An Overview of Security Issues in the Web - PowerPoint PPT Presentation

About This Presentation
Title:

An Overview of Security Issues in the Web

Description:

authentication. authorization. firewalls. encryption. Access control. 19 December 1998 ... Web authorization mechanisms. Access control lists (ACL) ... – PowerPoint PPT presentation

Number of Views:37
Avg rating:3.0/5.0
Slides: 17
Provided by: josk1
Category:

less

Transcript and Presenter's Notes

Title: An Overview of Security Issues in the Web


1
An Overview ofSecurity Issues in the Web
  • José KAHAN OBLATT
  • W3C/INRIA
  • jose_at_w3.org
  • 19 December 1998

2
Disclaimer
  • The following slides represent the authors
    personal opinion and not necessarily that of the
    W3C or of INRIA.

3
Outline
  • Architecture Web
  • Security problems
  • Security measures
  • Conclusion

4
Architecture of the Web
  • Hypertext information model (linking of
    documents)
  • Client/Server consultation protocol

?
Internet
documents
5
Security problems confidentiality
  • Unauthorized release of information

?
Internet
user
?
pirate
6
Security problems integrity
  • Unauthorized modification of information

user
?
pirate
7
Security measures
firewalls
encryption
Access control
authorization
authentication
8
Encryption principles
  • Mathematical transformation of a message

Encrypt
Decrypt
Hello
Hel
Hello
plaintext
cyphertext
plaintext
decryption key
encryption key
-Document confidentiality -Document integrity
-Server authentication -Client authentication
9
Encryption mechanisms
  • Symmetric (secret key) cryptographySame key used
    for encryption and decryption
  • Asymmetric (public key) cryptographyDifferent
    keys used for encryption and decryption
  • Supported by commercial browsers SSL, TLS
  • BUT legal problems in some countries

10
Access control model
guard
authorize
Reference Monitor
noeuds
operation
deny
consult
update
security database
security administrator
11
Access control authentication
  • Verifying the identity of a user

identity, proof of identity
security database
12
Web authentication mechanisms
13
Access control authorization
  • Verifying the access rights of a user

identity, proof of identity
?
security database
14
Web authorization mechanisms
  • Access control lists (ACL)
  • Roles, groups simple user administration
  • Capabilities exchange of access control
    information in the request

15
Personal experience
  • Existing security mechanisms can solve most of
    the problems of confidentiality and integrity
  • Difficult part defining a security policyset of
    rules describing the behavior of users in a
    system
  • Choice of security mechanismsperformance versus
    simple user administration
  • User education is important

16
Some security issues in EMGnet
  • Encryption of data exchanges?
  • Which authentication mechanism?
  • Distribution or centralization of security
    database?
  • Set of access rights?
  • ACLs, capabilities, or both?
  • User administration!
  • Tip reuse existing technology when possible
Write a Comment
User Comments (0)
About PowerShow.com
Home About Us Terms and Conditions Privacy Policy Presentation Removal Request Contact Us
Copyright 2024 CrystalGraphics, Inc. — All rights Reserved. PowerShow.com is a trademark of CrystalGraphics, Inc.
The PowerPoint PPT presentation: "An Overview of Security Issues in the Web" is the property of its rightful owner.
Do you have PowerPoint slides to share? If so, share your PPT presentation slides online with PowerShow.com. It's FREE!