Layering Security at Global Control Points to Secure ......Layering Security at Global Control...
Transcript of Layering Security at Global Control Points to Secure ......Layering Security at Global Control...
![Page 1: Layering Security at Global Control Points to Secure ......Layering Security at Global Control Points to Secure Unmodified Software Scott Ruoti MIT Lincoln Laboratory* Kent Seamons,](https://reader033.fdocuments.us/reader033/viewer/2022041922/5e6c871238dc2c12146ebae9/html5/thumbnails/1.jpg)
Layering Security at Global Control Points to Secure
Unmodified Software
Scott Ruoti
MIT Lincoln Laboratory
Kent Seamons Daniel Zappala
Brigham Young University
Scott Ruoti is currently an MITLincoln Laboratory employee NoLaboratory funding or resources wereused to produce the resultfindingsreported in this publication
Problems with Application Software Security
bull Lack of cybersecurity-trained architects and developers
bull Security flaws
bull Difficult to patch vulnerabilities
bull Legacy software
Legacy Software
bull Even secure software may eventually no longer be supported
bull Hard to sustain security effort indefinitely
Partial Solution ndash Security Libraries
Limitation Usually requires expertise to use correctly
OAuthbull 60 of 149 mobile apps using OAuth studied were vulnerable
[Chen et al OAuth demystified for mobile application developers CCS 2014]
SSLTLSbull Badly designed APIs and libraries
[Georgiev et al The most dangerous code in the world CCS 2012]
bull 8 of apps in the study were vulnerable to MitM attack[Fahl et al Why Eve and Mallory love Android CCS 2012]
Solution Layered Security Paradigm
Implement security at global control points OS Browser Firewalls
1 Password
4 Password success
2 Two-factor Auth
3 Two-factor success
1 HTTP
4 Data
2 HTTPS
3 Data
1 File request
4 Decrypted file
2 File request
3 Encrypted file
GlobalControlPoints
Not a New Idea ndash Other Examples
bull Anti-virus
bull Spam filtering
bull Intrusion detection
bull Compilerbull Stack canaries
bull Pointer protection
bull Middleboxbull TLS inspection
bull Blacklisting
Use Cases from Our Research
MessageGuard End-to-end encryption in the browser
TrustBase TLS certificate-based authentication in the OS
MessageGuard
ldquoWersquore on the Same Pagerdquo A Usability Study of Secure Email Using Pairs of Novice UsersS Ruoti J Andersen S Heidbrink M ONeill E Vaziripour J Wu D Zappala and K SeamonsACM Conference on Human Factors in Computing Systems (CHI 2016) Honorable Mention Award
Private Webmail 20 Simple and Easy-to-Use Secure EmailS Ruoti J Andersen T Hendershot D Zappala and K SeamonsACM User Interface Software and Technology Symposium (UIST 2016)
Confused Johnny When Automatic Encryption Leads to Confusion and MistakesS Ruoti N Kim B Burgon TW van der Horst and K Seamons Symposium on Usable Privacy and Security (SOUPS 2013)
Private Facebook ChatC Robison S Ruoti T W van der Horst and K E SeamonsInternational Conference on Privacy Security Risk and Trust (PASSAT 2012) and International Conference on Social Computing (SocialCom 2012)
MessageGuard ndash Key Features
Overlay all text input fields with end-to-end encryption
Provides secure messaging across the web
Distributed as a browser extension
9
Extensible key management
bull PGP IBE passwords etc
Extensible front-end
bull Gmail Facebook Outlook etc
A common user interface
MessageGuard Architecture
Evaluation
Coverage and Performance
MessageGuard runs on all major browsersbull Desktop Chrome Firefox IE Opera Safaribull Android Chrome Firefox Operabull iOS Chrome Mercury Safari
MessageGuard encrypts data on almost all of the Alexa top 50 websitesbull youtubecom the only site with an issue
five lines of customization code to fix
Negligible overhead
Usability Scores
Other Approaches
ShadowCrypt [CCS 2014]bull End-to-end encryption for web applicationsbull Leverage the Shadow DOM as a control point
Mimesis Aegis [Usenix Security 2014]bull End-to-end encryption on mobile appsbull Leverages the accessibility layer as a control point
MessageGuard Information
bull Source code httpsbitbucketorgisrlemailmessageguardbull Pull requests welcome
bull Project website httpsisrlbyueduprojectsemail
bull Plug-ins available https[pgpibepasswords]messageguardio
bull Contact scottruotiorg
TrustBase
TrustBase An Architecture to Repair and Strengthen Certificate-Based AuthenticationM OrsquoNeill S Heidbrink S Ruoti J Whitehead D Bunker L Dickinson T Hendershot J Reynolds K Seamons D ZappalaUSENIX Security Symposium 2017
TLS Inspection How Often and Who Cares M OrsquoNeill S Ruoti K Seamons D ZappalaIEEE Internet Computing MayJune 2017
TLS Proxies Friend or FoeM OrsquoNeill S Ruoti K Seamons D ZappalaACM Internet Measurement Conference (IMC 2016)
User Attitudes Toward the Inspection of Encrypted TrafficS Ruoti M OrsquoNeill D Zappala K SeamonsSymposium on Usable Privacy and Security (SOUPS 2016)
TrustBase
bull Motivating principlesbull Centralize authentication as an OS service
bull Empower system admins to dictate how trust decisions are made on their own machines
bull Design goalsbull Secure all existing applications
bull Prohibit unprivileged applications from acting against administrator rules
bull Provide easy deployment of authentication systems
bull Negligible overhead
API
TrustBase
Transport
Network
helliphellip
Application
Validation
Plugins
Prototypes forbull Linuxbull Android (nonrooted)bull Windows
Moving Trust to the OS
TrustBase Architecture
TrustBase Architecture
Traffic Interception (Linux)
Sock
et A
PI
TCP
Han
dlin
g
connect
writesend
sendmsgsendmmsg
readrecv
recvmsgrecvmmsg
closeshutdown
Handler API
bull Loadable kernel module
bull Hooks into native transport protocol functionality
bull Provides generic inspectionmodification API
Evaluation
Coverage
Hardening
bull Unprivileged malware cannot unload interception
bull CAP_NET_RAW is required to use raw sockets (default) and to bypass TrustBase interception
bull CAP_NET_ADMIN required to receive and respond to queries
bull Configuration is writable only by privileged users
bull Daemons run nonroot with only required permissions
Performance
Other Approaches
CertShim [Bates et al CCS 2014]
Benefitsbull Transparently intercept TLS library calls (LD_PRELOAD)bull Low overhead
Limitationsbull Dynamic linked libraries onlybull User-level attacker can disable
TrustBase Information
bull Source code httpsgithubcommarkoneilltrustbase-linux
bull Pull requests welcome
bull Project website httpsowntrustorg
bull Contact mtobyuedu
Linux Android Win10
Future - Layering-Aware Applications
TrustBasebull Application API
bull Secure Socket Type
MessageGuardbull Customize for websites
bull Key management
bull Email API for encrypted attachments
Summary
Remove security functionality burden from developers
Layer security at control points
Risks and Rewards
Risksbull Bugs are global
bull Disruption is a DOS
Rewardsbull Correctness
bull Many eyeballs
bull Easier path to fix flaws
bull Updates are global
bull More rapid deployment of new security features
Risks amp Rewards Example ndash TLS Inspection
Source Durumeric et al The Security Impact of HTTPS Interception NDSS 2017
Risks amp Rewards Example ndash TLS Inspection
Source Durumeric et al The Security Impact of HTTPS Interception NDSS 2017
Future Applications in our Research
Password authenticationbull Password monitoring
bull Strong password protocols
Content-based encryption and signing of web content
Funding Acknowledgement
This material is based upon work supported by the National Science Foundation under Grant No CNS-1528022Any opinions findings and conclusions or recommendations expressed in this material are those of the author(s) and do not necessarily reflect the views of the National Science Foundation
This material is based on research sponsored by the Department of Homeland Security (DHS) Science and Technology DirectorateCyber Security Division (DHS SampTCSD) via contract number HHSP233201600046CThe views and conclusions contained herein are those of the authors and should not be interpreted as necessarily representing the official policies or endorsements either expressed or implied of the Department of Homeland Security
Questions
![Page 2: Layering Security at Global Control Points to Secure ......Layering Security at Global Control Points to Secure Unmodified Software Scott Ruoti MIT Lincoln Laboratory* Kent Seamons,](https://reader033.fdocuments.us/reader033/viewer/2022041922/5e6c871238dc2c12146ebae9/html5/thumbnails/2.jpg)
Problems with Application Software Security
bull Lack of cybersecurity-trained architects and developers
bull Security flaws
bull Difficult to patch vulnerabilities
bull Legacy software
Legacy Software
bull Even secure software may eventually no longer be supported
bull Hard to sustain security effort indefinitely
Partial Solution ndash Security Libraries
Limitation Usually requires expertise to use correctly
OAuthbull 60 of 149 mobile apps using OAuth studied were vulnerable
[Chen et al OAuth demystified for mobile application developers CCS 2014]
SSLTLSbull Badly designed APIs and libraries
[Georgiev et al The most dangerous code in the world CCS 2012]
bull 8 of apps in the study were vulnerable to MitM attack[Fahl et al Why Eve and Mallory love Android CCS 2012]
Solution Layered Security Paradigm
Implement security at global control points OS Browser Firewalls
1 Password
4 Password success
2 Two-factor Auth
3 Two-factor success
1 HTTP
4 Data
2 HTTPS
3 Data
1 File request
4 Decrypted file
2 File request
3 Encrypted file
GlobalControlPoints
Not a New Idea ndash Other Examples
bull Anti-virus
bull Spam filtering
bull Intrusion detection
bull Compilerbull Stack canaries
bull Pointer protection
bull Middleboxbull TLS inspection
bull Blacklisting
Use Cases from Our Research
MessageGuard End-to-end encryption in the browser
TrustBase TLS certificate-based authentication in the OS
MessageGuard
ldquoWersquore on the Same Pagerdquo A Usability Study of Secure Email Using Pairs of Novice UsersS Ruoti J Andersen S Heidbrink M ONeill E Vaziripour J Wu D Zappala and K SeamonsACM Conference on Human Factors in Computing Systems (CHI 2016) Honorable Mention Award
Private Webmail 20 Simple and Easy-to-Use Secure EmailS Ruoti J Andersen T Hendershot D Zappala and K SeamonsACM User Interface Software and Technology Symposium (UIST 2016)
Confused Johnny When Automatic Encryption Leads to Confusion and MistakesS Ruoti N Kim B Burgon TW van der Horst and K Seamons Symposium on Usable Privacy and Security (SOUPS 2013)
Private Facebook ChatC Robison S Ruoti T W van der Horst and K E SeamonsInternational Conference on Privacy Security Risk and Trust (PASSAT 2012) and International Conference on Social Computing (SocialCom 2012)
MessageGuard ndash Key Features
Overlay all text input fields with end-to-end encryption
Provides secure messaging across the web
Distributed as a browser extension
9
Extensible key management
bull PGP IBE passwords etc
Extensible front-end
bull Gmail Facebook Outlook etc
A common user interface
MessageGuard Architecture
Evaluation
Coverage and Performance
MessageGuard runs on all major browsersbull Desktop Chrome Firefox IE Opera Safaribull Android Chrome Firefox Operabull iOS Chrome Mercury Safari
MessageGuard encrypts data on almost all of the Alexa top 50 websitesbull youtubecom the only site with an issue
five lines of customization code to fix
Negligible overhead
Usability Scores
Other Approaches
ShadowCrypt [CCS 2014]bull End-to-end encryption for web applicationsbull Leverage the Shadow DOM as a control point
Mimesis Aegis [Usenix Security 2014]bull End-to-end encryption on mobile appsbull Leverages the accessibility layer as a control point
MessageGuard Information
bull Source code httpsbitbucketorgisrlemailmessageguardbull Pull requests welcome
bull Project website httpsisrlbyueduprojectsemail
bull Plug-ins available https[pgpibepasswords]messageguardio
bull Contact scottruotiorg
TrustBase
TrustBase An Architecture to Repair and Strengthen Certificate-Based AuthenticationM OrsquoNeill S Heidbrink S Ruoti J Whitehead D Bunker L Dickinson T Hendershot J Reynolds K Seamons D ZappalaUSENIX Security Symposium 2017
TLS Inspection How Often and Who Cares M OrsquoNeill S Ruoti K Seamons D ZappalaIEEE Internet Computing MayJune 2017
TLS Proxies Friend or FoeM OrsquoNeill S Ruoti K Seamons D ZappalaACM Internet Measurement Conference (IMC 2016)
User Attitudes Toward the Inspection of Encrypted TrafficS Ruoti M OrsquoNeill D Zappala K SeamonsSymposium on Usable Privacy and Security (SOUPS 2016)
TrustBase
bull Motivating principlesbull Centralize authentication as an OS service
bull Empower system admins to dictate how trust decisions are made on their own machines
bull Design goalsbull Secure all existing applications
bull Prohibit unprivileged applications from acting against administrator rules
bull Provide easy deployment of authentication systems
bull Negligible overhead
API
TrustBase
Transport
Network
helliphellip
Application
Validation
Plugins
Prototypes forbull Linuxbull Android (nonrooted)bull Windows
Moving Trust to the OS
TrustBase Architecture
TrustBase Architecture
Traffic Interception (Linux)
Sock
et A
PI
TCP
Han
dlin
g
connect
writesend
sendmsgsendmmsg
readrecv
recvmsgrecvmmsg
closeshutdown
Handler API
bull Loadable kernel module
bull Hooks into native transport protocol functionality
bull Provides generic inspectionmodification API
Evaluation
Coverage
Hardening
bull Unprivileged malware cannot unload interception
bull CAP_NET_RAW is required to use raw sockets (default) and to bypass TrustBase interception
bull CAP_NET_ADMIN required to receive and respond to queries
bull Configuration is writable only by privileged users
bull Daemons run nonroot with only required permissions
Performance
Other Approaches
CertShim [Bates et al CCS 2014]
Benefitsbull Transparently intercept TLS library calls (LD_PRELOAD)bull Low overhead
Limitationsbull Dynamic linked libraries onlybull User-level attacker can disable
TrustBase Information
bull Source code httpsgithubcommarkoneilltrustbase-linux
bull Pull requests welcome
bull Project website httpsowntrustorg
bull Contact mtobyuedu
Linux Android Win10
Future - Layering-Aware Applications
TrustBasebull Application API
bull Secure Socket Type
MessageGuardbull Customize for websites
bull Key management
bull Email API for encrypted attachments
Summary
Remove security functionality burden from developers
Layer security at control points
Risks and Rewards
Risksbull Bugs are global
bull Disruption is a DOS
Rewardsbull Correctness
bull Many eyeballs
bull Easier path to fix flaws
bull Updates are global
bull More rapid deployment of new security features
Risks amp Rewards Example ndash TLS Inspection
Source Durumeric et al The Security Impact of HTTPS Interception NDSS 2017
Risks amp Rewards Example ndash TLS Inspection
Source Durumeric et al The Security Impact of HTTPS Interception NDSS 2017
Future Applications in our Research
Password authenticationbull Password monitoring
bull Strong password protocols
Content-based encryption and signing of web content
Funding Acknowledgement
This material is based upon work supported by the National Science Foundation under Grant No CNS-1528022Any opinions findings and conclusions or recommendations expressed in this material are those of the author(s) and do not necessarily reflect the views of the National Science Foundation
This material is based on research sponsored by the Department of Homeland Security (DHS) Science and Technology DirectorateCyber Security Division (DHS SampTCSD) via contract number HHSP233201600046CThe views and conclusions contained herein are those of the authors and should not be interpreted as necessarily representing the official policies or endorsements either expressed or implied of the Department of Homeland Security
Questions
![Page 3: Layering Security at Global Control Points to Secure ......Layering Security at Global Control Points to Secure Unmodified Software Scott Ruoti MIT Lincoln Laboratory* Kent Seamons,](https://reader033.fdocuments.us/reader033/viewer/2022041922/5e6c871238dc2c12146ebae9/html5/thumbnails/3.jpg)
Legacy Software
bull Even secure software may eventually no longer be supported
bull Hard to sustain security effort indefinitely
Partial Solution ndash Security Libraries
Limitation Usually requires expertise to use correctly
OAuthbull 60 of 149 mobile apps using OAuth studied were vulnerable
[Chen et al OAuth demystified for mobile application developers CCS 2014]
SSLTLSbull Badly designed APIs and libraries
[Georgiev et al The most dangerous code in the world CCS 2012]
bull 8 of apps in the study were vulnerable to MitM attack[Fahl et al Why Eve and Mallory love Android CCS 2012]
Solution Layered Security Paradigm
Implement security at global control points OS Browser Firewalls
1 Password
4 Password success
2 Two-factor Auth
3 Two-factor success
1 HTTP
4 Data
2 HTTPS
3 Data
1 File request
4 Decrypted file
2 File request
3 Encrypted file
GlobalControlPoints
Not a New Idea ndash Other Examples
bull Anti-virus
bull Spam filtering
bull Intrusion detection
bull Compilerbull Stack canaries
bull Pointer protection
bull Middleboxbull TLS inspection
