Mending Broken Trust: Ensuring Privacy and Integrity Online.
详细信息
- 作者:Van Gundy ; Matthew D.
- 学历:Ph.D.
- 年:2014
- 毕业院校:University of California
- Department:Computer Science
- ISBN:9781321213171
- CBH:3637914
- Country:USA
- 语种:English
- FileSize:1682948
- Pages:157
文摘
Common Internet protocols fail to meet users reasonable security expectations in a number of subtle ways. In this work we address three major issues in online communication privacy and integrity: software integrity in web applications,secure multi-party instant messaging,and consistency in distributed protocols subject to Byzantine failures. To protect users from malicious websites,modern web browsers enforce isolation between potentially-malicious code from different sources. Even with perfect isolation,a web server which unintentionally serves malicious code,known as Cross-Site Scripting XSS),allows attackers to take full-control of the web applications client-side interface. Previous XSS defenses primarily targeted only the server-side or the client-side,leading to a semantic gap. To address this problem,we created Noncespaces,an end-to-end system that allows web servers to reliably identify untrusted content so that browsers can enforce flexible security policies,neutralizing XSS vulnerabilities. Many other online communication mediums also suffer from confidentiality and integrity problems. Instant Messaging IM),another popular method of communication on the Internet,mimics impromptu face-to-face conversation. However,nearly all IM protocols fail to provide either confidentiality,end-to-end origin authentication,or deniability. Off-the-Record Messaging provides a solution for two-party conversations,but it does not generalize to conversations of three or more parties. To provide secure IM for privacy-conscious users,we propose Multi-party Off-the-Record Messaging mpOTR). mpOTR provides confidentiality,end-to-end origin authentication,and deniability for conversations between an arbitrary number of parties. Though mpOTR improves security guarantees for multi-party IM,dishonest users may violate consistency between correct users undetected until the chat session ends. Any distributed system which seeks to ensure causal consistency and liveness in a Byzantine environment faces similar challenges. Most existing protocols only provide guarantees when Byzantine failures do not occur; or they sacrifice consistency,liveness,or both when too many Byzantine failures occur. Either alternative is a poor fit for peer-to-peer systems that require consistency and liveness but cannot bound the number of Byzantine failures. To address this issue,we propose OldBlue,a broadcast protocol which ensures causal consistency and liveness between connected correct processes even when an arbitrary number of Byzantine failures occur.