Composable Security Analysis of OS Services

Canetti, Ran; Chari, Suresh; Halevi, Shai; Pfitzmann, Birgit; Steiner, Michael; Venema, Wietse

doi:10.1007/978-3-642-21554-4_25

Cited by 4 publications

(4 citation statements)

References 18 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Using UC Canetti et al [34] show how the UC framework can be used to analyze the simple components of a file system in isolation and to guarantee that these components maintain their behavior in the larger system even under adversarial conditions. This demonstrates basic integrity properties of the file system, i.e., the binding of files to filenames and writing capabilities.…”

Section: Related Workmentioning

confidence: 99%

“…For our analysis, we apply the style of [34] to the larger and more complex OpenStack framework and utilize aspects of [35,36] to achieve secure communication. We further use our construction to demonstrate security flaws in OpenStack's current authorization mechanism and assess the improvements provided by our suggested changes.…”

Section: Related Workmentioning

confidence: 99%

“…Furthermore, a number of works have made advancements to use these frameworks to analyze security of security-sensitive systems that are non-cryptographic in nature, e.g. [8,9,10,11,12]. Extending these cryptographic frameworks to handle systems with complex interfaces and sizeable codebase is a challenging endeavor -but one that holds great promise.…”

Section: Introductionmentioning

confidence: 99%

See 2 more Smart Citations

On the Universally Composable Security of OpenStack

Hogan

Maleki

Rahaeimehr

et al. 2019

2019 IEEE Cybersecurity Development (SecDev)

Self Cite

View full text Add to dashboard Cite

We initiate an effort to demonstrate how we can provide a rigorous, perceptible and holistic security analysis of a very large scale system. We choose OpenStack to exemplify our approach. OpenStack is the prevalent open-source, non-proprietary package for managing cloud services and data centers. It is highly complex and consists of multiple inter-related components which are developed by separate, loosely coordinated groups. All of these properties make the security analysis of OpenStack both a crucial mission and a challenging one. We base our modeling and security analysis in the universally composable (UC) security framework, which has been so far used mainly for analyzing security of cryptographic protocols. Indeed, demonstrating how the UC framework can be used to argue about security-sensitive systems which are mostly non-cryptographic, in nature, is one of the main contributions of this work.Our analysis has the following key features:1. It is user-centric: It stresses the security guarantees given to users of the system, in terms of privacy, correctness, and timeliness of the services.Although our analysis covers only a number of core components of OpenStack, it formulates some basic and important security trade offs in the design. It also naturally paves the way to a more comprehensive analysis of OpenStack. In addition, as a by-product result of our modeling, we introduce a novel tokening mechanism, RAFT, which is backward compatible with Fernet Token currently used in OpenStack. By applying the UC framework, we prove that RAFT's one-time use tokens can realize a more secure OpenStack cloud than bearer tokens do.

show abstract

Section: Related Workmentioning

confidence: 99%

Section: Related Workmentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

See 1 more Smart Citation

On the Universally Composable Security of OpenStack

Hogan

Maleki

Rahaeimehr

et al. 2019

2019 IEEE Cybersecurity Development (SecDev)

Self Cite

View full text Add to dashboard Cite

show abstract

“…At the algorithmic layer, one way to provide separation of responsibilities is via universal composability (UC) [49]. UC has been specialized and simplified for the MPC setting [50], and the potential value of UC has been shown throughout the computing stack [51]- [53].…”

Section: B Accessibility and Composabilitymentioning

confidence: 99%

Role-Based Ecosystem for the Design, Development, and Deployment of Secure Multi-Party Data Analytics Applications

Lapets

Albab

Issa

et al. 2019

2019 IEEE Cybersecurity Development (SecDev)

View full text Add to dashboard Cite

Software applications that employ secure multi-party computation (MPC) can empower individuals and organizations to benefit from privacy-preserving data analyses when data sharing is encumbered by confidentiality concerns, legal constraints, or corporate policies. MPC is already being incorporated into software solutions in some domains; however, individual use cases do not fully convey the variety, extent, and complexity of the opportunities of MPC. This position paper articulates a rolebased perspective that can provide some insight into how future research directions, infrastructure development and evaluation approaches, and deployment practices for MPC may evolve. Drawing on our own lessons from existing real-world deployments and the fundamental characteristics of MPC that make it a compelling technology, we propose a role-based conceptual framework for describing MPC deployment scenarios. Our framework acknowledges and leverages a novel assortment of roles that emerge from the fundamental ways in which MPC protocols support federation of functionalities and responsibilities. Defining these roles using the new opportunities for federation that MPC enables in turn can help identify and organize the capabilities, concerns, incentives, and trade-offs that affect the entities (software engineers, government regulators, corporate executives, end-users, and others) that participate in an MPC deployment scenario. This framework can not only guide the development of an ecosystem of modular and composable MPC tools, but can make explicit some of the opportunities that researchers and software engineers (and any organizations they form) have to differentiate and specialize the artifacts and services they choose to design, develop, and deploy. We demonstrate how this framework can be used to describe existing MPC deployment scenarios, how new opportunities in a scenario can be observed by disentangling roles inhabited by the involved parties, and how this can motivate the development of MPC libraries and software tools that specialize not by application domain but by role.

show abstract