PORTIA

1
PORTIA
Security Challenges for Rich-MediaEducational
Environments

• Robert Grimm
• New York University

2
The Chasm in Medicine

• Scientific knowledge
• Rapid advances in molecular biology
• Medical practice
• Reduced lengths-of-stay in hospitals
• Increased compartmentalization
• Chasm is self-widening
• Specialization helps keep up with sciences, costs
  down
• Existing solutions do not work
• Outpatient care for education, PCPs for practice
• Result Ever harder to train good physicians

3
Crossing the ChasmThe IRMEE Project at NYU

• NYU-wide collaboration
• Medicine, computer science, libraries, center for
  teaching excellence, center for advanced
  technology, IT
• Goal Integration
• Across specializations
• Between theory and practice
• Across geographical boundaries and time
• Chosen approach Web-based rich-media environment
• Provides lifelong access to educational
  scientific content
• Structures content along narrative lines
• Fosters community of students and practitioners

4
Prototypes in Use, Have Impact

• Complemented by guided discussion on bulletin
  board

5
Where Do We Go from Here?

• Content
• Better evaluations through script concordance
  tests
• More modules
• Authoring is labor- and resource-intensive, does
  not scale
• Focus on exchanging content with other authors
• XML schema being co-developed with University of
  Pittsburgh
• Delivery infrastructure
• Existing multi-tier architecture does not scale
• We need a scalable and affordable solution
• Focus for the rest of this talk, but keep IRMEE
  in mind

6
Building a Scalable AffordableImplementation
Platform

• Active CDN (Content Distribution Network)
• Interposes on client/server interactions (DNS
  redirection)
• Authoritative content remains on server
• Caches static content
• Executes application-specific scripts
• For dynamic content creation as well as
  transformation
• Why another edge-side computing platform?
• Familiar programming model for web developers
• As added benefit, easier to provide resource
  controls, security
• General structured overlay Distributed Hash
  Table
• Easier to leverage advances in peer-to-peer
  technologies

7
Integrity and Privacy Issuesfor Active CDNs

• Nodes in peer-to-peer overlay generally untrusted
• Though, local nodes may be trusted
• Connection-oriented security (SSL) inappropriate
• End-to-end negates CDN, hop-by-hop negates
  security
• Resource-oriented security required
• Servers sign or encrypt content
• Trusted proxy verifies signatures, decrypts
  content
• What about dynamically generated/transformed
  content?
• Scripts still may execute on any node (for p2p
  load balancing)
• But trusted proxy probabilistically verifies
  dynamic contentand adjusts reputation based on
  results

8
Whats Missing?

• Reputation-based security model
• Selection of content to verify
• Scoring and accumulation of results
• Exchange of results
• Centralized blacklists vs. web of trust
• HTTP extensions for resource-based security
• Beware of interaction with caching
• E.g., sign only headers but not body, include
  hash of body
• Experiences from real deployment
• On the Wild Wild Web, surprising things may
  happen
• E.g., see Pai et al., The Dark Side of the Web,
  HotNets 03

9
The Larger Issue

• Securely placing functionality (computations
  storage) on untrusted nodes placed between
  clients and servers

10
http//www.cs.nyu.edu/rgrimm/