Security BOF at WWWF94 notes

• To: www-security@ns1.rutgers.edu
• Subject: Security BOF at WWWF94 notes
• From: zurko@osf.org (Mary Ellen Zurko)
• Date: Tue, 1 Nov 94 10:18:28 EST
• Cc: zurko@osf.org (Me)
• Mailer: Elm [revision: 70.85]
• Reply-To: zurko@osf.org (Mary Ellen Zurko)

The Security Birds Of a Feather (BOF) at the WWW F94 conference was
held Wednesday, 10/19.  I (Mary Ellen Zurko) chaired. I also attempted
to take notes. Anyone should feel free to correct any errors, or fill
in the many ommissions. My notes have a clear bias towards issues and
speakers I understood.

The stated purpose(s) of the BOF were to establish who was doing what
in the community, what user's current needs are, and what research
mid- to long-term is or should be taking place.

We first had a quick round of introductions, then a discussion
motivated by a combination of current user problems and solutions both
current and proposed.

Introductions:

The list of introductions follows. I was unable to coherently write
down a few introductions, and some of those people did not leave
business cards, so a few are missing.

Mirjana Spasojevic, Transarc, wide area file systems

Mary Ellen (Mez) Zurko, OSF RI, security researcher for 9 years,
authorization and access control, and usability

unidentified user, interested in current holes and commercial products

Phill Hallam-Baker, does everything

Bill Perry, Spry, security and commerce
Chris Wilson, ditto

Steve Lewontin, OSF RI, DCE Web project

Jeff Sedayao, Intel

Vladimir Sukonnik, Process Software Corporation, HTTP server for WNT,
implementation, standardization

Rich Gordon, firewall security

Albert Lunde, use of different security infrastructures in different
projects

Darren Dupre', Delphi Internet Services Corporation
Steve Mattin, ditto

Dave Raggett, HP England, server-side security

Laura Pearlman, RAND

Michelle Butler, NCSA, interested in security
Nancy Yeager, ditto

Dan Spear, Quarterdec Office Systems, Web browser

Glen Davis, internet access from the Web, security through obscurity

Jerry Owens, Lawrence Livermore Labs, Web for medical use

Simon Spero, EIT (with Allan Schiffman), high performance and security

Betty Harvey, Navy, all types of security, including multiple levels
of security

Robert Pettengill, Schlumberge Austin Research, information server,
electronic documents, distributed authentication

Jeff Hostetler, Spyglass

David Kristol, AT&T Bell Laboratories

Michael Lenz, National Research Center for Computer Science

Rowan Limb, BT Laboratories, Intelligent systems, general interest

Not present, but wishing to be noted as part of the community:

Lorrayne Schaefer, MITRE, security administration

Kennie Jones, NASA, privacy protection on the wire

Vijay Varadharajan, HP Labs, authentication authorization (in
particular credit worthiness), secure communication, and charging and
payment

Discussion:

Quick reconfiguration of virtual task forces was brought up as an
issue. Phill thinks Shen will be able to handle them with authorized
roles. Someone asked if Shen would scale to 2,000 people. Simon said
his talk on developer's day would touch on ACls and fast encryption
with no major performance loss [unfortunately, his paper doesn't seem
to be in the on-line proceedings right now. Mez]. Self-administering
groups were mentioned as important (groups where members determine
membership). Threads were also mentioned as the way to get desired
performance.

There was a discussion of who cares; who's likely to hack your site.
Also, what features do you allow remotely (read, write), effect what
your security needs are. 

Security based on HTTP methods, with some concept of ownership of
directory tress, was suggested. While current browsers don't support
the full suite of methods, they're coming. 

Steve L brought up that the DCE Web uses DCE security domains to solve
the question of how to structure trust. Someone mentioned that it's
hard to mix DCE with anything else.

There was a discussion of SCP - session control protocol. The claim
was made that it would be harder to do traffic analysis when you could
read less of the information in the request. Flooding of a public
resource like the Internet is not an option. Swiss banks care about
traffic analysis. Perhaps flooding could be used in conjunction with
guaranteed bandwith with technologies like ATM. 

One user was looking for authenticated ftp available today. OpenVision
may provide this. 

Laura was looking for a way to allow users to only execute certain
software applications in response to data returned from a server.
Perhaps triads of the form MIME type/ authorization/ browser in a
user's mailcap. Safe TCL was mentioned as another potential solution
in this space, as was Bellcore's work on digital signatures for
binaries. 

Albert raised the concern of standards fragmenting the area of
security work, which gave Dave K the opportunity he needed to display
his open security architecture diagram, which has a lot in common with
Jeff H's proposals. Mez recapped the decisions of the HTTP WG BOF; to
document existing HTTP practice, to pursue long-lived connections in
browsers and servers, and to take S-HTTP's security attribute negotiation
protocol and generalize it to any kind of WWW attribute. 

Tim Berners-Lee bopped in, to get a quick summation of everyone who's
currently working on security in HTTP. MCom, EIT, Shen, Spyglass, DCE
Web, and EInet all raised their hands (or had them raised by someone
else). 

One of the two religious debates of the evening broke out around host
security. While discussing plug-in-play architectures like the ones
proposed by Dave K and Jeff H, there was concern about the pieces
being linked in, or found at run time. The folks from Spry pointed out
that it was easy to subvert anything based on Windows DLLs, and
further discussion touched on physical security (Albert is concerned
with public labs and dorms), secure reboot, and virus detection.
Several people insisted that host security was not "our" problem.
Several others insisted it was. 

Steve L brought up usability issues (which later turned into the
second religious debate of the evening. perhaps it was the time, not
the actual issues, that spawned the extra heat.). He advocated work to
help users use our mechanisms, perhaps in the form of good cookbooks.
Mez spoke in favor of higher level languages for evincing security
policies, such as rules-based systems. Jeff H spoke in favor of a
fixed set of information provided with any security protocol offered,
including proof of the correctness of the protocol, and risks and
assurances of using the protocol. Phill spoke in favor of named
standard policies associated with particular URNs. Simon suggested
that some of the information we want can be synthesized from certain
kinds of specifications. There was some discussion of testing as a
way to check specification correspondance. A concern was raised that
too much of a burden was being placed on the user community; that the
assumption should be that an 8 year old will install products (or
perhaps someone functioning at that level). People in the room knew
sys admins who would chose from a list randomly (not based on an
evaluation of the choices). At that point the discussion got heated,
and, since it was 9pm, we broke up into the night, or into the units
of conversation that had interested us most.

• Previous: Re: Shen
• Next: Re: CERN httpd proxy vs. SOCKS
• Index(es):
  • Index
  • Thread