bull Blacklisting
Use Cases from Our Research
MessageGuard End-to-end encryption in the browser
TrustBase TLS certificate-based authentication in the OS
MessageGuard
ldquoWersquore on the Same Pagerdquo A Usability Study of Secure Email Using Pairs of Novice UsersS Ruoti J Andersen S Heidbrink M ONeill E Vaziripour J Wu D Zappala and K SeamonsACM Conference on Human Factors in Computing Systems (CHI 2016) Honorable Mention Award
Private Webmail 20 Simple and Easy-to-Use Secure EmailS Ruoti J Andersen T Hendershot D Zappala and K SeamonsACM User Interface Software and Technology Symposium (UIST 2016)
Confused Johnny When Automatic Encryption Leads to Confusion and MistakesS Ruoti N Kim B Burgon TW van der Horst and K Seamons Symposium on Usable Privacy and Security (SOUPS 2013)
Private Facebook ChatC Robison S Ruoti T W van der Horst and K E SeamonsInternational Conference on Privacy Security Risk and Trust (PASSAT 2012) and International Conference on Social Computing (SocialCom 2012)
MessageGuard ndash Key Features
Overlay all text input fields with end-to-end encryption
Provides secure messaging across the web
Distributed as a browser extension
9
Extensible key management
bull PGP IBE passwords etc
Extensible front-end
bull Gmail Facebook Outlook etc
A common user interface
MessageGuard Architecture
Evaluation
Coverage and Performance
MessageGuard runs on all major browsersbull Desktop Chrome Firefox IE Opera Safaribull Android Chrome Firefox Operabull iOS Chrome Mercury Safari
MessageGuard encrypts data on almost all of the Alexa top 50 websitesbull youtubecom the only site with an issue
five lines of customization code to fix
Negligible overhead
Usability Scores
Other Approaches
ShadowCrypt [CCS 2014]bull End-to-end encryption for web applicationsbull Leverage the Shadow DOM as a control point
Mimesis Aegis [Usenix Security 2014]bull End-to-end encryption on mobile appsbull Leverages the accessibility layer as a control point
MessageGuard Information
bull Source code httpsbitbucketorgisrlemailmessageguardbull Pull requests welcome
bull Project website httpsisrlbyueduprojectsemail
bull Plug-ins available https[pgpibepasswords]messageguardio
bull Contact scottruotiorg
TrustBase
TrustBase An Architecture to Repair and Strengthen Certificate-Based AuthenticationM OrsquoNeill S Heidbrink S Ruoti J Whitehead D Bunker L Dickinson T Hendershot J Reynolds K Seamons D ZappalaUSENIX Security Symposium 2017
TLS Inspection How Often and Who Cares M OrsquoNeill S Ruoti K Seamons D ZappalaIEEE Internet Computing MayJune 2017
TLS Proxies Friend or FoeM OrsquoNeill S Ruoti K Seamons D ZappalaACM Internet Measurement Conference (IMC 2016)
User Attitudes Toward the Inspection of Encrypted TrafficS Ruoti M OrsquoNeill D Zappala K SeamonsSymposium on Usable Privacy and Security (SOUPS 2016)
TrustBase
bull Motivating principlesbull Centralize authentication as an OS service
bull Empower system admins to dictate how trust decisions are made on their own machines
bull Design goalsbull Secure all existing applications
bull Prohibit unprivileged applications from acting against administrator rules
bull Provide easy deployment of authentication systems
bull Negligible overhead
API
TrustBase
Transport
Network
helliphellip
Application
Validation
Plugins
Prototypes forbull Linuxbull Android (nonrooted)bull Windows
Moving Trust to the OS
TrustBase Architecture
TrustBase Architecture
Traffic Interception (Linux)
Sock
et A
PI
TCP
Han
dlin
g
connect
writesend
sendmsgsendmmsg
readrecv
recvmsgrecvmmsg
closeshutdown
Handler API
bull Loadable kernel module
bull Hooks into native transport protocol functionality
bull Provides generic inspectionmodification API
Evaluation
Coverage
Hardening
bull Unprivileged malware cannot unload interception
bull CAP_NET_RAW is required to use raw sockets (default) and to bypass TrustBase interception
bull CAP_NET_ADMIN required to receive and respond to queries
bull Configuration is writable only by privileged users
bull Daemons run nonroot with only required permissions
Performance
Other Approaches
CertShim [Bates et al CCS 2014]
Benefitsbull Transparently intercept TLS library calls (LD_PRELOAD)bull Low overhead
Limitationsbull Dynamic linked libraries onlybull User-level attacker can disable
TrustBase Information
bull Source code httpsgithubcommarkoneilltrustbase-linux
bull Pull requests welcome
bull Project website httpsowntrustorg
bull Contact mtobyuedu
Linux Android Win10
Future - Layering-Aware Applications
TrustBasebull Application API
bull Secure Socket Type
MessageGuardbull Customize for websites
bull Key management
bull Email API for encrypted attachments
Summary
Remove security functionality burden from developers
Layer security at control points
Risks and Rewards
Risksbull Bugs are global
bull Disruption is a DOS
Rewardsbull Correctness
bull Many eyeballs
bull Easier path to fix flaws
bull Updates are global
bull More rapid deployment of new security features
Risks amp Rewards Example ndash TLS Inspection
Source Durumeric et al The Security Impact of HTTPS Interception NDSS 2017
Risks amp Rewards Example ndash TLS Inspection
Source Durumeric et al The Security Impact of HTTPS Interception NDSS 2017
Future Applications in our Research
Password authenticationbull Password monitoring
bull Strong password protocols
Content-based encryption and signing of web content
Funding Acknowledgement
This material is based upon work supported by the National Science Foundation under Grant No CNS-1528022Any opinions findings and conclusions or recommendations expressed in this material are those of the author(s) and do not necessarily reflect the views of the National Science Foundation
This material is based on research sponsored by the Department of Homeland Security (DHS) Science and Technology DirectorateCyber Security Division (DHS SampTCSD) via contract number HHSP233201600046CThe views and conclusions contained herein are those of the authors and should not be interpreted as necessarily representing the official policies or endorsements either expressed or implied of the Department of Homeland Security
Questions
![Page 4: Layering Security at Global Control Points to Secure ......Layering Security at Global Control Points to Secure Unmodified Software Scott Ruoti MIT Lincoln Laboratory* Kent Seamons,](https://reader033.fdocuments.us/reader033/viewer/2022041922/5e6c871238dc2c12146ebae9/html5/thumbnails/4.jpg)
Partial Solution ndash Security Libraries
Limitation Usually requires expertise to use correctly
OAuthbull 60 of 149 mobile apps using OAuth studied were vulnerable
[Chen et al OAuth demystified for mobile application developers CCS 2014]
SSLTLSbull Badly designed APIs and libraries
[Georgiev et al The most dangerous code in the world CCS 2012]
bull 8 of apps in the study were vulnerable to MitM attack[Fahl et al Why Eve and Mallory love Android CCS 2012]
Solution Layered Security Paradigm
Implement security at global control points OS Browser Firewalls
1 Password
4 Password success
2 Two-factor Auth
3 Two-factor success
1 HTTP
4 Data
2 HTTPS
3 Data
1 File request
4 Decrypted file
2 File request
3 Encrypted file
GlobalControlPoints
Not a New Idea ndash Other Examples
bull Anti-virus
bull Spam filtering
bull Intrusion detection
bull Compilerbull Stack canaries
bull Pointer protection
bull Middleboxbull TLS inspection
bull Blacklisting
Use Cases from Our Research
MessageGuard End-to-end encryption in the browser
TrustBase TLS certificate-based authentication in the OS
MessageGuard
ldquoWersquore on the Same Pagerdquo A Usability Study of Secure Email Using Pairs of Novice UsersS Ruoti J Andersen S Heidbrink M ONeill E Vaziripour J Wu D Zappala and K SeamonsACM Conference on Human Factors in Computing Systems (CHI 2016) Honorable Mention Award
Private Webmail 20 Simple and Easy-to-Use Secure EmailS Ruoti J Andersen T Hendershot D Zappala and K SeamonsACM User Interface Software and Technology Symposium (UIST 2016)
Confused Johnny When Automatic Encryption Leads to Confusion and MistakesS Ruoti N Kim B Burgon TW van der Horst and K Seamons Symposium on Usable Privacy and Security (SOUPS 2013)
Private Facebook ChatC Robison S Ruoti T W van der Horst and K E SeamonsInternational Conference on Privacy Security Risk and Trust (PASSAT 2012) and International Conference on Social Computing (SocialCom 2012)
MessageGuard ndash Key Features
Overlay all text input fields with end-to-end encryption
Provides secure messaging across the web
Distributed as a browser extension
9
Extensible key management
bull PGP IBE passwords etc
Extensible front-end
bull Gmail Facebook Outlook etc
A common user interface
MessageGuard Architecture
Evaluation
Coverage and Performance
MessageGuard runs on all major browsersbull Desktop Chrome Firefox IE Opera Safaribull Android Chrome Firefox Operabull iOS Chrome Mercury Safari
MessageGuard encrypts data on almost all of the Alexa top 50 websitesbull youtubecom the only site with an issue
five lines of customization code to fix
Negligible overhead
Usability Scores
Other Approaches
ShadowCrypt [CCS 2014]bull End-to-end encryption for web applicationsbull Leverage the Shadow DOM as a control point
Mimesis Aegis [Usenix Security 2014]bull End-to-end encryption on mobile appsbull Leverages the accessibility layer as a control point
MessageGuard Information
bull Source code httpsbitbucketorgisrlemailmessageguardbull Pull requests welcome
bull Project website httpsisrlbyueduprojectsemail
bull Plug-ins available https[pgpibepasswords]messageguardio
bull Contact scottruotiorg
TrustBase
TrustBase An Architecture to Repair and Strengthen Certificate-Based AuthenticationM OrsquoNeill S Heidbrink S Ruoti J Whitehead D Bunker L Dickinson T Hendershot J Reynolds K Seamons D ZappalaUSENIX Security Symposium 2017
TLS Inspection How Often and Who Cares M OrsquoNeill S Ruoti K Seamons D ZappalaIEEE Internet Computing MayJune 2017
TLS Proxies Friend or FoeM OrsquoNeill S Ruoti K Seamons D ZappalaACM Internet Measurement Conference (IMC 2016)
User Attitudes Toward the Inspection of Encrypted TrafficS Ruoti M OrsquoNeill D Zappala K SeamonsSymposium on Usable Privacy and Security (SOUPS 2016)
TrustBase
bull Motivating principlesbull Centralize authentication as an OS service
bull Empower system admins to dictate how trust decisions are made on their own machines
bull Design goalsbull Secure all existing applications
bull Prohibit unprivileged applications from acting against administrator rules
bull Provide easy deployment of authentication systems
bull Negligible overhead
API
TrustBase
Transport
Network
helliphellip
Application
Validation
Plugins
Prototypes forbull Linuxbull Android (nonrooted)bull Windows
Moving Trust to the OS
TrustBase Architecture
TrustBase Architecture
Traffic Interception (Linux)
Sock
et A
PI
TCP
Han
dlin
g
connect
writesend
sendmsgsendmmsg
readrecv
recvmsgrecvmmsg
closeshutdown
Handler API
bull Loadable kernel module
bull Hooks into native transport protocol functionality
bull Provides generic inspectionmodification API
Evaluation
Coverage
Hardening
bull Unprivileged malware cannot unload interception
bull CAP_NET_RAW is required to use raw sockets (default) and to bypass TrustBase interception
bull CAP_NET_ADMIN required to receive and respond to queries
bull Configuration is writable only by privileged users
bull Daemons run nonroot with only required permissions
Performance
Other Approaches
CertShim [Bates et al CCS 2014]
Benefitsbull Transparently intercept TLS library calls (LD_PRELOAD)bull Low overhead
Limitationsbull Dynamic linked libraries onlybull User-level attacker can disable
TrustBase Information
bull Source code httpsgithubcommarkoneilltrustbase-linux
bull Pull requests welcome
bull Project website httpsowntrustorg
bull Contact mtobyuedu
Linux Android Win10
Future - Layering-Aware Applications
TrustBasebull Application API
bull Secure Socket Type
MessageGuardbull Customize for websites
bull Key management
bull Email API for encrypted attachments
Summary
Remove security functionality burden from developers
Layer security at control points
Risks and Rewards
Risksbull Bugs are global
bull Disruption is a DOS
Rewardsbull Correctness
bull Many eyeballs
bull Easier path to fix flaws
bull Updates are global
bull More rapid deployment of new security features
Risks amp Rewards Example ndash TLS Inspection
Source Durumeric et al The Security Impact of HTTPS Interception NDSS 2017
Risks amp Rewards Example ndash TLS Inspection
Source Durumeric et al The Security Impact of HTTPS Interception NDSS 2017
Future Applications in our Research
Password authenticationbull Password monitoring
bull Strong password protocols
Content-based encryption and signing of web content
Funding Acknowledgement
This material is based upon work supported by the National Science Foundation under Grant No CNS-1528022Any opinions findings and conclusions or recommendations expressed in this material are those of the author(s) and do not necessarily reflect the views of the National Science Foundation
This material is based on research sponsored by the Department of Homeland Security (DHS) Science and Technology DirectorateCyber Security Division (DHS SampTCSD) via contract number HHSP233201600046CThe views and conclusions contained herein are those of the authors and should not be interpreted as necessarily representing the official policies or endorsements either expressed or implied of the Department of Homeland Security
Questions
![Page 5: Layering Security at Global Control Points to Secure ......Layering Security at Global Control Points to Secure Unmodified Software Scott Ruoti MIT Lincoln Laboratory* Kent Seamons,](https://reader033.fdocuments.us/reader033/viewer/2022041922/5e6c871238dc2c12146ebae9/html5/thumbnails/5.jpg)
Solution Layered Security Paradigm
Implement security at global control points OS Browser Firewalls
1 Password
4 Password success
2 Two-factor Auth
3 Two-factor success
1 HTTP
4 Data
2 HTTPS
3 Data
1 File request
4 Decrypted file
2 File request
3 Encrypted file
GlobalControlPoints
Not a New Idea ndash Other Examples
bull Anti-virus
bull Spam filtering
bull Intrusion detection
bull Compilerbull Stack canaries
bull Pointer protection
bull Middleboxbull TLS inspection
bull Blacklisting
Use Cases from Our Research
MessageGuard End-to-end encryption in the browser
TrustBase TLS certificate-based authentication in the OS
MessageGuard
ldquoWersquore on the Same Pagerdquo A Usability Study of Secure Email Using Pairs of Novice UsersS Ruoti J Andersen S Heidbrink M ONeill E Vaziripour J Wu D Zappala and K SeamonsACM Conference on Human Factors in Computing Systems (CHI 2016) Honorable Mention Award
Private Webmail 20 Simple and Easy-to-Use Secure EmailS Ruoti J Andersen T Hendershot D Zappala and K SeamonsACM User Interface Software and Technology Symposium (UIST 2016)
Confused Johnny When Automatic Encryption Leads to Confusion and MistakesS Ruoti N Kim B Burgon TW van der Horst and K Seamons Symposium on Usable Privacy and Security (SOUPS 2013)
Private Facebook ChatC Robison S Ruoti T W van der Horst and K E SeamonsInternational Conference on Privacy Security Risk and Trust (PASSAT 2012) and International Conference on Social Computing (SocialCom 2012)
MessageGuard ndash Key Features
Overlay all text input fields with end-to-end encryption
Provides secure messaging across the web
Distributed as a browser extension
9
Extensible key management
bull PGP IBE passwords etc
Extensible front-end
bull Gmail Facebook Outlook etc
A common user interface
MessageGuard Architecture
Evaluation
Coverage and Performance
MessageGuard runs on all major browsersbull Desktop Chrome Firefox IE Opera Safaribull Android Chrome Firefox Operabull iOS Chrome Mercury Safari
MessageGuard encrypts data on almost all of the Alexa top 50 websitesbull youtubecom the only site with an issue
five lines of customization code to fix
Negligible overhead
Usability Scores
Other Approaches
ShadowCrypt [CCS 2014]bull End-to-end encryption for web applicationsbull Leverage the Shadow DOM as a control point
Mimesis Aegis [Usenix Security 2014]bull End-to-end encryption on mobile appsbull Leverages the accessibility layer as a control point
MessageGuard Information
bull Source code httpsbitbucketorgisrlemailmessageguardbull Pull requests welcome
bull Project website httpsisrlbyueduprojectsemail
bull Plug-ins available https[pgpibepasswords]messageguardio
bull Contact scottruotiorg
TrustBase
TrustBase An Architecture to Repair and Strengthen Certificate-Based AuthenticationM OrsquoNeill S Heidbrink S Ruoti J Whitehead D Bunker L Dickinson T Hendershot J Reynolds K Seamons D ZappalaUSENIX Security Symposium 2017
TLS Inspection How Often and Who Cares M OrsquoNeill S Ruoti K Seamons D ZappalaIEEE Internet Computing MayJune 2017
TLS Proxies Friend or FoeM OrsquoNeill S Ruoti K Seamons D ZappalaACM Internet Measurement Conference (IMC 2016)
User Attitudes Toward the Inspection of Encrypted TrafficS Ruoti M OrsquoNeill D Zappala K SeamonsSymposium on Usable Privacy and Security (SOUPS 2016)
TrustBase
bull Motivating principlesbull Centralize authentication as an OS service
bull Empower system admins to dictate how trust decisions are made on their own machines
