Improving multi-tier security using redundant authentication

Authors:
Jodie P. Boyer;Ragib Hasan;Lars E. Olson;Nikita Borisov;Carl A. Gunter;David Raila
Affiliations:
University of Illinois, Urbana, IL;University of Illinois, Urbana, IL;University of Illinois, Urbana, IL;University of Illinois, Urbana, IL;University of Illinois, Urbana, IL;University of Illinois, Urbana, IL
Venue:
Proceedings of the 2007 ACM workshop on Computer security architecture
Year:
2007

Citing 9
Cited 1

EROS: a fast capability system

Proceedings of the seventeenth ACM symposium on Operating systems principles
An authorization mechanism for a relational database system

ACM Transactions on Database Systems (TODS)
A Flexible Containment Mechanism for Executing Untrusted Code

Proceedings of the 11th USENIX Security Symposium
Labels and event processes in the asbestos operating system

Proceedings of the twentieth ACM symposium on Operating systems principles
MAPbox: using parameterized behavior classes to confine untrusted applications

SSYM'00 Proceedings of the 9th conference on USENIX Security Symposium - Volume 9
Preventing privilege escalation

SSYM'03 Proceedings of the 12th conference on USENIX Security Symposium - Volume 12
Improving host security with system call policies

SSYM'03 Proceedings of the 12th conference on USENIX Security Symposium - Volume 12
Privtrans: automatically partitioning programs for privilege separation

SSYM'04 Proceedings of the 13th conference on USENIX Security Symposium - Volume 13
A secure environment for untrusted helper applications confining the Wily Hacker

SSYM'96 Proceedings of the 6th conference on USENIX Security Symposium, Focusing on Applications of Cryptography - Volume 6

Diesel: applying privilege separation to database access

Proceedings of the 6th ACM Symposium on Information, Computer and Communications Security

Quantified Score

Hi-index	0.00

Visualization

Abstract

Multi-tier web server systems are used in many important contexts and their security is a major cause of concern. Such systems can exploit strategies like least privilege to make lower tiers more secure in the presence of compromised higher tiers. In this paper, we investigate an extension of this technique in which higher tiers are required to provide evidence of the authentication of principals when they make requests of lower tiers. This concept, which we call redundant authentication, enables lower tiers to provide security guarantees that improve significantly over current least privilege strategies. We validate this technique by applying it to a practical Building Automation System (BAS) application, where we explore the use of redundant authentication in conjunction with an authentication proxy to enable interoperation with existing enterprise authentication services.