3rd TIPPI Workshop

Trusted User-Aware Web Authentication

Speaker: Marcel Winandy, Horst Gortz Institute for IT Security

Title: Trusted User-Aware Web Authentication

Abstract:
To provide secure web authentication in the future, we cannot only rely on new authentication protocols or browser enhancements, but we must also take the operating system environment into account. Virtualization provides an efficient means for isolating critical applications from others while allowing the interoperability and re-use of existing operating systems and applications. Approaches like Tahoma show how to use virtualization to isolate browser instances from each other while The SpyBlock system shows how to isolate an authentication agent from the browser. We propose a modular security architecture and reference implementation which integrates and enhances approaches based on identity providers (like password managers) but also provides protection against malware and against interface spoofing like picture-in-picture attacks. Our approach is based on the idea of compartmentalization for isolating applications of different trust level.

Bio:
Marcel Winandy is Research Assistant at Horst Goertz Institute for IT Security at Ruhr-University Bochum, Germany. He is involved within the European Multilaterally Secure Computing Base (EMSCB) project. Marcel Winandy studied Computer Science with emphasis on computer security and software technology at the University of Bonn, Germany, and got his diploma degree in 2004. From 2004 to 2005 he worked as Research Assistant at the same university, where he did research on the security of adaptive mobile applications. In 2005 he joined the Applied Data Security Group at Ruhr-University Bochum. His main research interests are secure operating systems with a focus on secure user interfaces, access control, and trusted computing.


Back to TIPPI workshop page