Speaker: Marcel Winandy, Horst Gortz Institute for IT Security
Title: Trusted User-Aware Web Authentication
Abstract:
To provide secure web authentication in the future, we
cannot only rely on new authentication protocols or browser enhancements, but
we must also take the operating system environment into account.
Virtualization provides an efficient means for isolating critical applications
from others while allowing the interoperability and re-use of existing
operating systems and applications. Approaches like Tahoma show how to
use virtualization to isolate browser instances from each other while
The SpyBlock system shows how to isolate an authentication agent from the
browser. We propose a modular security architecture and reference
implementation which integrates and enhances approaches based on identity
providers (like password managers) but also provides protection against
malware and against interface spoofing like picture-in-picture attacks.
Our approach is based on the idea of compartmentalization for isolating
applications of different trust level.
Bio:
Marcel Winandy is Research Assistant at Horst Goertz Institute for IT
Security at Ruhr-University Bochum, Germany. He is involved within the European
Multilaterally Secure Computing Base (EMSCB) project. Marcel Winandy studied
Computer Science with emphasis on computer security and software technology
at the University of Bonn, Germany, and got his diploma degree in 2004. From
2004 to 2005 he worked as Research Assistant at the same university, where
he did research on the security of adaptive mobile applications. In 2005 he
joined the Applied Data Security Group at Ruhr-University Bochum. His main
research interests are secure operating systems with a focus on secure user
interfaces, access control, and trusted computing.