bull Design goalsbull Secure all existing applications
bull Prohibit unprivileged applications from acting against administrator rules
bull Provide easy deployment of authentication systems
bull Negligible overhead
API
TrustBase
Transport
Network
helliphellip
Application
Validation
Plugins
Prototypes forbull Linuxbull Android (nonrooted)bull Windows
Moving Trust to the OS
TrustBase Architecture
TrustBase Architecture
Traffic Interception (Linux)
Sock
et A
PI
TCP
Han
dlin
g
connect
writesend
sendmsgsendmmsg
readrecv
recvmsgrecvmmsg
closeshutdown
Handler API
bull Loadable kernel module
bull Hooks into native transport protocol functionality
bull Provides generic inspectionmodification API
Evaluation
Coverage
Hardening
bull Unprivileged malware cannot unload interception
bull CAP_NET_RAW is required to use raw sockets (default) and to bypass TrustBase interception
bull CAP_NET_ADMIN required to receive and respond to queries
bull Configuration is writable only by privileged users
bull Daemons run nonroot with only required permissions
Performance
Other Approaches
CertShim [Bates et al CCS 2014]
Benefitsbull Transparently intercept TLS library calls (LD_PRELOAD)bull Low overhead
Limitationsbull Dynamic linked libraries onlybull User-level attacker can disable
TrustBase Information
bull Source code httpsgithubcommarkoneilltrustbase-linux
bull Pull requests welcome
bull Project website httpsowntrustorg
bull Contact mtobyuedu
Linux Android Win10
Future - Layering-Aware Applications
TrustBasebull Application API
bull Secure Socket Type
MessageGuardbull Customize for websites
bull Key management
bull Email API for encrypted attachments
Summary
Remove security functionality burden from developers
Layer security at control points
Risks and Rewards
Risksbull Bugs are global
bull Disruption is a DOS
Rewardsbull Correctness
bull Many eyeballs
bull Easier path to fix flaws
bull Updates are global
bull More rapid deployment of new security features
Risks amp Rewards Example ndash TLS Inspection
Source Durumeric et al The Security Impact of HTTPS Interception NDSS 2017
Risks amp Rewards Example ndash TLS Inspection
Source Durumeric et al The Security Impact of HTTPS Interception NDSS 2017
Future Applications in our Research
Password authenticationbull Password monitoring
bull Strong password protocols
Content-based encryption and signing of web content
Funding Acknowledgement
This material is based upon work supported by the National Science Foundation under Grant No CNS-1528022Any opinions findings and conclusions or recommendations expressed in this material are those of the author(s) and do not necessarily reflect the views of the National Science Foundation
This material is based on research sponsored by the Department of Homeland Security (DHS) Science and Technology DirectorateCyber Security Division (DHS SampTCSD) via contract number HHSP233201600046CThe views and conclusions contained herein are those of the authors and should not be interpreted as necessarily representing the official policies or endorsements either expressed or implied of the Department of Homeland Security
Questions
![Page 6: Layering Security at Global Control Points to Secure ......Layering Security at Global Control Points to Secure Unmodified Software Scott Ruoti MIT Lincoln Laboratory* Kent Seamons,](https://reader033.fdocuments.us/reader033/viewer/2022041922/5e6c871238dc2c12146ebae9/html5/thumbnails/6.jpg)
Not a New Idea ndash Other Examples
bull Anti-virus
bull Spam filtering
bull Intrusion detection
bull Compilerbull Stack canaries
bull Pointer protection
bull Middleboxbull TLS inspection
bull Blacklisting
Use Cases from Our Research
MessageGuard End-to-end encryption in the browser
TrustBase TLS certificate-based authentication in the OS
MessageGuard
ldquoWersquore on the Same Pagerdquo A Usability Study of Secure Email Using Pairs of Novice UsersS Ruoti J Andersen S Heidbrink M ONeill E Vaziripour J Wu D Zappala and K SeamonsACM Conference on Human Factors in Computing Systems (CHI 2016) Honorable Mention Award
Private Webmail 20 Simple and Easy-to-Use Secure EmailS Ruoti J Andersen T Hendershot D Zappala and K SeamonsACM User Interface Software and Technology Symposium (UIST 2016)
Confused Johnny When Automatic Encryption Leads to Confusion and MistakesS Ruoti N Kim B Burgon TW van der Horst and K Seamons Symposium on Usable Privacy and Security (SOUPS 2013)
Private Facebook ChatC Robison S Ruoti T W van der Horst and K E SeamonsInternational Conference on Privacy Security Risk and Trust (PASSAT 2012) and International Conference on Social Computing (SocialCom 2012)
MessageGuard ndash Key Features
Overlay all text input fields with end-to-end encryption
Provides secure messaging across the web
Distributed as a browser extension
9
Extensible key management
bull PGP IBE passwords etc
Extensible front-end
bull Gmail Facebook Outlook etc
A common user interface
MessageGuard Architecture
Evaluation
Coverage and Performance
MessageGuard runs on all major browsersbull Desktop Chrome Firefox IE Opera Safaribull Android Chrome Firefox Operabull iOS Chrome Mercury Safari
MessageGuard encrypts data on almost all of the Alexa top 50 websitesbull youtubecom the only site with an issue
five lines of customization code to fix
Negligible overhead
Usability Scores
Other Approaches
ShadowCrypt [CCS 2014]bull End-to-end encryption for web applicationsbull Leverage the Shadow DOM as a control point
Mimesis Aegis [Usenix Security 2014]bull End-to-end encryption on mobile appsbull Leverages the accessibility layer as a control point
MessageGuard Information
bull Source code httpsbitbucketorgisrlemailmessageguardbull Pull requests welcome
bull Project website httpsisrlbyueduprojectsemail
bull Plug-ins available https[pgpibepasswords]messageguardio
bull Contact scottruotiorg
TrustBase
TrustBase An Architecture to Repair and Strengthen Certificate-Based AuthenticationM OrsquoNeill S Heidbrink S Ruoti J Whitehead D Bunker L Dickinson T Hendershot J Reynolds K Seamons D ZappalaUSENIX Security Symposium 2017
TLS Inspection How Often and Who Cares M OrsquoNeill S Ruoti K Seamons D ZappalaIEEE Internet Computing MayJune 2017
TLS Proxies Friend or FoeM OrsquoNeill S Ruoti K Seamons D ZappalaACM Internet Measurement Conference (IMC 2016)
User Attitudes Toward the Inspection of Encrypted TrafficS Ruoti M OrsquoNeill D Zappala K SeamonsSymposium on Usable Privacy and Security (SOUPS 2016)
TrustBase
bull Motivating principlesbull Centralize authentication as an OS service
bull Empower system admins to dictate how trust decisions are made on their own machines
bull Design goalsbull Secure all existing applications
bull Prohibit unprivileged applications from acting against administrator rules
bull Provide easy deployment of authentication systems
bull Negligible overhead
API
TrustBase
Transport
Network
helliphellip
Application
Validation
Plugins
Prototypes forbull Linuxbull Android (nonrooted)bull Windows
Moving Trust to the OS
TrustBase Architecture
TrustBase Architecture
Traffic Interception (Linux)
Sock
et A
PI
TCP
Han
dlin
g
connect
writesend
sendmsgsendmmsg
readrecv
recvmsgrecvmmsg
closeshutdown
Handler API
bull Loadable kernel module
bull Hooks into native transport protocol functionality
bull Provides generic inspectionmodification API
Evaluation
Coverage
Hardening
bull Unprivileged malware cannot unload interception
bull CAP_NET_RAW is required to use raw sockets (default) and to bypass TrustBase interception
bull CAP_NET_ADMIN required to receive and respond to queries
bull Configuration is writable only by privileged users
bull Daemons run nonroot with only required permissions
Performance
Other Approaches
CertShim [Bates et al CCS 2014]
Benefitsbull Transparently intercept TLS library calls (LD_PRELOAD)bull Low overhead
Limitationsbull Dynamic linked libraries onlybull User-level attacker can disable
TrustBase Information
bull Source code httpsgithubcommarkoneilltrustbase-linux
bull Pull requests welcome
bull Project website httpsowntrustorg
bull Contact mtobyuedu
Linux Android Win10
Future - Layering-Aware Applications
TrustBasebull Application API
bull Secure Socket Type
MessageGuardbull Customize for websites
bull Key management
bull Email API for encrypted attachments
Summary
Remove security functionality burden from developers
Layer security at control points
Risks and Rewards
Risksbull Bugs are global
bull Disruption is a DOS
Rewardsbull Correctness
bull Many eyeballs
bull Easier path to fix flaws
bull Updates are global
bull More rapid deployment of new security features
Risks amp Rewards Example ndash TLS Inspection
Source Durumeric et al The Security Impact of HTTPS Interception NDSS 2017
Risks amp Rewards Example ndash TLS Inspection
Source Durumeric et al The Security Impact of HTTPS Interception NDSS 2017
Future Applications in our Research
Password authenticationbull Password monitoring
bull Strong password protocols
Content-based encryption and signing of web content
Funding Acknowledgement
This material is based upon work supported by the National Science Foundation under Grant No CNS-1528022Any opinions findings and conclusions or recommendations expressed in this material are those of the author(s) and do not necessarily reflect the views of the National Science Foundation
This material is based on research sponsored by the Department of Homeland Security (DHS) Science and Technology DirectorateCyber Security Division (DHS SampTCSD) via contract number HHSP233201600046CThe views and conclusions contained herein are those of the authors and should not be interpreted as necessarily representing the official policies or endorsements either expressed or implied of the Department of Homeland Security
Questions
![Page 7: Layering Security at Global Control Points to Secure ......Layering Security at Global Control Points to Secure Unmodified Software Scott Ruoti MIT Lincoln Laboratory* Kent Seamons,](https://reader033.fdocuments.us/reader033/viewer/2022041922/5e6c871238dc2c12146ebae9/html5/thumbnails/7.jpg)
Use Cases from Our Research
MessageGuard End-to-end encryption in the browser
TrustBase TLS certificate-based authentication in the OS
MessageGuard
ldquoWersquore on the Same Pagerdquo A Usability Study of Secure Email Using Pairs of Novice UsersS Ruoti J Andersen S Heidbrink M ONeill E Vaziripour J Wu D Zappala and K SeamonsACM Conference on Human Factors in Computing Systems (CHI 2016) Honorable Mention Award
Private Webmail 20 Simple and Easy-to-Use Secure EmailS Ruoti J Andersen T Hendershot D Zappala and K SeamonsACM User Interface Software and Technology Symposium (UIST 2016)
Confused Johnny When Automatic Encryption Leads to Confusion and MistakesS Ruoti N Kim B Burgon TW van der Horst and K Seamons Symposium on Usable Privacy and Security (SOUPS 2013)
Private Facebook ChatC Robison S Ruoti T W van der Horst and K E SeamonsInternational Conference on Privacy Security Risk and Trust (PASSAT 2012) and International Conference on Social Computing (SocialCom 2012)
MessageGuard ndash Key Features
Overlay all text input fields with end-to-end encryption
Provides secure messaging across the web
Distributed as a browser extension
9
Extensible key management
bull PGP IBE passwords etc
Extensible front-end
bull Gmail Facebook Outlook etc
A common user interface
MessageGuard Architecture
Evaluation
Coverage and Performance
MessageGuard runs on all major browsersbull Desktop Chrome Firefox IE Opera Safaribull Android Chrome Firefox Operabull iOS Chrome Mercury Safari
MessageGuard encrypts data on almost all of the Alexa top 50 websitesbull youtubecom the only site with an issue
five lines of customization code to fix
Negligible overhead
Usability Scores
Other Approaches
ShadowCrypt [CCS 2014]bull End-to-end encryption for web applicationsbull Leverage the Shadow DOM as a control point
Mimesis Aegis [Usenix Security 2014]bull End-to-end encryption on mobile appsbull Leverages the accessibility layer as a control point
MessageGuard Information
bull Source code httpsbitbucketorgisrlemailmessageguardbull Pull requests welcome
bull Project website httpsisrlbyueduprojectsemail
bull Plug-ins available https[pgpibepasswords]messageguardio
bull Contact scottruotiorg
TrustBase
TrustBase An Architecture to Repair and Strengthen Certificate-Based AuthenticationM OrsquoNeill S Heidbrink S Ruoti J Whitehead D Bunker L Dickinson T Hendershot J Reynolds K Seamons D ZappalaUSENIX Security Symposium 2017
TLS Inspection How Often and Who Cares M OrsquoNeill S Ruoti K Seamons D ZappalaIEEE Internet Computing MayJune 2017
TLS Proxies Friend or FoeM OrsquoNeill S Ruoti K Seamons D ZappalaACM Internet Measurement Conference (IMC 2016)
User Attitudes Toward the Inspection of Encrypted TrafficS Ruoti M OrsquoNeill D Zappala K SeamonsSymposium on Usable Privacy and Security (SOUPS 2016)
TrustBase
bull Motivating principlesbull Centralize authentication as an OS service
bull Empower system admins to dictate how trust decisions are made on their own machines
bull Design goalsbull Secure all existing applications
bull Prohibit unprivileged applications from acting against administrator rules
bull Provide easy deployment of authentication systems
bull Negligible overhead
API
TrustBase
Transport
Network
helliphellip
Application
Validation
Plugins
Prototypes forbull Linuxbull Android (nonrooted)bull Windows
Moving Trust to the OS
TrustBase Architecture
TrustBase Architecture
Traffic Interception (Linux)
Sock
et A
PI
TCP
Han
dlin
g
connect
writesend
sendmsgsendmmsg
readrecv
recvmsgrecvmmsg
closeshutdown
Handler API
bull Loadable kernel module
bull Hooks into native transport protocol functionality
bull Provides generic inspectionmodification API
Evaluation
Coverage
Hardening
bull Unprivileged malware cannot unload interception
bull CAP_NET_RAW is required to use raw sockets (default) and to bypass TrustBase interception
bull CAP_NET_ADMIN required to receive and respond to queries
bull Configuration is writable only by privileged users
bull Daemons run nonroot with only required permissions
Performance
Other Approaches
CertShim [Bates et al CCS 2014]
Benefitsbull Transparently intercept TLS library calls (LD_PRELOAD)bull Low overhead
Limitationsbull Dynamic linked libraries onlybull User-level attacker can disable
TrustBase Information
bull Source code httpsgithubcommarkoneilltrustbase-linux
bull Pull requests welcome
bull Project website httpsowntrustorg
bull Contact mtobyuedu
Linux Android Win10
Future - Layering-Aware Applications
TrustBasebull Application API
bull Secure Socket Type
MessageGuardbull Customize for websites
bull Key management
bull Email API for encrypted attachments
Summary
Remove security functionality burden from developers
Layer security at control points
Risks and Rewards
Risksbull Bugs are global
bull Disruption is a DOS
Rewardsbull Correctness
bull Many eyeballs
bull Easier path to fix flaws
bull Updates are global
bull More rapid deployment of new security features
Risks amp Rewards Example ndash TLS Inspection
Source Durumeric et al The Security Impact of HTTPS Interception NDSS 2017
Risks amp Rewards Example ndash TLS Inspection
Source Durumeric et al The Security Impact of HTTPS Interception NDSS 2017
Future Applications in our Research
Password authenticationbull Password monitoring
bull Strong password protocols
Content-based encryption and signing of web content
Funding Acknowledgement
This material is based upon work supported by the National Science Foundation under Grant No CNS-1528022Any opinions findings and conclusions or recommendations expressed in this material are those of the author(s) and do not necessarily reflect the views of the National Science Foundation
This material is based on research sponsored by the Department of Homeland Security (DHS) Science and Technology DirectorateCyber Security Division (DHS SampTCSD) via contract number HHSP233201600046CThe views and conclusions contained herein are those of the authors and should not be interpreted as necessarily representing the official policies or endorsements either expressed or implied of the Department of Homeland Security
Questions
![Page 8: Layering Security at Global Control Points to Secure ......Layering Security at Global Control Points to Secure Unmodified Software Scott Ruoti MIT Lincoln Laboratory* Kent Seamons,](https://reader033.fdocuments.us/reader033/viewer/2022041922/5e6c871238dc2c12146ebae9/html5/thumbnails/8.jpg)
MessageGuard
ldquoWersquore on the Same Pagerdquo A Usability Study of Secure Email Using Pairs of Novice UsersS Ruoti J Andersen S Heidbrink M ONeill E Vaziripour J Wu D Zappala and K SeamonsACM Conference on Human Factors in Computing Systems (CHI 2016) Honorable Mention Award
Private Webmail 20 Simple and Easy-to-Use Secure EmailS Ruoti J Andersen T Hendershot D Zappala and K SeamonsACM User Interface Software and Technology Symposium (UIST 2016)
Confused Johnny When Automatic Encryption Leads to Confusion and MistakesS Ruoti N Kim B Burgon TW van der Horst and K Seamons Symposium on Usable Privacy and Security (SOUPS 2013)
