assertion carrying certificates
play

Assertion-Carrying Certificates Waqar Aqeel, Zachary Hanif, James - PowerPoint PPT Presentation

Nov 21, 2023 •17 likes •157 views

Assertion-Carrying Certificates Waqar Aqeel, Zachary Hanif, James Larisch, Olamide Omolola, Taejoong Chung, Dave Levin, Bruce Maggs, Alan Mislove, Bryan Parno, Christo Wilson The Public Key Infrastructure is how users know with whom they

  1. Assertion-Carrying Certificates Waqar Aqeel, Zachary Hanif, James Larisch, Olamide Omolola, 
 Taejoong Chung, Dave Levin, Bruce Maggs, Alan Mislove, Bryan Parno, Christo Wilson

  2. The Public Key Infrastructure is 
 how users know with whom they are communicating online

  3. Certificates encapsulate identity (who hosts are) 
 and capability (what they can do)

  4. Certificates encapsulate identity (who hosts are) 
 and capability (what they can do) Traditional PKI roles Subject Name Who the cert is about Issuer Name Who vetted the subject’s identity Expiration Dates When is the certificate no longer valid Public key and signature Attestation of cryptographic identity

  5. The PKI has had to evolve to meet new 
 threats, deployments, and opportunities Traditional PKI roles New additions to the PKI Subject Name Key Usage Who the cert is about Certificate signing, authentication Issuer Name Subject Alternate Names Who vetted the subject’s identity Support deployments in CDNs Expiration Dates When is the certificate no longer valid Public key and signature Attestation of cryptographic identity

  6. The PKI has had to evolve to meet new 
 threats, deployments, and opportunities Traditional PKI roles New additions to the PKI Subject Name Key Usage Who the cert is about Certificate signing, authentication Issuer Name Subject Alternate Names Who vetted the subject’s identity Support deployments in CDNs Expiration Dates Revocation Information When is the certificate no longer valid New ways to deliver revocations Public key and signature Certificate Transparency Attestation of cryptographic identity Allows greater insight into CA (mis)behavior

  7. The PKI must continue to evolve 
 but adding new features is slow and laborious Traditional PKI roles New additions to the PKI Future additions Subject Name Key Usage Naming constraints Who the cert is about Certificate signing, authentication Let non-CAs issue their own certs, 
 limited to domains they control Issuer Name Subject Alternate Names Signed exchanges Who vetted the subject’s identity Support deployments in CDNs Sign-over the hosting of some 
 resources to a third party Expiration Dates Revocation Information Multi-rooted certificates When is the certificate no longer valid New ways to deliver revocations Minimize the reliance on a small 
 set of trusted certificate authorities Public key and signature Certificate Transparency Attestation of cryptographic identity Allows greater insight into CA (mis)behavior And many more!

  8. • More evolvable Is there one extension we could add 
 • More customizable to new deployments that would make the PKI: • Easier to formally verify Insight: A certificate is a set of constraints Name Validity period Allowed usages Why not encode constraints in small programs in the certificate?

  9. Assertion-Carrying Certificates (ACCs) Rules

  10. Assertion-Carrying Certificates (ACCs) 
 Add small programs that must be run as part of the certificate’s validation Rules Assertions

  11. Assertion-Carrying Certificates (ACCs) 
 Add small programs that must be run as part of the certificate’s validation Rules Define new capabilities What it means to be name-constrained Assertions Enforce them as constraints All certificates following this one must be name-constrained

  12. Assertion-Carrying Certificates (ACCs) 
 Language goals All constraints across all certs in the chain must hold Certs can never relax constraints further up the chain Rules Browsers can add their own constraints, as well The language should be concise and expressive Does not need to be Turing-complete Assertions Should be formally verifiable Must not broaden the attack surface A logic-based programming language is a natural fit

  13. Assertion-Carrying Certificates (ACCs) 
 What is the appropriate constraint language? Prolog Datalog ✅ Non-Turing-complete X ✅ X Declarative X Termination guaranteed ✅ ½ ✅ Amenable to static analysis ✅ Fully expressive ½ We might not need these ✅ Negation ½ Unbounded lists, numbers, strings ✅ X

  14. Assertion-Carrying Certificates (ACCs) 
 Allow for a far more agile PKI Ongoing and Future E ff orts Today’s PKI is slow to evolve Implementing long-desired features ACCs add small programs that must be run as part of the certificate’s validation Naming constraints, signed exchanges, and more Re-implementing various browsers’ validation logic in Prolog/Datalog Chrome, Firefox, mbedTLS — in far fewer lines of code Exploring ways to verify correctness: - Static analysis - Certificate fuzzing - Using the languages’ imputation Is there any certificate that is valid 
 but where constraint X does not hold?

