LISA '06 Abstract
Pp. 1–16 of the Proceedings
Privilege Messaging: An Authorization Framework over Email Infrastructure
Brent ByungHoon Kang, Gautam Singaraju, and Sumeet Jain, University of North Carolina at Charlotte
Abstract
The current email infrastructure is burdened by multiple resource constraints and a plethora of security issues. Apart from the fact that email users are spending more time and effort sifting through unsolicited emails, more serious problems such as Phishing are on the rise. This can be attributed to a fundamental shortcoming in the current email infrastructure: a lack of an authorization framework. This allows any user to create content in anyone's mailbox. In this paper, we revisit the fundamental problem of non-existent authorization and discuss the design of an effective authorization service overlaying the existing email infrastructure. We propose Privilege Messaging (P-Messaging), a fine-granular authorization framework that operates on the principle that a sender requires a set of privileges in order to send messages, simultaneously enables the receiver's infrastructure server to verify the messages before accepting it. We present a prototype implementation and discuss its benefits. An automatic classification of email can be effectively performed based on the privilege-tag. Privilege-tag can provide flexible and fine-granular reputation management than current domain-based solutions. The use of privilege-tag as entry ID in a white-list can be more manageable than the use of individual email address. Finally, the privilege-tag can be used as an email header, retaining the benefits of currently deployed MTA architecture, namely reliability and flexibility.
- View the full text of this paper in HTML and PDF. Listen to the presentation and Q & A in MP3 format.
Until December 2007, you will need your USENIX membership identification in order to access the full papers.
The Proceedings are published as a collective work, © 2006 by the USENIX Association. All Rights Reserved. Rights to individual papers remain with the author or the author's employer. Permission is granted for the noncommercial reproduction of the complete work for educational or research purposes. USENIX acknowledges all trademarks within this paper.
|