Private Facebook ChatC Robison S Ruoti T W van der Horst and K E SeamonsInternational Conference on Privacy Security Risk and Trust (PASSAT 2012) and International Conference on Social Computing (SocialCom 2012)
MessageGuard ndash Key Features
Overlay all text input fields with end-to-end encryption
Provides secure messaging across the web
Distributed as a browser extension
9
Extensible key management
bull PGP IBE passwords etc
Extensible front-end
bull Gmail Facebook Outlook etc
A common user interface
MessageGuard Architecture
Evaluation
Coverage and Performance
MessageGuard runs on all major browsersbull Desktop Chrome Firefox IE Opera Safaribull Android Chrome Firefox Operabull iOS Chrome Mercury Safari
MessageGuard encrypts data on almost all of the Alexa top 50 websitesbull youtubecom the only site with an issue
five lines of customization code to fix
Negligible overhead
Usability Scores
Other Approaches
ShadowCrypt [CCS 2014]bull End-to-end encryption for web applicationsbull Leverage the Shadow DOM as a control point
Mimesis Aegis [Usenix Security 2014]bull End-to-end encryption on mobile appsbull Leverages the accessibility layer as a control point
MessageGuard Information
bull Source code httpsbitbucketorgisrlemailmessageguardbull Pull requests welcome
bull Project website httpsisrlbyueduprojectsemail
bull Plug-ins available https[pgpibepasswords]messageguardio
bull Contact scottruotiorg
TrustBase
TrustBase An Architecture to Repair and Strengthen Certificate-Based AuthenticationM OrsquoNeill S Heidbrink S Ruoti J Whitehead D Bunker L Dickinson T Hendershot J Reynolds K Seamons D ZappalaUSENIX Security Symposium 2017
TLS Inspection How Often and Who Cares M OrsquoNeill S Ruoti K Seamons D ZappalaIEEE Internet Computing MayJune 2017
TLS Proxies Friend or FoeM OrsquoNeill S Ruoti K Seamons D ZappalaACM Internet Measurement Conference (IMC 2016)
User Attitudes Toward the Inspection of Encrypted TrafficS Ruoti M OrsquoNeill D Zappala K SeamonsSymposium on Usable Privacy and Security (SOUPS 2016)
TrustBase
bull Motivating principlesbull Centralize authentication as an OS service
bull Empower system admins to dictate how trust decisions are made on their own machines
bull Design goalsbull Secure all existing applications
bull Prohibit unprivileged applications from acting against administrator rules
bull Provide easy deployment of authentication systems
bull Negligible overhead
API
TrustBase
Transport
Network
helliphellip
Application
Validation
Plugins
Prototypes forbull Linuxbull Android (nonrooted)bull Windows
Moving Trust to the OS
TrustBase Architecture
TrustBase Architecture
Traffic Interception (Linux)
Sock
et A
PI
TCP
Han
dlin
g
connect
writesend
sendmsgsendmmsg
readrecv
recvmsgrecvmmsg
closeshutdown
Handler API
bull Loadable kernel module
bull Hooks into native transport protocol functionality
bull Provides generic inspectionmodification API
Evaluation
Coverage
Hardening
bull Unprivileged malware cannot unload interception
bull CAP_NET_RAW is required to use raw sockets (default) and to bypass TrustBase interception
bull CAP_NET_ADMIN required to receive and respond to queries
bull Configuration is writable only by privileged users
bull Daemons run nonroot with only required permissions
Performance
Other Approaches
CertShim [Bates et al CCS 2014]
Benefitsbull Transparently intercept TLS library calls (LD_PRELOAD)bull Low overhead
Limitationsbull Dynamic linked libraries onlybull User-level attacker can disable
TrustBase Information
bull Source code httpsgithubcommarkoneilltrustbase-linux
bull Pull requests welcome
bull Project website httpsowntrustorg
bull Contact mtobyuedu
Linux Android Win10
Future - Layering-Aware Applications
TrustBasebull Application API
bull Secure Socket Type
MessageGuardbull Customize for websites
bull Key management
bull Email API for encrypted attachments
Summary
Remove security functionality burden from developers
Layer security at control points
Risks and Rewards
Risksbull Bugs are global
bull Disruption is a DOS
Rewardsbull Correctness
bull Many eyeballs
bull Easier path to fix flaws
bull Updates are global
bull More rapid deployment of new security features
Risks amp Rewards Example ndash TLS Inspection
Source Durumeric et al The Security Impact of HTTPS Interception NDSS 2017
Risks amp Rewards Example ndash TLS Inspection
Source Durumeric et al The Security Impact of HTTPS Interception NDSS 2017
Future Applications in our Research
Password authenticationbull Password monitoring
bull Strong password protocols
Content-based encryption and signing of web content
Funding Acknowledgement
This material is based upon work supported by the National Science Foundation under Grant No CNS-1528022Any opinions findings and conclusions or recommendations expressed in this material are those of the author(s) and do not necessarily reflect the views of the National Science Foundation
This material is based on research sponsored by the Department of Homeland Security (DHS) Science and Technology DirectorateCyber Security Division (DHS SampTCSD) via contract number HHSP233201600046CThe views and conclusions contained herein are those of the authors and should not be interpreted as necessarily representing the official policies or endorsements either expressed or implied of the Department of Homeland Security
Questions
![Page 9: Layering Security at Global Control Points to Secure ......Layering Security at Global Control Points to Secure Unmodified Software Scott Ruoti MIT Lincoln Laboratory* Kent Seamons,](https://reader033.fdocuments.us/reader033/viewer/2022041922/5e6c871238dc2c12146ebae9/html5/thumbnails/9.jpg)
MessageGuard ndash Key Features
Overlay all text input fields with end-to-end encryption
Provides secure messaging across the web
Distributed as a browser extension
9
Extensible key management
bull PGP IBE passwords etc
Extensible front-end
bull Gmail Facebook Outlook etc
A common user interface
MessageGuard Architecture
Evaluation
Coverage and Performance
MessageGuard runs on all major browsersbull Desktop Chrome Firefox IE Opera Safaribull Android Chrome Firefox Operabull iOS Chrome Mercury Safari
MessageGuard encrypts data on almost all of the Alexa top 50 websitesbull youtubecom the only site with an issue
five lines of customization code to fix
Negligible overhead
Usability Scores
Other Approaches
ShadowCrypt [CCS 2014]bull End-to-end encryption for web applicationsbull Leverage the Shadow DOM as a control point
Mimesis Aegis [Usenix Security 2014]bull End-to-end encryption on mobile appsbull Leverages the accessibility layer as a control point
MessageGuard Information
bull Source code httpsbitbucketorgisrlemailmessageguardbull Pull requests welcome
bull Project website httpsisrlbyueduprojectsemail
bull Plug-ins available https[pgpibepasswords]messageguardio
bull Contact scottruotiorg
TrustBase
TrustBase An Architecture to Repair and Strengthen Certificate-Based AuthenticationM OrsquoNeill S Heidbrink S Ruoti J Whitehead D Bunker L Dickinson T Hendershot J Reynolds K Seamons D ZappalaUSENIX Security Symposium 2017
TLS Inspection How Often and Who Cares M OrsquoNeill S Ruoti K Seamons D ZappalaIEEE Internet Computing MayJune 2017
TLS Proxies Friend or FoeM OrsquoNeill S Ruoti K Seamons D ZappalaACM Internet Measurement Conference (IMC 2016)
User Attitudes Toward the Inspection of Encrypted TrafficS Ruoti M OrsquoNeill D Zappala K SeamonsSymposium on Usable Privacy and Security (SOUPS 2016)
TrustBase
bull Motivating principlesbull Centralize authentication as an OS service
bull Empower system admins to dictate how trust decisions are made on their own machines
bull Design goalsbull Secure all existing applications
bull Prohibit unprivileged applications from acting against administrator rules
bull Provide easy deployment of authentication systems
bull Negligible overhead
API
TrustBase
Transport
Network
helliphellip
Application
Validation
Plugins
Prototypes forbull Linuxbull Android (nonrooted)bull Windows
Moving Trust to the OS
TrustBase Architecture
TrustBase Architecture
Traffic Interception (Linux)
Sock
et A
PI
TCP
Han
dlin
g
connect
writesend
sendmsgsendmmsg
readrecv
recvmsgrecvmmsg
closeshutdown
Handler API
bull Loadable kernel module
bull Hooks into native transport protocol functionality
bull Provides generic inspectionmodification API
Evaluation
Coverage
Hardening
bull Unprivileged malware cannot unload interception
bull CAP_NET_RAW is required to use raw sockets (default) and to bypass TrustBase interception
bull CAP_NET_ADMIN required to receive and respond to queries
bull Configuration is writable only by privileged users
bull Daemons run nonroot with only required permissions
Performance
Other Approaches
CertShim [Bates et al CCS 2014]
Benefitsbull Transparently intercept TLS library calls (LD_PRELOAD)bull Low overhead
Limitationsbull Dynamic linked libraries onlybull User-level attacker can disable
TrustBase Information
bull Source code httpsgithubcommarkoneilltrustbase-linux
bull Pull requests welcome
bull Project website httpsowntrustorg
bull Contact mtobyuedu
Linux Android Win10
Future - Layering-Aware Applications
TrustBasebull Application API
bull Secure Socket Type
MessageGuardbull Customize for websites
bull Key management
bull Email API for encrypted attachments
Summary
Remove security functionality burden from developers
Layer security at control points
Risks and Rewards
Risksbull Bugs are global
bull Disruption is a DOS
Rewardsbull Correctness
bull Many eyeballs
bull Easier path to fix flaws
bull Updates are global
bull More rapid deployment of new security features
Risks amp Rewards Example ndash TLS Inspection
Source Durumeric et al The Security Impact of HTTPS Interception NDSS 2017
Risks amp Rewards Example ndash TLS Inspection
Source Durumeric et al The Security Impact of HTTPS Interception NDSS 2017
Future Applications in our Research
Password authenticationbull Password monitoring
bull Strong password protocols
Content-based encryption and signing of web content
Funding Acknowledgement
This material is based upon work supported by the National Science Foundation under Grant No CNS-1528022Any opinions findings and conclusions or recommendations expressed in this material are those of the author(s) and do not necessarily reflect the views of the National Science Foundation
This material is based on research sponsored by the Department of Homeland Security (DHS) Science and Technology DirectorateCyber Security Division (DHS SampTCSD) via contract number HHSP233201600046CThe views and conclusions contained herein are those of the authors and should not be interpreted as necessarily representing the official policies or endorsements either expressed or implied of the Department of Homeland Security
Questions
![Page 10: Layering Security at Global Control Points to Secure ......Layering Security at Global Control Points to Secure Unmodified Software Scott Ruoti MIT Lincoln Laboratory* Kent Seamons,](https://reader033.fdocuments.us/reader033/viewer/2022041922/5e6c871238dc2c12146ebae9/html5/thumbnails/10.jpg)
MessageGuard Architecture
Evaluation
Coverage and Performance
MessageGuard runs on all major browsersbull Desktop Chrome Firefox IE Opera Safaribull Android Chrome Firefox Operabull iOS Chrome Mercury Safari
MessageGuard encrypts data on almost all of the Alexa top 50 websitesbull youtubecom the only site with an issue
five lines of customization code to fix
Negligible overhead
Usability Scores
Other Approaches
ShadowCrypt [CCS 2014]bull End-to-end encryption for web applicationsbull Leverage the Shadow DOM as a control point
Mimesis Aegis [Usenix Security 2014]bull End-to-end encryption on mobile appsbull Leverages the accessibility layer as a control point
MessageGuard Information
bull Source code httpsbitbucketorgisrlemailmessageguardbull Pull requests welcome
bull Project website httpsisrlbyueduprojectsemail
bull Plug-ins available https[pgpibepasswords]messageguardio
bull Contact scottruotiorg
TrustBase
TrustBase An Architecture to Repair and Strengthen Certificate-Based AuthenticationM OrsquoNeill S Heidbrink S Ruoti J Whitehead D Bunker L Dickinson T Hendershot J Reynolds K Seamons D ZappalaUSENIX Security Symposium 2017
TLS Inspection How Often and Who Cares M OrsquoNeill S Ruoti K Seamons D ZappalaIEEE Internet Computing MayJune 2017
TLS Proxies Friend or FoeM OrsquoNeill S Ruoti K Seamons D ZappalaACM Internet Measurement Conference (IMC 2016)
User Attitudes Toward the Inspection of Encrypted TrafficS Ruoti M OrsquoNeill D Zappala K SeamonsSymposium on Usable Privacy and Security (SOUPS 2016)
TrustBase
bull Motivating principlesbull Centralize authentication as an OS service
bull Empower system admins to dictate how trust decisions are made on their own machines
bull Design goalsbull Secure all existing applications
bull Prohibit unprivileged applications from acting against administrator rules
bull Provide easy deployment of authentication systems
bull Negligible overhead
API
TrustBase
Transport
Network
helliphellip
Application
Validation
Plugins
Prototypes forbull Linuxbull Android (nonrooted)bull Windows
Moving Trust to the OS
TrustBase Architecture
TrustBase Architecture
Traffic Interception (Linux)
Sock
et A
PI
TCP
Han
dlin
g
connect
writesend
sendmsgsendmmsg
readrecv
recvmsgrecvmmsg
closeshutdown
Handler API
bull Loadable kernel module
bull Hooks into native transport protocol functionality
bull Provides generic inspectionmodification API
Evaluation
Coverage
Hardening
bull Unprivileged malware cannot unload interception
bull CAP_NET_RAW is required to use raw sockets (default) and to bypass TrustBase interception
bull CAP_NET_ADMIN required to receive and respond to queries
bull Configuration is writable only by privileged users
bull Daemons run nonroot with only required permissions
Performance
Other Approaches
CertShim [Bates et al CCS 2014]
Benefitsbull Transparently intercept TLS library calls (LD_PRELOAD)bull Low overhead
Limitationsbull Dynamic linked libraries onlybull User-level attacker can disable
TrustBase Information
bull Source code httpsgithubcommarkoneilltrustbase-linux
bull Pull requests welcome
bull Project website httpsowntrustorg
bull Contact mtobyuedu
Linux Android Win10
Future - Layering-Aware Applications
TrustBasebull Application API
bull Secure Socket Type
MessageGuardbull Customize for websites
bull Key management
bull Email API for encrypted attachments
Summary
Remove security functionality burden from developers
Layer security at control points
Risks and Rewards
Risksbull Bugs are global
bull Disruption is a DOS
Rewardsbull Correctness
bull Many eyeballs
bull Easier path to fix flaws
bull Updates are global
bull More rapid deployment of new security features
Risks amp Rewards Example ndash TLS Inspection
Source Durumeric et al The Security Impact of HTTPS Interception NDSS 2017
Risks amp Rewards Example ndash TLS Inspection
Source Durumeric et al The Security Impact of HTTPS Interception NDSS 2017
Future Applications in our Research
Password authenticationbull Password monitoring
bull Strong password protocols
Content-based encryption and signing of web content
Funding Acknowledgement
This material is based upon work supported by the National Science Foundation under Grant No CNS-1528022Any opinions findings and conclusions or recommendations expressed in this material are those of the author(s) and do not necessarily reflect the views of the National Science Foundation
This material is based on research sponsored by the Department of Homeland Security (DHS) Science and Technology DirectorateCyber Security Division (DHS SampTCSD) via contract number HHSP233201600046CThe views and conclusions contained herein are those of the authors and should not be interpreted as necessarily representing the official policies or endorsements either expressed or implied of the Department of Homeland Security
Questions
![Page 11: Layering Security at Global Control Points to Secure ......Layering Security at Global Control Points to Secure Unmodified Software Scott Ruoti MIT Lincoln Laboratory* Kent Seamons,](https://reader033.fdocuments.us/reader033/viewer/2022041922/5e6c871238dc2c12146ebae9/html5/thumbnails/11.jpg)
Evaluation
Coverage and Performance
MessageGuard runs on all major browsersbull Desktop Chrome Firefox IE Opera Safaribull Android Chrome Firefox Operabull iOS Chrome Mercury Safari
MessageGuard encrypts data on almost all of the Alexa top 50 websitesbull youtubecom the only site with an issue
five lines of customization code to fix
Negligible overhead
Usability Scores
Other Approaches
ShadowCrypt [CCS 2014]bull End-to-end encryption for web applicationsbull Leverage the Shadow DOM as a control point
Mimesis Aegis [Usenix Security 2014]bull End-to-end encryption on mobile appsbull Leverages the accessibility layer as a control point
MessageGuard Information
bull Source code httpsbitbucketorgisrlemailmessageguardbull Pull requests welcome
bull Project website httpsisrlbyueduprojectsemail
bull Plug-ins available https[pgpibepasswords]messageguardio
bull Contact scottruotiorg
TrustBase
TrustBase An Architecture to Repair and Strengthen Certificate-Based AuthenticationM OrsquoNeill S Heidbrink S Ruoti J Whitehead D Bunker L Dickinson T Hendershot J Reynolds K Seamons D ZappalaUSENIX Security Symposium 2017
