Dmitry Kogan, Henri Stern, Ashley Tolbert, David Mazières, Keith Winstein
{"title":"安全委托的案例","authors":"Dmitry Kogan, Henri Stern, Ashley Tolbert, David Mazières, Keith Winstein","doi":"10.1145/3152434.3152444","DOIUrl":null,"url":null,"abstract":"Today's secure stream protocols, SSH and TLS, were designed for end-to-end security and do not include a role for semi-trusted third parties. As a result, users who wish to delegate some of their authority to third parties (e.g., to run SSH clients in the cloud, or to host websites on CDNs) rely on insecure workarounds such as ssh-agent forwarding and Keyless TLS. We argue that protocol designers should consider the delegation use-case explicitly, and we propose a definition of \"secure\" delegation: Before a principal agrees to delegate its authority, a system should provide it with secure advance notice of who will do what to whom under that authority. We developed Guardian Agent, a delegation system for the SSH protocol that, unlike ssh-agent forwarding, allows the user to control which delegate machines can run which commands on which servers. We were able to implement Guardian Agent in a way that remains fully compatible with existing SSH servers, by \"handing over\" a secure connection to the delegate once it has been set up. Additionally, we use this work to suggest a path for secure delegation on the Web.","PeriodicalId":120886,"journal":{"name":"Proceedings of the 16th ACM Workshop on Hot Topics in Networks","volume":"42 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2017-11-30","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"3","resultStr":"{\"title\":\"The Case For Secure Delegation\",\"authors\":\"Dmitry Kogan, Henri Stern, Ashley Tolbert, David Mazières, Keith Winstein\",\"doi\":\"10.1145/3152434.3152444\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Today's secure stream protocols, SSH and TLS, were designed for end-to-end security and do not include a role for semi-trusted third parties. As a result, users who wish to delegate some of their authority to third parties (e.g., to run SSH clients in the cloud, or to host websites on CDNs) rely on insecure workarounds such as ssh-agent forwarding and Keyless TLS. We argue that protocol designers should consider the delegation use-case explicitly, and we propose a definition of \\\"secure\\\" delegation: Before a principal agrees to delegate its authority, a system should provide it with secure advance notice of who will do what to whom under that authority. We developed Guardian Agent, a delegation system for the SSH protocol that, unlike ssh-agent forwarding, allows the user to control which delegate machines can run which commands on which servers. We were able to implement Guardian Agent in a way that remains fully compatible with existing SSH servers, by \\\"handing over\\\" a secure connection to the delegate once it has been set up. Additionally, we use this work to suggest a path for secure delegation on the Web.\",\"PeriodicalId\":120886,\"journal\":{\"name\":\"Proceedings of the 16th ACM Workshop on Hot Topics in Networks\",\"volume\":\"42 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2017-11-30\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"3\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"Proceedings of the 16th ACM Workshop on Hot Topics in Networks\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1145/3152434.3152444\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"Proceedings of the 16th ACM Workshop on Hot Topics in Networks","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1145/3152434.3152444","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
Today's secure stream protocols, SSH and TLS, were designed for end-to-end security and do not include a role for semi-trusted third parties. As a result, users who wish to delegate some of their authority to third parties (e.g., to run SSH clients in the cloud, or to host websites on CDNs) rely on insecure workarounds such as ssh-agent forwarding and Keyless TLS. We argue that protocol designers should consider the delegation use-case explicitly, and we propose a definition of "secure" delegation: Before a principal agrees to delegate its authority, a system should provide it with secure advance notice of who will do what to whom under that authority. We developed Guardian Agent, a delegation system for the SSH protocol that, unlike ssh-agent forwarding, allows the user to control which delegate machines can run which commands on which servers. We were able to implement Guardian Agent in a way that remains fully compatible with existing SSH servers, by "handing over" a secure connection to the delegate once it has been set up. Additionally, we use this work to suggest a path for secure delegation on the Web.
京公网安备 11010802042870号
京ICP备2023020795号-1
分享
求助内容:
应助结果提醒方式:
扫码关注我们