Recommend

Smart Cards Carrying certificates around How do you use your [digital] identity? Install your

Smart Cards Carrying certificates around How do you use your [digital] identity? Install your

4/25/08 Smart Cards Carrying certificates around How do you use your [digital] identity? Install your certificate in browser On-computer keychain file Need there be more? 1 4/25/08 Smart cards Smart card Portable device

316 views • 4 slides
8. Assertion Based Design and 8.1 Assertion-based design Assertion Languages Assertions

8. Assertion Based Design and 8.1 Assertion-based design Assertion Languages Assertions

Fachgebiet Rechnersysteme Technische Universitt Verification Technology Darmstadt 8. Assertion-Based Design and Assertion Languages 1 8. Assertion-Based Design and Assertion Languages 3 Fachgebiet Rechnersysteme 8. Assertion Based Design

815 views • 13 slides
8. Assertion Based Design and Assertion Languages Verification Technology Content 8.1

8. Assertion Based Design and Assertion Languages Verification Technology Content 8.1

8. Assertion-Based Design and Assertion Languages 1 Fachgebiet Rechnersysteme 8. Assertion Based Design and Assertion Languages Verification Technology Content 8.1 Assertion-Based Design 8.2 Introduction to ITL 8.3 Introduction to SVA

856 views • 51 slides
10-16-2018 CARRYING CAPACITY Carrying capacity is defined as the number of individuals who

10-16-2018 CARRYING CAPACITY Carrying capacity is defined as the number of individuals who

Jekyll Island Carrying Capacity & Infrastructure Assessment 10-16-2018 CARRYING CAPACITY Carrying capacity is defined as the number of individuals who can be supported within a given area without degrading the natural, social,

698 views • 23 slides
Assertion how to communicate well and improve relationships Sarah Patterson Therapist,

Assertion how to communicate well and improve relationships Sarah Patterson Therapist,

Assertion how to communicate well and improve relationships Sarah Patterson Therapist, Health & Wellbeing Service From Newcastle. For the world. What is assertion? Assertiveness enables us to act in our own best interests, to stand up

368 views • 16 slides
RES212 Lab #1 Certificates, TLS and VPN The goal of this lab is to let you become acquainted with

RES212 Lab #1 Certificates, TLS and VPN The goal of this lab is to let you become acquainted with

https://res212.telecom-paristech.fr TP01v2 2018/05/22 RES212 Lab #1 Certificates, TLS and VPN The goal of this lab is to let you become acquainted with creating and managing cryptographic certificates for use in your application, for the Web

851 views • 16 slides
PKI and Certificate Security Outline Motivation Certificates Public Key Infrastructure

PKI and Certificate Security Outline Motivation Certificates Public Key Infrastructure

IN3210 Network Security PKI and Certificate Security Outline Motivation Certificates Public Key Infrastructure Threats to certificates / PKI Protecting certificates / PKI 2 Certificates Motivation 3 Motivation: TLS

1.68k views • 108 slides
Carrying capacity assessment and impact Carrying capacity assessment and impact of aquaculture in

Carrying capacity assessment and impact Carrying capacity assessment and impact of aquaculture in

Carrying capacity assessment and impact Carrying capacity assessment and impact of aquaculture in Chinese bays of aquaculture in Chinese bays *1,*2 *1,*2 http://www.ecowin.org/china/ J.G. Ferreira Universidade Nova de Lisboa Faculdade de

595 views • 33 slides
Carrying Capacity What Is It And Why Is It Important? Photo from NOAA Science Center 1

Carrying Capacity What Is It And Why Is It Important? Photo from NOAA Science Center 1

Carrying Capacity What Is It And Why Is It Important? Photo from NOAA Science Center 1 Definition Carrying Capacity = Number of individuals or biomass the resources of a given area can support usually through the most unfavorable period of the

185 views • 16 slides
Simplification & Integration www.apprenticeships.org.uk/certificates Apprenticeship

Simplification & Integration www.apprenticeships.org.uk/certificates Apprenticeship

Workshop: Simplification & Integration www.apprenticeships.org.uk/certificates Apprenticeship Certificates England (ACE) Gregg Moreton UK Systems Integration Manager Gregg.moreton@fisss.org www.apprenticeships.org.uk/certificates MY

812 views • 17 slides
Beyond assertion: setup and teardown UN IT TES TIN G F OR DATA S CIEN CE IN P YTH ON Dibya

Beyond assertion: setup and teardown UN IT TES TIN G F OR DATA S CIEN CE IN P YTH ON Dibya

Beyond assertion: setup and teardown UN IT TES TIN G F OR DATA S CIEN CE IN P YTH ON Dibya Chakravorty Test Automation Engineer The preprocessing function def preprocess(raw_data_file_path, 1,801 201,411 clean_data_file_path

1.21k views • 104 slides
Welcome to todays webinar on RET exemption certificates The webinar will commence at 2:00 PM

Welcome to todays webinar on RET exemption certificates The webinar will commence at 2:00 PM

Welcome to todays webinar on RET exemption certificates The webinar will commence at 2:00 PM (AEDT) Friday 14 December 2018 To hear the webinar, phone 1800 896 323 and enter code 33532697# Am I eligible for RET exemption certificates? For

357 views • 15 slides
Commitment and implicit assertion Dave Ripley University of Connecticut http://davewripley.rocks

Commitment and implicit assertion Dave Ripley University of Connecticut http://davewripley.rocks