TLS Inspection How Often and Who Cares M OrsquoNeill S Ruoti K Seamons D ZappalaIEEE Internet Computing MayJune 2017
TLS Proxies Friend or FoeM OrsquoNeill S Ruoti K Seamons D ZappalaACM Internet Measurement Conference (IMC 2016)
User Attitudes Toward the Inspection of Encrypted TrafficS Ruoti M OrsquoNeill D Zappala K SeamonsSymposium on Usable Privacy and Security (SOUPS 2016)
TrustBase
bull Motivating principlesbull Centralize authentication as an OS service
bull Empower system admins to dictate how trust decisions are made on their own machines
bull Design goalsbull Secure all existing applications
bull Prohibit unprivileged applications from acting against administrator rules
bull Provide easy deployment of authentication systems
bull Negligible overhead
API
TrustBase
Transport
Network
helliphellip
Application
Validation
Plugins
Prototypes forbull Linuxbull Android (nonrooted)bull Windows
Moving Trust to the OS
TrustBase Architecture
TrustBase Architecture
Traffic Interception (Linux)
Sock
et A
PI
TCP
Han
dlin
g
connect
writesend
sendmsgsendmmsg
readrecv
recvmsgrecvmmsg
closeshutdown
Handler API
bull Loadable kernel module
bull Hooks into native transport protocol functionality
bull Provides generic inspectionmodification API
Evaluation
Coverage
Hardening
bull Unprivileged malware cannot unload interception
bull CAP_NET_RAW is required to use raw sockets (default) and to bypass TrustBase interception
bull CAP_NET_ADMIN required to receive and respond to queries
bull Configuration is writable only by privileged users
bull Daemons run nonroot with only required permissions
Performance
Other Approaches
CertShim [Bates et al CCS 2014]
Benefitsbull Transparently intercept TLS library calls (LD_PRELOAD)bull Low overhead
Limitationsbull Dynamic linked libraries onlybull User-level attacker can disable
TrustBase Information
bull Source code httpsgithubcommarkoneilltrustbase-linux
bull Pull requests welcome
bull Project website httpsowntrustorg
bull Contact mtobyuedu
Linux Android Win10
Future - Layering-Aware Applications
TrustBasebull Application API
bull Secure Socket Type
MessageGuardbull Customize for websites
bull Key management
bull Email API for encrypted attachments
Summary
Remove security functionality burden from developers
Layer security at control points
Risks and Rewards
Risksbull Bugs are global
bull Disruption is a DOS
Rewardsbull Correctness
bull Many eyeballs
bull Easier path to fix flaws
bull Updates are global
bull More rapid deployment of new security features
Risks amp Rewards Example ndash TLS Inspection
Source Durumeric et al The Security Impact of HTTPS Interception NDSS 2017
Risks amp Rewards Example ndash TLS Inspection
Source Durumeric et al The Security Impact of HTTPS Interception NDSS 2017
Future Applications in our Research
Password authenticationbull Password monitoring
bull Strong password protocols
Content-based encryption and signing of web content
Funding Acknowledgement
This material is based upon work supported by the National Science Foundation under Grant No CNS-1528022Any opinions findings and conclusions or recommendations expressed in this material are those of the author(s) and do not necessarily reflect the views of the National Science Foundation
This material is based on research sponsored by the Department of Homeland Security (DHS) Science and Technology DirectorateCyber Security Division (DHS SampTCSD) via contract number HHSP233201600046CThe views and conclusions contained herein are those of the authors and should not be interpreted as necessarily representing the official policies or endorsements either expressed or implied of the Department of Homeland Security
Questions
![Page 12: Layering Security at Global Control Points to Secure ......Layering Security at Global Control Points to Secure Unmodified Software Scott Ruoti MIT Lincoln Laboratory* Kent Seamons,](https://reader033.fdocuments.us/reader033/viewer/2022041922/5e6c871238dc2c12146ebae9/html5/thumbnails/12.jpg)
Coverage and Performance
MessageGuard runs on all major browsersbull Desktop Chrome Firefox IE Opera Safaribull Android Chrome Firefox Operabull iOS Chrome Mercury Safari
MessageGuard encrypts data on almost all of the Alexa top 50 websitesbull youtubecom the only site with an issue
five lines of customization code to fix
Negligible overhead
Usability Scores
Other Approaches
ShadowCrypt [CCS 2014]bull End-to-end encryption for web applicationsbull Leverage the Shadow DOM as a control point
Mimesis Aegis [Usenix Security 2014]bull End-to-end encryption on mobile appsbull Leverages the accessibility layer as a control point
MessageGuard Information
bull Source code httpsbitbucketorgisrlemailmessageguardbull Pull requests welcome
bull Project website httpsisrlbyueduprojectsemail
bull Plug-ins available https[pgpibepasswords]messageguardio
bull Contact scottruotiorg
TrustBase
TrustBase An Architecture to Repair and Strengthen Certificate-Based AuthenticationM OrsquoNeill S Heidbrink S Ruoti J Whitehead D Bunker L Dickinson T Hendershot J Reynolds K Seamons D ZappalaUSENIX Security Symposium 2017
TLS Inspection How Often and Who Cares M OrsquoNeill S Ruoti K Seamons D ZappalaIEEE Internet Computing MayJune 2017
TLS Proxies Friend or FoeM OrsquoNeill S Ruoti K Seamons D ZappalaACM Internet Measurement Conference (IMC 2016)
User Attitudes Toward the Inspection of Encrypted TrafficS Ruoti M OrsquoNeill D Zappala K SeamonsSymposium on Usable Privacy and Security (SOUPS 2016)
TrustBase
bull Motivating principlesbull Centralize authentication as an OS service
bull Empower system admins to dictate how trust decisions are made on their own machines
bull Design goalsbull Secure all existing applications
bull Prohibit unprivileged applications from acting against administrator rules
bull Provide easy deployment of authentication systems
bull Negligible overhead
API
TrustBase
Transport
Network
helliphellip
Application
Validation
Plugins
Prototypes forbull Linuxbull Android (nonrooted)bull Windows
Moving Trust to the OS
TrustBase Architecture
TrustBase Architecture
Traffic Interception (Linux)
Sock
et A
PI
TCP
Han
dlin
g
connect
writesend
sendmsgsendmmsg
readrecv
recvmsgrecvmmsg
closeshutdown
Handler API
bull Loadable kernel module
bull Hooks into native transport protocol functionality
bull Provides generic inspectionmodification API
Evaluation
Coverage
Hardening
bull Unprivileged malware cannot unload interception
bull CAP_NET_RAW is required to use raw sockets (default) and to bypass TrustBase interception
bull CAP_NET_ADMIN required to receive and respond to queries
bull Configuration is writable only by privileged users
bull Daemons run nonroot with only required permissions
Performance
Other Approaches
CertShim [Bates et al CCS 2014]
Benefitsbull Transparently intercept TLS library calls (LD_PRELOAD)bull Low overhead
Limitationsbull Dynamic linked libraries onlybull User-level attacker can disable
TrustBase Information
bull Source code httpsgithubcommarkoneilltrustbase-linux
bull Pull requests welcome
bull Project website httpsowntrustorg
bull Contact mtobyuedu
Linux Android Win10
Future - Layering-Aware Applications
TrustBasebull Application API
bull Secure Socket Type
MessageGuardbull Customize for websites
bull Key management
bull Email API for encrypted attachments
Summary
Remove security functionality burden from developers
Layer security at control points
Risks and Rewards
Risksbull Bugs are global
bull Disruption is a DOS
Rewardsbull Correctness
bull Many eyeballs
bull Easier path to fix flaws
bull Updates are global
bull More rapid deployment of new security features
Risks amp Rewards Example ndash TLS Inspection
Source Durumeric et al The Security Impact of HTTPS Interception NDSS 2017
Risks amp Rewards Example ndash TLS Inspection
Source Durumeric et al The Security Impact of HTTPS Interception NDSS 2017
Future Applications in our Research
Password authenticationbull Password monitoring
bull Strong password protocols
Content-based encryption and signing of web content
Funding Acknowledgement
This material is based upon work supported by the National Science Foundation under Grant No CNS-1528022Any opinions findings and conclusions or recommendations expressed in this material are those of the author(s) and do not necessarily reflect the views of the National Science Foundation
This material is based on research sponsored by the Department of Homeland Security (DHS) Science and Technology DirectorateCyber Security Division (DHS SampTCSD) via contract number HHSP233201600046CThe views and conclusions contained herein are those of the authors and should not be interpreted as necessarily representing the official policies or endorsements either expressed or implied of the Department of Homeland Security
Questions
![Page 13: Layering Security at Global Control Points to Secure ......Layering Security at Global Control Points to Secure Unmodified Software Scott Ruoti MIT Lincoln Laboratory* Kent Seamons,](https://reader033.fdocuments.us/reader033/viewer/2022041922/5e6c871238dc2c12146ebae9/html5/thumbnails/13.jpg)
Usability Scores
Other Approaches
ShadowCrypt [CCS 2014]bull End-to-end encryption for web applicationsbull Leverage the Shadow DOM as a control point
Mimesis Aegis [Usenix Security 2014]bull End-to-end encryption on mobile appsbull Leverages the accessibility layer as a control point
MessageGuard Information
bull Source code httpsbitbucketorgisrlemailmessageguardbull Pull requests welcome
bull Project website httpsisrlbyueduprojectsemail
bull Plug-ins available https[pgpibepasswords]messageguardio
bull Contact scottruotiorg
TrustBase
TrustBase An Architecture to Repair and Strengthen Certificate-Based AuthenticationM OrsquoNeill S Heidbrink S Ruoti J Whitehead D Bunker L Dickinson T Hendershot J Reynolds K Seamons D ZappalaUSENIX Security Symposium 2017
TLS Inspection How Often and Who Cares M OrsquoNeill S Ruoti K Seamons D ZappalaIEEE Internet Computing MayJune 2017
TLS Proxies Friend or FoeM OrsquoNeill S Ruoti K Seamons D ZappalaACM Internet Measurement Conference (IMC 2016)
User Attitudes Toward the Inspection of Encrypted TrafficS Ruoti M OrsquoNeill D Zappala K SeamonsSymposium on Usable Privacy and Security (SOUPS 2016)
TrustBase
bull Motivating principlesbull Centralize authentication as an OS service
bull Empower system admins to dictate how trust decisions are made on their own machines
bull Design goalsbull Secure all existing applications
bull Prohibit unprivileged applications from acting against administrator rules
bull Provide easy deployment of authentication systems
bull Negligible overhead
API
TrustBase
Transport
Network
helliphellip
Application
Validation
Plugins
Prototypes forbull Linuxbull Android (nonrooted)bull Windows
Moving Trust to the OS
TrustBase Architecture
TrustBase Architecture
Traffic Interception (Linux)
Sock
et A
PI
TCP
Han
dlin
g
connect
writesend
sendmsgsendmmsg
readrecv
recvmsgrecvmmsg
closeshutdown
Handler API
bull Loadable kernel module
bull Hooks into native transport protocol functionality
bull Provides generic inspectionmodification API
Evaluation
Coverage
Hardening
bull Unprivileged malware cannot unload interception
bull CAP_NET_RAW is required to use raw sockets (default) and to bypass TrustBase interception
bull CAP_NET_ADMIN required to receive and respond to queries
bull Configuration is writable only by privileged users
bull Daemons run nonroot with only required permissions
Performance
Other Approaches
CertShim [Bates et al CCS 2014]
Benefitsbull Transparently intercept TLS library calls (LD_PRELOAD)bull Low overhead
Limitationsbull Dynamic linked libraries onlybull User-level attacker can disable
TrustBase Information
bull Source code httpsgithubcommarkoneilltrustbase-linux
bull Pull requests welcome
bull Project website httpsowntrustorg
bull Contact mtobyuedu
Linux Android Win10
Future - Layering-Aware Applications
TrustBasebull Application API
bull Secure Socket Type
MessageGuardbull Customize for websites
bull Key management
bull Email API for encrypted attachments
Summary
Remove security functionality burden from developers
Layer security at control points
Risks and Rewards
Risksbull Bugs are global
bull Disruption is a DOS
Rewardsbull Correctness
bull Many eyeballs
bull Easier path to fix flaws
bull Updates are global
bull More rapid deployment of new security features
Risks amp Rewards Example ndash TLS Inspection
Source Durumeric et al The Security Impact of HTTPS Interception NDSS 2017
Risks amp Rewards Example ndash TLS Inspection
Source Durumeric et al The Security Impact of HTTPS Interception NDSS 2017
Future Applications in our Research
Password authenticationbull Password monitoring
bull Strong password protocols
Content-based encryption and signing of web content
Funding Acknowledgement
This material is based upon work supported by the National Science Foundation under Grant No CNS-1528022Any opinions findings and conclusions or recommendations expressed in this material are those of the author(s) and do not necessarily reflect the views of the National Science Foundation
This material is based on research sponsored by the Department of Homeland Security (DHS) Science and Technology DirectorateCyber Security Division (DHS SampTCSD) via contract number HHSP233201600046CThe views and conclusions contained herein are those of the authors and should not be interpreted as necessarily representing the official policies or endorsements either expressed or implied of the Department of Homeland Security
Questions
![Page 14: Layering Security at Global Control Points to Secure ......Layering Security at Global Control Points to Secure Unmodified Software Scott Ruoti MIT Lincoln Laboratory* Kent Seamons,](https://reader033.fdocuments.us/reader033/viewer/2022041922/5e6c871238dc2c12146ebae9/html5/thumbnails/14.jpg)
Other Approaches
ShadowCrypt [CCS 2014]bull End-to-end encryption for web applicationsbull Leverage the Shadow DOM as a control point
Mimesis Aegis [Usenix Security 2014]bull End-to-end encryption on mobile appsbull Leverages the accessibility layer as a control point
MessageGuard Information
bull Source code httpsbitbucketorgisrlemailmessageguardbull Pull requests welcome
bull Project website httpsisrlbyueduprojectsemail
bull Plug-ins available https[pgpibepasswords]messageguardio
bull Contact scottruotiorg
TrustBase
TrustBase An Architecture to Repair and Strengthen Certificate-Based AuthenticationM OrsquoNeill S Heidbrink S Ruoti J Whitehead D Bunker L Dickinson T Hendershot J Reynolds K Seamons D ZappalaUSENIX Security Symposium 2017
TLS Inspection How Often and Who Cares M OrsquoNeill S Ruoti K Seamons D ZappalaIEEE Internet Computing MayJune 2017
TLS Proxies Friend or FoeM OrsquoNeill S Ruoti K Seamons D ZappalaACM Internet Measurement Conference (IMC 2016)
User Attitudes Toward the Inspection of Encrypted TrafficS Ruoti M OrsquoNeill D Zappala K SeamonsSymposium on Usable Privacy and Security (SOUPS 2016)
TrustBase
bull Motivating principlesbull Centralize authentication as an OS service
bull Empower system admins to dictate how trust decisions are made on their own machines
bull Design goalsbull Secure all existing applications
bull Prohibit unprivileged applications from acting against administrator rules
bull Provide easy deployment of authentication systems
bull Negligible overhead
API
TrustBase
Transport
Network
helliphellip
Application
Validation
Plugins
Prototypes forbull Linuxbull Android (nonrooted)bull Windows
Moving Trust to the OS
TrustBase Architecture
TrustBase Architecture
Traffic Interception (Linux)
Sock
et A
PI
TCP
Han
dlin
g
connect
writesend
sendmsgsendmmsg
readrecv
recvmsgrecvmmsg
closeshutdown
Handler API
bull Loadable kernel module
bull Hooks into native transport protocol functionality
bull Provides generic inspectionmodification API
Evaluation
Coverage
Hardening
bull Unprivileged malware cannot unload interception
bull CAP_NET_RAW is required to use raw sockets (default) and to bypass TrustBase interception
bull CAP_NET_ADMIN required to receive and respond to queries
bull Configuration is writable only by privileged users
bull Daemons run nonroot with only required permissions
Performance
Other Approaches
CertShim [Bates et al CCS 2014]
Benefitsbull Transparently intercept TLS library calls (LD_PRELOAD)bull Low overhead
Limitationsbull Dynamic linked libraries onlybull User-level attacker can disable
TrustBase Information
bull Source code httpsgithubcommarkoneilltrustbase-linux
bull Pull requests welcome
bull Project website httpsowntrustorg
bull Contact mtobyuedu
Linux Android Win10
Future - Layering-Aware Applications
TrustBasebull Application API
bull Secure Socket Type
MessageGuardbull Customize for websites
bull Key management
bull Email API for encrypted attachments
Summary
Remove security functionality burden from developers
Layer security at control points
Risks and Rewards
Risksbull Bugs are global
bull Disruption is a DOS
Rewardsbull Correctness
bull Many eyeballs
bull Easier path to fix flaws
bull Updates are global
bull More rapid deployment of new security features
Risks amp Rewards Example ndash TLS Inspection
Source Durumeric et al The Security Impact of HTTPS Interception NDSS 2017
