Improving multi-tier security using redundant authentication

Jodie P. Boyer, Ragib Hasan, Lars E. Olson, Nikita Borisov, Carl A. Gunter, David Raila

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Abstract

Multi-tier web server systems are used in many important contexts and their security is a major cause of concern. Such systems can exploit strategies like least privilege to make lower tiers more secure in the presence of compromised higher tiers. In this paper, we investigate an extension of this technique in which higher tiers are required to provide evidence of the authentication of principals when they make requests of lower tiers. This concept, which we call redundant authentication, enables lower tiers to provide security guarantees that improve significantly over current least privilege strategies. We validate this technique by applying it to a practical Building Automation System (BAS) application, where we explore the use of redundant authentication in conjunction with an authentication proxy to enable inter-operation with existing enterprise authentication services.

Original languageEnglish (US)
Title of host publicationCSAW'07 - Proceedings of the 2007 ACM Computer Security Architecture Workshop
PublisherAssociation for Computing Machinery
Pages54-62
Number of pages9
ISBN (Print)9781595938909
DOIs
StatePublished - 2007
Event1st ACM Computer Security Architectures Workshop, CSAW'07, held in association with the 14th ACM Computer and Communications Security Conference, CCS'07 - Fairfax, VA, United States
Duration: Nov 2 2007Nov 2 2007

Publication series

NameProceedings of the ACM Conference on Computer and Communications Security
ISSN (Print)1543-7221

Other

Other1st ACM Computer Security Architectures Workshop, CSAW'07, held in association with the 14th ACM Computer and Communications Security Conference, CCS'07
Country/TerritoryUnited States
CityFairfax, VA
Period11/2/0711/2/07

Keywords

  • Authentication
  • Building Automation Systems

ASJC Scopus subject areas

  • Software
  • Computer Networks and Communications

Fingerprint

Dive into the research topics of 'Improving multi-tier security using redundant authentication'. Together they form a unique fingerprint.

Cite this