Raphael M. Reischuk

David Barrera, Raphael M. Reischuk, Pawel Szalachowski et al.

The SCION (Scalability, Control, and Isolation on Next-generation Networks) inter-domain network architecture was proposed to address the availability, scalability, and security shortcomings of the current Internet. This paper presents a retrospective of the SCION goals and design decisions, its attacker model and limitations, and research highlights of work conducted in the 5 years following SCION's initial publication.

Stephanos Matsumoto, Raphael M. Reischuk, Pawel Szalachowski et al.

We address the problem of scaling authentication for naming, routing, and end-entity certification to a global environment in which authentication policies and users' sets of trust roots vary widely. The current mechanisms for authenticating names (DNSSEC), routes (BGPSEC), and end-entity certificates (TLS) do not support a coexistence of authentication policies, affect the entire Internet when compromised, cannot update trust root information efficiently, and do not provide users with the ability to make flexible trust decisions. We propose a Scalable Authentication Infrastructure for Next-generation Trust (SAINT), which partitions the Internet into groups with common, local trust roots, and isolates the effects of a compromised trust root. SAINT requires groups with direct routing connections to cross-sign each other for authentication purposes, allowing diverse authentication policies while keeping all entities globally verifiable. SAINT makes trust root management a central part of the network architecture, enabling trust root updates within seconds and allowing users to make flexible trust decisions. SAINT operates without a significant performance penalty and can be deployed alongside existing infrastructures.

Florian Schröder, Raphael M. Reischuk, Johannes Gehrke

In the landscape of application ecosystems, today's cloud users wish to personalize not only their browsers with various extensions or their smartphones with various applications, but also the various extensions and applications themselves. The resulting personalization significantly raises the attractiveness for typical Web 2.0 users, but gives rise to various security risks and privacy concerns, such as unforeseen access to certain critical components, undesired information flow of personal information to untrusted applications, or emerging attack surfaces that were not possible before a personalization has taken place. In this paper, we propose a novel extensibility mechanism which is used for implementing personalization of existing cloud applications towards (possibly untrusted) components in a secure and privacy-friendly manner. Our model provides a clean component abstraction, thereby in particular ruling out undesired component accesses and ensuring that no undesired information flow takes place between application components -- either trusted from the base application or untrusted from various extensions. We then instantiate our model in the SAFE web application framework (WWW 2012), resulting in a novel methodology that is inspired by traditional access control and specifically designed for the newly emerging needs of extensibility in application ecosystems. We illustrate the convenient usage of our techniques by showing how to securely extend an existing social network application.