Risks amp Rewards Example ndash TLS Inspection
Source Durumeric et al The Security Impact of HTTPS Interception NDSS 2017
Future Applications in our Research
Password authenticationbull Password monitoring
bull Strong password protocols
Content-based encryption and signing of web content
Funding Acknowledgement
This material is based upon work supported by the National Science Foundation under Grant No CNS-1528022Any opinions findings and conclusions or recommendations expressed in this material are those of the author(s) and do not necessarily reflect the views of the National Science Foundation
This material is based on research sponsored by the Department of Homeland Security (DHS) Science and Technology DirectorateCyber Security Division (DHS SampTCSD) via contract number HHSP233201600046CThe views and conclusions contained herein are those of the authors and should not be interpreted as necessarily representing the official policies or endorsements either expressed or implied of the Department of Homeland Security
Questions
![Page 15: Layering Security at Global Control Points to Secure ......Layering Security at Global Control Points to Secure Unmodified Software Scott Ruoti MIT Lincoln Laboratory* Kent Seamons,](https://reader033.fdocuments.us/reader033/viewer/2022041922/5e6c871238dc2c12146ebae9/html5/thumbnails/15.jpg)
MessageGuard Information
bull Source code httpsbitbucketorgisrlemailmessageguardbull Pull requests welcome
bull Project website httpsisrlbyueduprojectsemail
bull Plug-ins available https[pgpibepasswords]messageguardio
bull Contact scottruotiorg
TrustBase
TrustBase An Architecture to Repair and Strengthen Certificate-Based AuthenticationM OrsquoNeill S Heidbrink S Ruoti J Whitehead D Bunker L Dickinson T Hendershot J Reynolds K Seamons D ZappalaUSENIX Security Symposium 2017
TLS Inspection How Often and Who Cares M OrsquoNeill S Ruoti K Seamons D ZappalaIEEE Internet Computing MayJune 2017
TLS Proxies Friend or FoeM OrsquoNeill S Ruoti K Seamons D ZappalaACM Internet Measurement Conference (IMC 2016)
User Attitudes Toward the Inspection of Encrypted TrafficS Ruoti M OrsquoNeill D Zappala K SeamonsSymposium on Usable Privacy and Security (SOUPS 2016)
TrustBase
bull Motivating principlesbull Centralize authentication as an OS service
bull Empower system admins to dictate how trust decisions are made on their own machines
bull Design goalsbull Secure all existing applications
bull Prohibit unprivileged applications from acting against administrator rules
bull Provide easy deployment of authentication systems
bull Negligible overhead
API
TrustBase
Transport
Network
helliphellip
Application
Validation
Plugins
Prototypes forbull Linuxbull Android (nonrooted)bull Windows
Moving Trust to the OS
TrustBase Architecture
TrustBase Architecture
Traffic Interception (Linux)
Sock
et A
PI
TCP
Han
dlin
g
connect
writesend
sendmsgsendmmsg
readrecv
recvmsgrecvmmsg
closeshutdown
Handler API
bull Loadable kernel module
bull Hooks into native transport protocol functionality
bull Provides generic inspectionmodification API
Evaluation
Coverage
Hardening
bull Unprivileged malware cannot unload interception
bull CAP_NET_RAW is required to use raw sockets (default) and to bypass TrustBase interception
bull CAP_NET_ADMIN required to receive and respond to queries
bull Configuration is writable only by privileged users
bull Daemons run nonroot with only required permissions
Performance
Other Approaches
CertShim [Bates et al CCS 2014]
Benefitsbull Transparently intercept TLS library calls (LD_PRELOAD)bull Low overhead
Limitationsbull Dynamic linked libraries onlybull User-level attacker can disable
TrustBase Information
bull Source code httpsgithubcommarkoneilltrustbase-linux
bull Pull requests welcome
bull Project website httpsowntrustorg
bull Contact mtobyuedu
Linux Android Win10
Future - Layering-Aware Applications
TrustBasebull Application API
bull Secure Socket Type
MessageGuardbull Customize for websites
bull Key management
bull Email API for encrypted attachments
Summary
Remove security functionality burden from developers
Layer security at control points
Risks and Rewards
Risksbull Bugs are global
bull Disruption is a DOS
Rewardsbull Correctness
bull Many eyeballs
bull Easier path to fix flaws
bull Updates are global
bull More rapid deployment of new security features
Risks amp Rewards Example ndash TLS Inspection
Source Durumeric et al The Security Impact of HTTPS Interception NDSS 2017
Risks amp Rewards Example ndash TLS Inspection
Source Durumeric et al The Security Impact of HTTPS Interception NDSS 2017
Future Applications in our Research
Password authenticationbull Password monitoring
bull Strong password protocols
Content-based encryption and signing of web content
Funding Acknowledgement
This material is based upon work supported by the National Science Foundation under Grant No CNS-1528022Any opinions findings and conclusions or recommendations expressed in this material are those of the author(s) and do not necessarily reflect the views of the National Science Foundation
This material is based on research sponsored by the Department of Homeland Security (DHS) Science and Technology DirectorateCyber Security Division (DHS SampTCSD) via contract number HHSP233201600046CThe views and conclusions contained herein are those of the authors and should not be interpreted as necessarily representing the official policies or endorsements either expressed or implied of the Department of Homeland Security
Questions
![Page 16: Layering Security at Global Control Points to Secure ......Layering Security at Global Control Points to Secure Unmodified Software Scott Ruoti MIT Lincoln Laboratory* Kent Seamons,](https://reader033.fdocuments.us/reader033/viewer/2022041922/5e6c871238dc2c12146ebae9/html5/thumbnails/16.jpg)
TrustBase
TrustBase An Architecture to Repair and Strengthen Certificate-Based AuthenticationM OrsquoNeill S Heidbrink S Ruoti J Whitehead D Bunker L Dickinson T Hendershot J Reynolds K Seamons D ZappalaUSENIX Security Symposium 2017
TLS Inspection How Often and Who Cares M OrsquoNeill S Ruoti K Seamons D ZappalaIEEE Internet Computing MayJune 2017
TLS Proxies Friend or FoeM OrsquoNeill S Ruoti K Seamons D ZappalaACM Internet Measurement Conference (IMC 2016)
User Attitudes Toward the Inspection of Encrypted TrafficS Ruoti M OrsquoNeill D Zappala K SeamonsSymposium on Usable Privacy and Security (SOUPS 2016)
TrustBase
bull Motivating principlesbull Centralize authentication as an OS service
bull Empower system admins to dictate how trust decisions are made on their own machines
bull Design goalsbull Secure all existing applications
bull Prohibit unprivileged applications from acting against administrator rules
bull Provide easy deployment of authentication systems
bull Negligible overhead
API
TrustBase
Transport
Network
helliphellip
Application
Validation
Plugins
Prototypes forbull Linuxbull Android (nonrooted)bull Windows
Moving Trust to the OS
TrustBase Architecture
TrustBase Architecture
Traffic Interception (Linux)
Sock
et A
PI
TCP
Han
dlin
g
connect
writesend
sendmsgsendmmsg
readrecv
recvmsgrecvmmsg
closeshutdown
Handler API
bull Loadable kernel module
bull Hooks into native transport protocol functionality
bull Provides generic inspectionmodification API
Evaluation
Coverage
Hardening
bull Unprivileged malware cannot unload interception
bull CAP_NET_RAW is required to use raw sockets (default) and to bypass TrustBase interception
bull CAP_NET_ADMIN required to receive and respond to queries
bull Configuration is writable only by privileged users
bull Daemons run nonroot with only required permissions
Performance
Other Approaches
CertShim [Bates et al CCS 2014]
Benefitsbull Transparently intercept TLS library calls (LD_PRELOAD)bull Low overhead
Limitationsbull Dynamic linked libraries onlybull User-level attacker can disable
TrustBase Information
bull Source code httpsgithubcommarkoneilltrustbase-linux
bull Pull requests welcome
bull Project website httpsowntrustorg
bull Contact mtobyuedu
Linux Android Win10
Future - Layering-Aware Applications
TrustBasebull Application API
bull Secure Socket Type
MessageGuardbull Customize for websites
bull Key management
bull Email API for encrypted attachments
Summary
Remove security functionality burden from developers
Layer security at control points
Risks and Rewards
Risksbull Bugs are global
bull Disruption is a DOS
Rewardsbull Correctness
bull Many eyeballs
bull Easier path to fix flaws
bull Updates are global
bull More rapid deployment of new security features
Risks amp Rewards Example ndash TLS Inspection
Source Durumeric et al The Security Impact of HTTPS Interception NDSS 2017
Risks amp Rewards Example ndash TLS Inspection
Source Durumeric et al The Security Impact of HTTPS Interception NDSS 2017
Future Applications in our Research
Password authenticationbull Password monitoring
bull Strong password protocols
Content-based encryption and signing of web content
Funding Acknowledgement
This material is based upon work supported by the National Science Foundation under Grant No CNS-1528022Any opinions findings and conclusions or recommendations expressed in this material are those of the author(s) and do not necessarily reflect the views of the National Science Foundation
This material is based on research sponsored by the Department of Homeland Security (DHS) Science and Technology DirectorateCyber Security Division (DHS SampTCSD) via contract number HHSP233201600046CThe views and conclusions contained herein are those of the authors and should not be interpreted as necessarily representing the official policies or endorsements either expressed or implied of the Department of Homeland Security
Questions
![Page 17: Layering Security at Global Control Points to Secure ......Layering Security at Global Control Points to Secure Unmodified Software Scott Ruoti MIT Lincoln Laboratory* Kent Seamons,](https://reader033.fdocuments.us/reader033/viewer/2022041922/5e6c871238dc2c12146ebae9/html5/thumbnails/17.jpg)
TrustBase
bull Motivating principlesbull Centralize authentication as an OS service
bull Empower system admins to dictate how trust decisions are made on their own machines
bull Design goalsbull Secure all existing applications
bull Prohibit unprivileged applications from acting against administrator rules
bull Provide easy deployment of authentication systems
bull Negligible overhead
API
TrustBase
Transport
Network
helliphellip
Application
Validation
Plugins
Prototypes forbull Linuxbull Android (nonrooted)bull Windows
Moving Trust to the OS
TrustBase Architecture
TrustBase Architecture
Traffic Interception (Linux)
Sock
et A
PI
TCP
Han
dlin
g
connect
writesend
sendmsgsendmmsg
readrecv
recvmsgrecvmmsg
closeshutdown
Handler API
bull Loadable kernel module
bull Hooks into native transport protocol functionality
bull Provides generic inspectionmodification API
Evaluation
Coverage
Hardening
bull Unprivileged malware cannot unload interception
bull CAP_NET_RAW is required to use raw sockets (default) and to bypass TrustBase interception
bull CAP_NET_ADMIN required to receive and respond to queries
bull Configuration is writable only by privileged users
bull Daemons run nonroot with only required permissions
Performance
Other Approaches
CertShim [Bates et al CCS 2014]
Benefitsbull Transparently intercept TLS library calls (LD_PRELOAD)bull Low overhead
Limitationsbull Dynamic linked libraries onlybull User-level attacker can disable
TrustBase Information
bull Source code httpsgithubcommarkoneilltrustbase-linux
bull Pull requests welcome
bull Project website httpsowntrustorg
bull Contact mtobyuedu
Linux Android Win10
Future - Layering-Aware Applications
TrustBasebull Application API
bull Secure Socket Type
MessageGuardbull Customize for websites
bull Key management
bull Email API for encrypted attachments
Summary
Remove security functionality burden from developers
Layer security at control points
Risks and Rewards
Risksbull Bugs are global
bull Disruption is a DOS
Rewardsbull Correctness
bull Many eyeballs
bull Easier path to fix flaws
bull Updates are global
bull More rapid deployment of new security features
Risks amp Rewards Example ndash TLS Inspection
Source Durumeric et al The Security Impact of HTTPS Interception NDSS 2017
Risks amp Rewards Example ndash TLS Inspection
Source Durumeric et al The Security Impact of HTTPS Interception NDSS 2017
Future Applications in our Research
Password authenticationbull Password monitoring
bull Strong password protocols
Content-based encryption and signing of web content
Funding Acknowledgement
This material is based upon work supported by the National Science Foundation under Grant No CNS-1528022Any opinions findings and conclusions or recommendations expressed in this material are those of the author(s) and do not necessarily reflect the views of the National Science Foundation
This material is based on research sponsored by the Department of Homeland Security (DHS) Science and Technology DirectorateCyber Security Division (DHS SampTCSD) via contract number HHSP233201600046CThe views and conclusions contained herein are those of the authors and should not be interpreted as necessarily representing the official policies or endorsements either expressed or implied of the Department of Homeland Security
Questions
![Page 18: Layering Security at Global Control Points to Secure ......Layering Security at Global Control Points to Secure Unmodified Software Scott Ruoti MIT Lincoln Laboratory* Kent Seamons,](https://reader033.fdocuments.us/reader033/viewer/2022041922/5e6c871238dc2c12146ebae9/html5/thumbnails/18.jpg)
API
TrustBase
Transport
Network
helliphellip
Application
Validation
Plugins
Prototypes forbull Linuxbull Android (nonrooted)bull Windows
Moving Trust to the OS
TrustBase Architecture
TrustBase Architecture
Traffic Interception (Linux)
Sock
et A
PI
TCP
Han
dlin
g
connect
writesend
sendmsgsendmmsg
readrecv
recvmsgrecvmmsg
closeshutdown
Handler API
bull Loadable kernel module
bull Hooks into native transport protocol functionality
bull Provides generic inspectionmodification API
Evaluation
Coverage
Hardening
bull Unprivileged malware cannot unload interception
bull CAP_NET_RAW is required to use raw sockets (default) and to bypass TrustBase interception
bull CAP_NET_ADMIN required to receive and respond to queries
bull Configuration is writable only by privileged users
bull Daemons run nonroot with only required permissions
Performance
Other Approaches
CertShim [Bates et al CCS 2014]
Benefitsbull Transparently intercept TLS library calls (LD_PRELOAD)bull Low overhead
Limitationsbull Dynamic linked libraries onlybull User-level attacker can disable
TrustBase Information
bull Source code httpsgithubcommarkoneilltrustbase-linux
bull Pull requests welcome
bull Project website httpsowntrustorg
bull Contact mtobyuedu
Linux Android Win10
Future - Layering-Aware Applications
TrustBasebull Application API
bull Secure Socket Type
MessageGuardbull Customize for websites
bull Key management
bull Email API for encrypted attachments
Summary
Remove security functionality burden from developers
Layer security at control points
Risks and Rewards
Risksbull Bugs are global
bull Disruption is a DOS
Rewardsbull Correctness
bull Many eyeballs
bull Easier path to fix flaws
bull Updates are global
bull More rapid deployment of new security features
Risks amp Rewards Example ndash TLS Inspection
Source Durumeric et al The Security Impact of HTTPS Interception NDSS 2017
Risks amp Rewards Example ndash TLS Inspection
Source Durumeric et al The Security Impact of HTTPS Interception NDSS 2017
Future Applications in our Research
Password authenticationbull Password monitoring
bull Strong password protocols
Content-based encryption and signing of web content
Funding Acknowledgement
This material is based upon work supported by the National Science Foundation under Grant No CNS-1528022Any opinions findings and conclusions or recommendations expressed in this material are those of the author(s) and do not necessarily reflect the views of the National Science Foundation
This material is based on research sponsored by the Department of Homeland Security (DHS) Science and Technology DirectorateCyber Security Division (DHS SampTCSD) via contract number HHSP233201600046CThe views and conclusions contained herein are those of the authors and should not be interpreted as necessarily representing the official policies or endorsements either expressed or implied of the Department of Homeland Security
Questions
![Page 19: Layering Security at Global Control Points to Secure ......Layering Security at Global Control Points to Secure Unmodified Software Scott Ruoti MIT Lincoln Laboratory* Kent Seamons,](https://reader033.fdocuments.us/reader033/viewer/2022041922/5e6c871238dc2c12146ebae9/html5/thumbnails/19.jpg)
TrustBase Architecture
TrustBase Architecture
Traffic Interception (Linux)
Sock
et A
PI
TCP
Han
dlin
g
connect
writesend
sendmsgsendmmsg
readrecv
recvmsgrecvmmsg
closeshutdown
Handler API
bull Loadable kernel module
bull Hooks into native transport protocol functionality
bull Provides generic inspectionmodification API
Evaluation