1/ 36 Commitment and implicit assertion Dave Ripley University of Connecticut http://davewripley.rocks De La Salle University April 2015 davewripley@gmail.com Commitment and implicit assertion 2/ 36 From bounds to meaning Commitment

390 views • 36 slides
STAKEHOLDERS STUDY ON THE TOURISM CARRYING CAPACITY FOR THE WORKSHOP ISLAND OF MAHE

STAKEHOLDERS STUDY ON THE TOURISM CARRYING CAPACITY FOR THE WORKSHOP ISLAND OF MAHE

STAKEHOLDERS STUDY ON THE TOURISM CARRYING CAPACITY FOR THE WORKSHOP ISLAND OF MAHE BONZOUR! WHAT WELL ACCOMPLISH Purpose of Snapshot of Carrying Current Capacity Study Conditions Understanding Defining a of Key Issues Path

964 views • 59 slides
Chronic Treatment with Medication Assertion: May be unnecessary or even harmful for some

Chronic Treatment with Medication Assertion: May be unnecessary or even harmful for some

Chronic Treatment with Medication Assertion: May be unnecessary or even harmful for some Refutation: Medication Reduces risk of relapse for many but not all Spontaneous remission occurs No current reliable method to

201 views • 5 slides
An Assertion Language for Debugging SDN Applications Ryan Beckett with X. Kelvin Zou,

An Assertion Language for Debugging SDN Applications Ryan Beckett with X. Kelvin Zou,

An Assertion Language for Debugging SDN Applications Ryan Beckett with X. Kelvin Zou, Shuyuan Zhang, Sharad Malik, Jennifer Rexford, David Walker Princeton University 1 Data Plane Verification Controller Find

579 views • 37 slides
Distributed Systems On-computer keychain file Need there be more? Smart Cards, Biometrics,

Distributed Systems On-computer keychain file Need there be more? Smart Cards, Biometrics,

Carrying certificates around How do you use your [digital] identity? Install your certificate in browser Distributed Systems On-computer keychain file Need there be more? Smart Cards, Biometrics, & CAPTCHA Paul Krzyzanowski

215 views • 5 slides
Browser Interfaces and Extended Validation SSL Certificates: An Empirical Study Robert Biddle,

Browser Interfaces and Extended Validation SSL Certificates: An Empirical Study Robert Biddle,

Browser Interfaces and Extended Validation SSL Certificates: An Empirical Study Robert Biddle, P.C. van Oorschot, Andrew S. Patrick, Jennifer Sobey, Tara Whalen Carleton University, Ottawa, ON, Canada SSL Certificates & Cloud Computing

378 views • 34 slides
Certificates for cs.washington.edu 1 Certificates for GMail Important fields: Testing SSL

Certificates for cs.washington.edu 1 Certificates for GMail Important fields: Testing SSL

Certificates for cs.washington.edu 1 Certificates for GMail Important fields: Testing SSL Configuration (1) 3 Client completed verification of received certificate chain Testing SSL Configuration (2) 4 Received certificate chain (two

623 views • 49 slides
Lecture 8/9 : Separation Logic Overview Assertion Logic Semantic Model

Lecture 8/9 : Separation Logic Overview Assertion Logic Semantic Model

CS6202: Advanced Topics in Programming Languages and Systems Lecture 8/9 : Separation Logic Overview Assertion Logic Semantic Model Hoare-style Inference Rules Specification and Annotations Linked List and Segments

1.02k views • 76 slides
Planning for the Future Jekyll Island Carrying Capacity & Infrastructure Assessment OUR

Planning for the Future Jekyll Island Carrying Capacity & Infrastructure Assessment OUR

Planning for the Future Jekyll Island Carrying Capacity & Infrastructure Assessment OUR TEAM Ryan Argentieri James Sipes Jim Remlin Jekyll Island Carrying Capacity & Infrastructure Assessment Sand County Studios PHILOSOPHY &

546 views • 25 slides
Unification in Assertion Checking Over Logical Lattices Ashish Tiwari Tiwari@csl.sri.com

Unification in Assertion Checking Over Logical Lattices Ashish Tiwari Tiwari@csl.sri.com

Unification in Assertion Checking Over Logical Lattices Ashish Tiwari Tiwari@csl.sri.com Computer Science Laboratory SRI International Menlo Park CA 94025 http://www.csl.sri.com/tiwari Joint work with Sumit Gulwani

536 views • 21 slides
Certificates of Participation Presented to Board of Trustees February 25, 2020 Agenda Review

Certificates of Participation Presented to Board of Trustees February 25, 2020 Agenda Review

Discussion Certificates of Participation Presented to Board of Trustees February 25, 2020 Agenda Review Facts of Current Certificates of Participation (COP) History of Funding MJUSD Facilities Improvements Reasons COPs Were Needed

301 views • 13 slides
Remediation Certificates 101 Outline What are they? Regulatory basis for issuing

Remediation Certificates 101 Outline What are they? Regulatory basis for issuing

Remediation Certificates 101 Outline What are they? Regulatory basis for issuing remediation certificates Definitions and brief history of the program Why should I want one? Benefits for the site owner Benefits for the

325 views • 19 slides

More recommend