Stock Market Tickers - PowerPoint by ato42904

VIEWS: 13 PAGES: 7

More Info
									Security
considerations for
notifications
Issues


   Security needs/threats
       Application domains
       Security areas

   Trust models for security
Security application domains


   Printing notifications
   Stock market tickers
   Online multi-player gaming
   Inter-process communication
   Presence information
   Instant messages
Security needs

   Authentication
       A message is sent by the source it claims to be
        sent by
       No spurious messages
   Encryption
       A message can only be received by the entity it is
        addressed to
   ACLs
       groups, delegation, revocation
       by step, e.g. subscribe, send notifications, etc.
Security needs (contd.)

   Subscriber information
           Who’s subscribed
           Who’s checking a resource
           History of who’s checking a resource
   Protect against denial-of-service attacks
       Transaction volume (flood attacks)
       Spurious hostnames
       Attacks against sub-components
         e.g. directory services
Security needs (contd.)

   Protect against delay attacks for time-critical
    applications
   Protect against message tampering
   Secure billing systems
   Tiered security
       “Orange book” - style security?
       Security vs simplicity
Trust models: “hop-by-hop” vs
“end-to-end”
   “Channel security” vs “Object security”
       e.g. IP Sec, GSSAPI vs S/MIME
   Which one?
       Degree of control by intermediaries
         Routing information
         Granularity of control
         Content-based filtering
       Speed tradeoffs
       Available infrastructure
       User convenience
         e.g. poor portability of certificates

								
To top