Coverage
Hardening
bull Unprivileged malware cannot unload interception
bull CAP_NET_RAW is required to use raw sockets (default) and to bypass TrustBase interception
bull CAP_NET_ADMIN required to receive and respond to queries
bull Configuration is writable only by privileged users
bull Daemons run nonroot with only required permissions
Performance
Other Approaches
CertShim [Bates et al CCS 2014]
Benefitsbull Transparently intercept TLS library calls (LD_PRELOAD)bull Low overhead
Limitationsbull Dynamic linked libraries onlybull User-level attacker can disable
TrustBase Information
bull Source code httpsgithubcommarkoneilltrustbase-linux
bull Pull requests welcome
bull Project website httpsowntrustorg
bull Contact mtobyuedu
Linux Android Win10
Future - Layering-Aware Applications
TrustBasebull Application API
bull Secure Socket Type
MessageGuardbull Customize for websites
bull Key management
bull Email API for encrypted attachments
Summary
Remove security functionality burden from developers
Layer security at control points
Risks and Rewards
Risksbull Bugs are global
bull Disruption is a DOS
Rewardsbull Correctness
bull Many eyeballs
bull Easier path to fix flaws
bull Updates are global
bull More rapid deployment of new security features
Risks amp Rewards Example ndash TLS Inspection
Source Durumeric et al The Security Impact of HTTPS Interception NDSS 2017
Risks amp Rewards Example ndash TLS Inspection
Source Durumeric et al The Security Impact of HTTPS Interception NDSS 2017
Future Applications in our Research
Password authenticationbull Password monitoring
bull Strong password protocols
Content-based encryption and signing of web content
Funding Acknowledgement
This material is based upon work supported by the National Science Foundation under Grant No CNS-1528022Any opinions findings and conclusions or recommendations expressed in this material are those of the author(s) and do not necessarily reflect the views of the National Science Foundation
This material is based on research sponsored by the Department of Homeland Security (DHS) Science and Technology DirectorateCyber Security Division (DHS SampTCSD) via contract number HHSP233201600046CThe views and conclusions contained herein are those of the authors and should not be interpreted as necessarily representing the official policies or endorsements either expressed or implied of the Department of Homeland Security
Questions
![Page 20: Layering Security at Global Control Points to Secure ......Layering Security at Global Control Points to Secure Unmodified Software Scott Ruoti MIT Lincoln Laboratory* Kent Seamons,](https://reader033.fdocuments.us/reader033/viewer/2022041922/5e6c871238dc2c12146ebae9/html5/thumbnails/20.jpg)
TrustBase Architecture
Traffic Interception (Linux)
Sock
et A
PI
TCP
Han
dlin
g
connect
writesend
sendmsgsendmmsg
readrecv
recvmsgrecvmmsg
closeshutdown
Handler API
bull Loadable kernel module
bull Hooks into native transport protocol functionality
bull Provides generic inspectionmodification API
Evaluation
Coverage
Hardening
bull Unprivileged malware cannot unload interception
bull CAP_NET_RAW is required to use raw sockets (default) and to bypass TrustBase interception
bull CAP_NET_ADMIN required to receive and respond to queries
bull Configuration is writable only by privileged users
bull Daemons run nonroot with only required permissions
Performance
Other Approaches
CertShim [Bates et al CCS 2014]
Benefitsbull Transparently intercept TLS library calls (LD_PRELOAD)bull Low overhead
Limitationsbull Dynamic linked libraries onlybull User-level attacker can disable
TrustBase Information
bull Source code httpsgithubcommarkoneilltrustbase-linux
bull Pull requests welcome
bull Project website httpsowntrustorg
bull Contact mtobyuedu
Linux Android Win10
Future - Layering-Aware Applications
TrustBasebull Application API
bull Secure Socket Type
MessageGuardbull Customize for websites
bull Key management
bull Email API for encrypted attachments
Summary
Remove security functionality burden from developers
Layer security at control points
Risks and Rewards
Risksbull Bugs are global
bull Disruption is a DOS
Rewardsbull Correctness
bull Many eyeballs
bull Easier path to fix flaws
bull Updates are global
bull More rapid deployment of new security features
Risks amp Rewards Example ndash TLS Inspection
Source Durumeric et al The Security Impact of HTTPS Interception NDSS 2017
Risks amp Rewards Example ndash TLS Inspection
Source Durumeric et al The Security Impact of HTTPS Interception NDSS 2017
Future Applications in our Research
Password authenticationbull Password monitoring
bull Strong password protocols
Content-based encryption and signing of web content
Funding Acknowledgement
This material is based upon work supported by the National Science Foundation under Grant No CNS-1528022Any opinions findings and conclusions or recommendations expressed in this material are those of the author(s) and do not necessarily reflect the views of the National Science Foundation
This material is based on research sponsored by the Department of Homeland Security (DHS) Science and Technology DirectorateCyber Security Division (DHS SampTCSD) via contract number HHSP233201600046CThe views and conclusions contained herein are those of the authors and should not be interpreted as necessarily representing the official policies or endorsements either expressed or implied of the Department of Homeland Security
Questions
![Page 21: Layering Security at Global Control Points to Secure ......Layering Security at Global Control Points to Secure Unmodified Software Scott Ruoti MIT Lincoln Laboratory* Kent Seamons,](https://reader033.fdocuments.us/reader033/viewer/2022041922/5e6c871238dc2c12146ebae9/html5/thumbnails/21.jpg)
Traffic Interception (Linux)
Sock
et A
PI
TCP
Han
dlin
g
connect
writesend
sendmsgsendmmsg
readrecv
recvmsgrecvmmsg
closeshutdown
Handler API
bull Loadable kernel module
bull Hooks into native transport protocol functionality
bull Provides generic inspectionmodification API
Evaluation
Coverage
Hardening
bull Unprivileged malware cannot unload interception
bull CAP_NET_RAW is required to use raw sockets (default) and to bypass TrustBase interception
bull CAP_NET_ADMIN required to receive and respond to queries
bull Configuration is writable only by privileged users
bull Daemons run nonroot with only required permissions
Performance
Other Approaches
CertShim [Bates et al CCS 2014]
Benefitsbull Transparently intercept TLS library calls (LD_PRELOAD)bull Low overhead
Limitationsbull Dynamic linked libraries onlybull User-level attacker can disable
TrustBase Information
bull Source code httpsgithubcommarkoneilltrustbase-linux
bull Pull requests welcome
bull Project website httpsowntrustorg
bull Contact mtobyuedu
Linux Android Win10
Future - Layering-Aware Applications
TrustBasebull Application API
bull Secure Socket Type
MessageGuardbull Customize for websites
bull Key management
bull Email API for encrypted attachments
Summary
Remove security functionality burden from developers
Layer security at control points
Risks and Rewards
Risksbull Bugs are global
bull Disruption is a DOS
Rewardsbull Correctness
bull Many eyeballs
bull Easier path to fix flaws
bull Updates are global
bull More rapid deployment of new security features
Risks amp Rewards Example ndash TLS Inspection
Source Durumeric et al The Security Impact of HTTPS Interception NDSS 2017
Risks amp Rewards Example ndash TLS Inspection
Source Durumeric et al The Security Impact of HTTPS Interception NDSS 2017
Future Applications in our Research
Password authenticationbull Password monitoring
bull Strong password protocols
Content-based encryption and signing of web content
Funding Acknowledgement
This material is based upon work supported by the National Science Foundation under Grant No CNS-1528022Any opinions findings and conclusions or recommendations expressed in this material are those of the author(s) and do not necessarily reflect the views of the National Science Foundation
This material is based on research sponsored by the Department of Homeland Security (DHS) Science and Technology DirectorateCyber Security Division (DHS SampTCSD) via contract number HHSP233201600046CThe views and conclusions contained herein are those of the authors and should not be interpreted as necessarily representing the official policies or endorsements either expressed or implied of the Department of Homeland Security
Questions
![Page 22: Layering Security at Global Control Points to Secure ......Layering Security at Global Control Points to Secure Unmodified Software Scott Ruoti MIT Lincoln Laboratory* Kent Seamons,](https://reader033.fdocuments.us/reader033/viewer/2022041922/5e6c871238dc2c12146ebae9/html5/thumbnails/22.jpg)
Evaluation
Coverage
Hardening
bull Unprivileged malware cannot unload interception
bull CAP_NET_RAW is required to use raw sockets (default) and to bypass TrustBase interception
bull CAP_NET_ADMIN required to receive and respond to queries
bull Configuration is writable only by privileged users
bull Daemons run nonroot with only required permissions
Performance
Other Approaches
CertShim [Bates et al CCS 2014]
Benefitsbull Transparently intercept TLS library calls (LD_PRELOAD)bull Low overhead
Limitationsbull Dynamic linked libraries onlybull User-level attacker can disable
TrustBase Information
bull Source code httpsgithubcommarkoneilltrustbase-linux
bull Pull requests welcome
bull Project website httpsowntrustorg
bull Contact mtobyuedu
Linux Android Win10
Future - Layering-Aware Applications
TrustBasebull Application API
bull Secure Socket Type
MessageGuardbull Customize for websites
bull Key management
bull Email API for encrypted attachments
Summary
Remove security functionality burden from developers
Layer security at control points
Risks and Rewards
Risksbull Bugs are global
bull Disruption is a DOS
Rewardsbull Correctness
bull Many eyeballs
bull Easier path to fix flaws
bull Updates are global
bull More rapid deployment of new security features
Risks amp Rewards Example ndash TLS Inspection
Source Durumeric et al The Security Impact of HTTPS Interception NDSS 2017
Risks amp Rewards Example ndash TLS Inspection
Source Durumeric et al The Security Impact of HTTPS Interception NDSS 2017
Future Applications in our Research
Password authenticationbull Password monitoring
bull Strong password protocols
Content-based encryption and signing of web content
Funding Acknowledgement
This material is based upon work supported by the National Science Foundation under Grant No CNS-1528022Any opinions findings and conclusions or recommendations expressed in this material are those of the author(s) and do not necessarily reflect the views of the National Science Foundation
This material is based on research sponsored by the Department of Homeland Security (DHS) Science and Technology DirectorateCyber Security Division (DHS SampTCSD) via contract number HHSP233201600046CThe views and conclusions contained herein are those of the authors and should not be interpreted as necessarily representing the official policies or endorsements either expressed or implied of the Department of Homeland Security
Questions
![Page 23: Layering Security at Global Control Points to Secure ......Layering Security at Global Control Points to Secure Unmodified Software Scott Ruoti MIT Lincoln Laboratory* Kent Seamons,](https://reader033.fdocuments.us/reader033/viewer/2022041922/5e6c871238dc2c12146ebae9/html5/thumbnails/23.jpg)
Coverage
Hardening
bull Unprivileged malware cannot unload interception
bull CAP_NET_RAW is required to use raw sockets (default) and to bypass TrustBase interception
bull CAP_NET_ADMIN required to receive and respond to queries
bull Configuration is writable only by privileged users
bull Daemons run nonroot with only required permissions
Performance
Other Approaches
CertShim [Bates et al CCS 2014]
Benefitsbull Transparently intercept TLS library calls (LD_PRELOAD)bull Low overhead
Limitationsbull Dynamic linked libraries onlybull User-level attacker can disable
TrustBase Information
bull Source code httpsgithubcommarkoneilltrustbase-linux
bull Pull requests welcome
bull Project website httpsowntrustorg
bull Contact mtobyuedu
Linux Android Win10
Future - Layering-Aware Applications
TrustBasebull Application API
bull Secure Socket Type
MessageGuardbull Customize for websites
bull Key management
bull Email API for encrypted attachments
Summary
Remove security functionality burden from developers
Layer security at control points
Risks and Rewards
Risksbull Bugs are global
bull Disruption is a DOS
Rewardsbull Correctness
bull Many eyeballs
bull Easier path to fix flaws
bull Updates are global
bull More rapid deployment of new security features
Risks amp Rewards Example ndash TLS Inspection
Source Durumeric et al The Security Impact of HTTPS Interception NDSS 2017
Risks amp Rewards Example ndash TLS Inspection
Source Durumeric et al The Security Impact of HTTPS Interception NDSS 2017
Future Applications in our Research
Password authenticationbull Password monitoring
bull Strong password protocols
Content-based encryption and signing of web content
Funding Acknowledgement
This material is based upon work supported by the National Science Foundation under Grant No CNS-1528022Any opinions findings and conclusions or recommendations expressed in this material are those of the author(s) and do not necessarily reflect the views of the National Science Foundation
This material is based on research sponsored by the Department of Homeland Security (DHS) Science and Technology DirectorateCyber Security Division (DHS SampTCSD) via contract number HHSP233201600046CThe views and conclusions contained herein are those of the authors and should not be interpreted as necessarily representing the official policies or endorsements either expressed or implied of the Department of Homeland Security
Questions
![Page 24: Layering Security at Global Control Points to Secure ......Layering Security at Global Control Points to Secure Unmodified Software Scott Ruoti MIT Lincoln Laboratory* Kent Seamons,](https://reader033.fdocuments.us/reader033/viewer/2022041922/5e6c871238dc2c12146ebae9/html5/thumbnails/24.jpg)
Hardening
bull Unprivileged malware cannot unload interception
bull CAP_NET_RAW is required to use raw sockets (default) and to bypass TrustBase interception
bull CAP_NET_ADMIN required to receive and respond to queries
bull Configuration is writable only by privileged users
bull Daemons run nonroot with only required permissions
Performance
Other Approaches
CertShim [Bates et al CCS 2014]
Benefitsbull Transparently intercept TLS library calls (LD_PRELOAD)bull Low overhead
Limitationsbull Dynamic linked libraries onlybull User-level attacker can disable
TrustBase Information
bull Source code httpsgithubcommarkoneilltrustbase-linux
bull Pull requests welcome
bull Project website httpsowntrustorg
bull Contact mtobyuedu
Linux Android Win10
Future - Layering-Aware Applications
TrustBasebull Application API
bull Secure Socket Type
MessageGuardbull Customize for websites
bull Key management
bull Email API for encrypted attachments
Summary
Remove security functionality burden from developers
Layer security at control points
Risks and Rewards
Risksbull Bugs are global
bull Disruption is a DOS
Rewardsbull Correctness
bull Many eyeballs
bull Easier path to fix flaws
bull Updates are global
bull More rapid deployment of new security features
Risks amp Rewards Example ndash TLS Inspection
Source Durumeric et al The Security Impact of HTTPS Interception NDSS 2017
Risks amp Rewards Example ndash TLS Inspection
Source Durumeric et al The Security Impact of HTTPS Interception NDSS 2017
Future Applications in our Research
Password authenticationbull Password monitoring
bull Strong password protocols
Content-based encryption and signing of web content
Funding Acknowledgement
This material is based upon work supported by the National Science Foundation under Grant No CNS-1528022Any opinions findings and conclusions or recommendations expressed in this material are those of the author(s) and do not necessarily reflect the views of the National Science Foundation
This material is based on research sponsored by the Department of Homeland Security (DHS) Science and Technology DirectorateCyber Security Division (DHS SampTCSD) via contract number HHSP233201600046CThe views and conclusions contained herein are those of the authors and should not be interpreted as necessarily representing the official policies or endorsements either expressed or implied of the Department of Homeland Security
Questions
![Page 25: Layering Security at Global Control Points to Secure ......Layering Security at Global Control Points to Secure Unmodified Software Scott Ruoti MIT Lincoln Laboratory* Kent Seamons,](https://reader033.fdocuments.us/reader033/viewer/2022041922/5e6c871238dc2c12146ebae9/html5/thumbnails/25.jpg)
Performance
Other Approaches
CertShim [Bates et al CCS 2014]
Benefitsbull Transparently intercept TLS library calls (LD_PRELOAD)bull Low overhead
Limitationsbull Dynamic linked libraries onlybull User-level attacker can disable
TrustBase Information
