, numerous sources of channel noise, and the difficulty of preempting the victim with sufficient frequency to extract fine-grained information from it. This paper addresses these challenges and demonstrates the attack in a lab setting by extracting an ElGamal decryption key from a victim using the most recent version of the libgcrypt cryptographic library. Categories andSubject Descriptors