University of Cambridge > > Computer Laboratory Security Seminar > Architectures for Practical Client-Side Security

Architectures for Practical Client-Side Security

Add to your list(s) Download to your calendar using vCal

If you have a question about this talk, please contact Wei Ming Khoo.

Few of the security architectures proposed for the past four decades (e.g., fine-grain domains of protection, security kernels, virtual machines) have made a significant difference on client-side security. In this presentation, I examine some of the reasons for this and some of the lessons learned to date. Focus on client-side security is warranted primarily because it is substantially more difficult to achieve than server security in practice, since clients interact with human users directly and have to support their security needs. I argue that system and application partitioning to meet user security needs is now feasible [2,3,5], and that special focus must be placed on how to design and implement trustworthy communication between users and their partitions and between partitions themselves.

Trustworthy communication goes beyond secure channels, firewalls, guards and filters. The extent to which one partition accepts input from or outputs to another depends on the trust established with the input provider and output receiver. It also depends on input-rate throttling and output propagation control, which often require establishing some degree of control over remote communication end points. I illustrate some of the fundamental challenges of trustworthy communication at the user level, and introduce the notion of optimistic trust with its technical requirements for deterrence for non-compliant input providers and output receivers. Useful insights for trustworthy communication are derived from the behavioral economics, biology [1] and social [4] aspects of trust.


[1] E. Fehr, “On the Economics and Biology of Trust,” Journal of the European Economic Association, April – May 2009, pp. 235-266.

[2] B. Lampson, ``Usable Security: How to Get it,” Comm. of the ACM , vol. 52, no. 11, Nov. 2009.

[3] J. McCune, Y. Li, N. Qu, Z. Zhou, A. Datta, V. Gligor, and A. Perrig, ``TrustVisor: Efficient TCB Reduction and Attestation,” Proc. of IEEE Symp. on Security and Privacy, Oakland, CA, May 2010.

[4] F. Stajano and P. Wilson, “Understanding Scam Victims: Seven Principles for Systems Security,” University of Cambridge Computing Laboratory, UCAM -CL-TR-754, Aug. 2009.

[5] A. Vasudevan, B. Parno, N. Qu, V. Gligor and A. Perrig, ``Lockdown: A Safe and Practical Environment for Security Applications,” Technical Report, CMU -CyLab-09-011, July 14, 2009.

This talk is part of the Computer Laboratory Security Seminar series.

Tell a friend about this talk:

This talk is included in these lists:

Note that ex-directory lists are not shown.


© 2006-2023, University of Cambridge. Contact Us | Help and Documentation | Privacy and Publicity