bull Source code httpsgithubcommarkoneilltrustbase-linux
bull Pull requests welcome
bull Project website httpsowntrustorg
bull Contact mtobyuedu
Linux Android Win10
Future - Layering-Aware Applications
TrustBasebull Application API
bull Secure Socket Type
MessageGuardbull Customize for websites
bull Key management
bull Email API for encrypted attachments
Summary
Remove security functionality burden from developers
Layer security at control points
Risks and Rewards
Risksbull Bugs are global
bull Disruption is a DOS
Rewardsbull Correctness
bull Many eyeballs
bull Easier path to fix flaws
bull Updates are global
bull More rapid deployment of new security features
Risks amp Rewards Example ndash TLS Inspection
Source Durumeric et al The Security Impact of HTTPS Interception NDSS 2017
Risks amp Rewards Example ndash TLS Inspection
Source Durumeric et al The Security Impact of HTTPS Interception NDSS 2017
Future Applications in our Research
Password authenticationbull Password monitoring
bull Strong password protocols
Content-based encryption and signing of web content
Funding Acknowledgement
This material is based upon work supported by the National Science Foundation under Grant No CNS-1528022Any opinions findings and conclusions or recommendations expressed in this material are those of the author(s) and do not necessarily reflect the views of the National Science Foundation
This material is based on research sponsored by the Department of Homeland Security (DHS) Science and Technology DirectorateCyber Security Division (DHS SampTCSD) via contract number HHSP233201600046CThe views and conclusions contained herein are those of the authors and should not be interpreted as necessarily representing the official policies or endorsements either expressed or implied of the Department of Homeland Security
Questions
![Page 26: Layering Security at Global Control Points to Secure ......Layering Security at Global Control Points to Secure Unmodified Software Scott Ruoti MIT Lincoln Laboratory* Kent Seamons,](https://reader033.fdocuments.us/reader033/viewer/2022041922/5e6c871238dc2c12146ebae9/html5/thumbnails/26.jpg)
Other Approaches
CertShim [Bates et al CCS 2014]
Benefitsbull Transparently intercept TLS library calls (LD_PRELOAD)bull Low overhead
Limitationsbull Dynamic linked libraries onlybull User-level attacker can disable
TrustBase Information
bull Source code httpsgithubcommarkoneilltrustbase-linux
bull Pull requests welcome
bull Project website httpsowntrustorg
bull Contact mtobyuedu
Linux Android Win10
Future - Layering-Aware Applications
TrustBasebull Application API
bull Secure Socket Type
MessageGuardbull Customize for websites
bull Key management
bull Email API for encrypted attachments
Summary
Remove security functionality burden from developers
Layer security at control points
Risks and Rewards
Risksbull Bugs are global
bull Disruption is a DOS
Rewardsbull Correctness
bull Many eyeballs
bull Easier path to fix flaws
bull Updates are global
bull More rapid deployment of new security features
Risks amp Rewards Example ndash TLS Inspection
Source Durumeric et al The Security Impact of HTTPS Interception NDSS 2017
Risks amp Rewards Example ndash TLS Inspection
Source Durumeric et al The Security Impact of HTTPS Interception NDSS 2017
Future Applications in our Research
Password authenticationbull Password monitoring
bull Strong password protocols
Content-based encryption and signing of web content
Funding Acknowledgement
This material is based upon work supported by the National Science Foundation under Grant No CNS-1528022Any opinions findings and conclusions or recommendations expressed in this material are those of the author(s) and do not necessarily reflect the views of the National Science Foundation
This material is based on research sponsored by the Department of Homeland Security (DHS) Science and Technology DirectorateCyber Security Division (DHS SampTCSD) via contract number HHSP233201600046CThe views and conclusions contained herein are those of the authors and should not be interpreted as necessarily representing the official policies or endorsements either expressed or implied of the Department of Homeland Security
Questions
![Page 27: Layering Security at Global Control Points to Secure ......Layering Security at Global Control Points to Secure Unmodified Software Scott Ruoti MIT Lincoln Laboratory* Kent Seamons,](https://reader033.fdocuments.us/reader033/viewer/2022041922/5e6c871238dc2c12146ebae9/html5/thumbnails/27.jpg)
TrustBase Information
bull Source code httpsgithubcommarkoneilltrustbase-linux
bull Pull requests welcome
bull Project website httpsowntrustorg
bull Contact mtobyuedu
Linux Android Win10
Future - Layering-Aware Applications
TrustBasebull Application API
bull Secure Socket Type
MessageGuardbull Customize for websites
bull Key management
bull Email API for encrypted attachments
Summary
Remove security functionality burden from developers
Layer security at control points
Risks and Rewards
Risksbull Bugs are global
bull Disruption is a DOS
Rewardsbull Correctness
bull Many eyeballs
bull Easier path to fix flaws
bull Updates are global
bull More rapid deployment of new security features
Risks amp Rewards Example ndash TLS Inspection
Source Durumeric et al The Security Impact of HTTPS Interception NDSS 2017
Risks amp Rewards Example ndash TLS Inspection
Source Durumeric et al The Security Impact of HTTPS Interception NDSS 2017
Future Applications in our Research
Password authenticationbull Password monitoring
bull Strong password protocols
Content-based encryption and signing of web content
Funding Acknowledgement
This material is based upon work supported by the National Science Foundation under Grant No CNS-1528022Any opinions findings and conclusions or recommendations expressed in this material are those of the author(s) and do not necessarily reflect the views of the National Science Foundation
This material is based on research sponsored by the Department of Homeland Security (DHS) Science and Technology DirectorateCyber Security Division (DHS SampTCSD) via contract number HHSP233201600046CThe views and conclusions contained herein are those of the authors and should not be interpreted as necessarily representing the official policies or endorsements either expressed or implied of the Department of Homeland Security
Questions
![Page 28: Layering Security at Global Control Points to Secure ......Layering Security at Global Control Points to Secure Unmodified Software Scott Ruoti MIT Lincoln Laboratory* Kent Seamons,](https://reader033.fdocuments.us/reader033/viewer/2022041922/5e6c871238dc2c12146ebae9/html5/thumbnails/28.jpg)
Future - Layering-Aware Applications
TrustBasebull Application API
bull Secure Socket Type
MessageGuardbull Customize for websites
bull Key management
bull Email API for encrypted attachments
Summary
Remove security functionality burden from developers
Layer security at control points
Risks and Rewards
Risksbull Bugs are global
bull Disruption is a DOS
Rewardsbull Correctness
bull Many eyeballs
bull Easier path to fix flaws
bull Updates are global
bull More rapid deployment of new security features
Risks amp Rewards Example ndash TLS Inspection
Source Durumeric et al The Security Impact of HTTPS Interception NDSS 2017
Risks amp Rewards Example ndash TLS Inspection
Source Durumeric et al The Security Impact of HTTPS Interception NDSS 2017
Future Applications in our Research
Password authenticationbull Password monitoring
bull Strong password protocols
Content-based encryption and signing of web content
Funding Acknowledgement
This material is based upon work supported by the National Science Foundation under Grant No CNS-1528022Any opinions findings and conclusions or recommendations expressed in this material are those of the author(s) and do not necessarily reflect the views of the National Science Foundation
This material is based on research sponsored by the Department of Homeland Security (DHS) Science and Technology DirectorateCyber Security Division (DHS SampTCSD) via contract number HHSP233201600046CThe views and conclusions contained herein are those of the authors and should not be interpreted as necessarily representing the official policies or endorsements either expressed or implied of the Department of Homeland Security
Questions
![Page 29: Layering Security at Global Control Points to Secure ......Layering Security at Global Control Points to Secure Unmodified Software Scott Ruoti MIT Lincoln Laboratory* Kent Seamons,](https://reader033.fdocuments.us/reader033/viewer/2022041922/5e6c871238dc2c12146ebae9/html5/thumbnails/29.jpg)
Summary
Remove security functionality burden from developers
Layer security at control points
Risks and Rewards
Risksbull Bugs are global
bull Disruption is a DOS
Rewardsbull Correctness
bull Many eyeballs
bull Easier path to fix flaws
bull Updates are global
bull More rapid deployment of new security features
Risks amp Rewards Example ndash TLS Inspection
Source Durumeric et al The Security Impact of HTTPS Interception NDSS 2017
Risks amp Rewards Example ndash TLS Inspection
Source Durumeric et al The Security Impact of HTTPS Interception NDSS 2017
Future Applications in our Research
Password authenticationbull Password monitoring
bull Strong password protocols
Content-based encryption and signing of web content
Funding Acknowledgement
This material is based upon work supported by the National Science Foundation under Grant No CNS-1528022Any opinions findings and conclusions or recommendations expressed in this material are those of the author(s) and do not necessarily reflect the views of the National Science Foundation
This material is based on research sponsored by the Department of Homeland Security (DHS) Science and Technology DirectorateCyber Security Division (DHS SampTCSD) via contract number HHSP233201600046CThe views and conclusions contained herein are those of the authors and should not be interpreted as necessarily representing the official policies or endorsements either expressed or implied of the Department of Homeland Security
Questions
![Page 30: Layering Security at Global Control Points to Secure ......Layering Security at Global Control Points to Secure Unmodified Software Scott Ruoti MIT Lincoln Laboratory* Kent Seamons,](https://reader033.fdocuments.us/reader033/viewer/2022041922/5e6c871238dc2c12146ebae9/html5/thumbnails/30.jpg)
Risks and Rewards
Risksbull Bugs are global
bull Disruption is a DOS
Rewardsbull Correctness
bull Many eyeballs
bull Easier path to fix flaws
bull Updates are global
bull More rapid deployment of new security features
Risks amp Rewards Example ndash TLS Inspection
Source Durumeric et al The Security Impact of HTTPS Interception NDSS 2017
Risks amp Rewards Example ndash TLS Inspection
Source Durumeric et al The Security Impact of HTTPS Interception NDSS 2017
Future Applications in our Research
Password authenticationbull Password monitoring
bull Strong password protocols
Content-based encryption and signing of web content
Funding Acknowledgement
This material is based upon work supported by the National Science Foundation under Grant No CNS-1528022Any opinions findings and conclusions or recommendations expressed in this material are those of the author(s) and do not necessarily reflect the views of the National Science Foundation
This material is based on research sponsored by the Department of Homeland Security (DHS) Science and Technology DirectorateCyber Security Division (DHS SampTCSD) via contract number HHSP233201600046CThe views and conclusions contained herein are those of the authors and should not be interpreted as necessarily representing the official policies or endorsements either expressed or implied of the Department of Homeland Security
Questions
![Page 31: Layering Security at Global Control Points to Secure ......Layering Security at Global Control Points to Secure Unmodified Software Scott Ruoti MIT Lincoln Laboratory* Kent Seamons,](https://reader033.fdocuments.us/reader033/viewer/2022041922/5e6c871238dc2c12146ebae9/html5/thumbnails/31.jpg)
Risks amp Rewards Example ndash TLS Inspection
Source Durumeric et al The Security Impact of HTTPS Interception NDSS 2017
Risks amp Rewards Example ndash TLS Inspection
Source Durumeric et al The Security Impact of HTTPS Interception NDSS 2017
Future Applications in our Research
Password authenticationbull Password monitoring
bull Strong password protocols
Content-based encryption and signing of web content
Funding Acknowledgement
This material is based upon work supported by the National Science Foundation under Grant No CNS-1528022Any opinions findings and conclusions or recommendations expressed in this material are those of the author(s) and do not necessarily reflect the views of the National Science Foundation
This material is based on research sponsored by the Department of Homeland Security (DHS) Science and Technology DirectorateCyber Security Division (DHS SampTCSD) via contract number HHSP233201600046CThe views and conclusions contained herein are those of the authors and should not be interpreted as necessarily representing the official policies or endorsements either expressed or implied of the Department of Homeland Security
Questions
![Page 32: Layering Security at Global Control Points to Secure ......Layering Security at Global Control Points to Secure Unmodified Software Scott Ruoti MIT Lincoln Laboratory* Kent Seamons,](https://reader033.fdocuments.us/reader033/viewer/2022041922/5e6c871238dc2c12146ebae9/html5/thumbnails/32.jpg)
Risks amp Rewards Example ndash TLS Inspection
Source Durumeric et al The Security Impact of HTTPS Interception NDSS 2017
Future Applications in our Research
Password authenticationbull Password monitoring
bull Strong password protocols
Content-based encryption and signing of web content
Funding Acknowledgement
This material is based upon work supported by the National Science Foundation under Grant No CNS-1528022Any opinions findings and conclusions or recommendations expressed in this material are those of the author(s) and do not necessarily reflect the views of the National Science Foundation
This material is based on research sponsored by the Department of Homeland Security (DHS) Science and Technology DirectorateCyber Security Division (DHS SampTCSD) via contract number HHSP233201600046CThe views and conclusions contained herein are those of the authors and should not be interpreted as necessarily representing the official policies or endorsements either expressed or implied of the Department of Homeland Security
Questions
![Page 33: Layering Security at Global Control Points to Secure ......Layering Security at Global Control Points to Secure Unmodified Software Scott Ruoti MIT Lincoln Laboratory* Kent Seamons,](https://reader033.fdocuments.us/reader033/viewer/2022041922/5e6c871238dc2c12146ebae9/html5/thumbnails/33.jpg)
Future Applications in our Research
Password authenticationbull Password monitoring
bull Strong password protocols
Content-based encryption and signing of web content
Funding Acknowledgement
This material is based upon work supported by the National Science Foundation under Grant No CNS-1528022Any opinions findings and conclusions or recommendations expressed in this material are those of the author(s) and do not necessarily reflect the views of the National Science Foundation
This material is based on research sponsored by the Department of Homeland Security (DHS) Science and Technology DirectorateCyber Security Division (DHS SampTCSD) via contract number HHSP233201600046CThe views and conclusions contained herein are those of the authors and should not be interpreted as necessarily representing the official policies or endorsements either expressed or implied of the Department of Homeland Security
Questions
![Page 34: Layering Security at Global Control Points to Secure ......Layering Security at Global Control Points to Secure Unmodified Software Scott Ruoti MIT Lincoln Laboratory* Kent Seamons,](https://reader033.fdocuments.us/reader033/viewer/2022041922/5e6c871238dc2c12146ebae9/html5/thumbnails/34.jpg)
Funding Acknowledgement
This material is based upon work supported by the National Science Foundation under Grant No CNS-1528022Any opinions findings and conclusions or recommendations expressed in this material are those of the author(s) and do not necessarily reflect the views of the National Science Foundation
This material is based on research sponsored by the Department of Homeland Security (DHS) Science and Technology DirectorateCyber Security Division (DHS SampTCSD) via contract number HHSP233201600046CThe views and conclusions contained herein are those of the authors and should not be interpreted as necessarily representing the official policies or endorsements either expressed or implied of the Department of Homeland Security
Questions
![Page 35: Layering Security at Global Control Points to Secure ......Layering Security at Global Control Points to Secure Unmodified Software Scott Ruoti MIT Lincoln Laboratory* Kent Seamons,](https://reader033.fdocuments.us/reader033/viewer/2022041922/5e6c871238dc2c12146ebae9/html5/thumbnails/35.jpg)
Questions