WSEmail: A Retrospective on a System for Secure Internet Messaging Based on Web Services

08/06/2019
by   Kevin D. Lux, et al.
0

Web services offer an opportunity to redesign a variety of older systems to exploit the advantages of a flexible, extensible, secure set of standards. In this work we revisit WSEmail, a system proposed over ten years ago to improve email by redesigning it as a family of web services. WSEmail offers an alternative vision of how IM and email services could have evolved, offering security, extensibility, and openness in a distributed environment instead of the hardened walled gardens that today's rich messaging systems have become. We demonstrate the flexibility of WSEmail using three business use cases: secure channel IM, business workflows with routed forms, and on-demand attachments. Since increased flexibility often mitigates against security and performance, we designed WSEmail with security in mind and formally proved the security of one of its core protocols (on-demand attachments) using the TulaFale and ProVerif automated proof tools. We also provide performance measures for the basic WSEmail functions in a prototype we implemented using .NET. Our experiments show a latency of about a quarter of a second per transaction under load.

READ FULL TEXT

page 4

page 5

page 6

page 9

research
01/15/2021

Bulwark: Holistic and Verified Security Monitoring of Web Protocols

Modern web applications often rely on third-party services to provide th...
research
09/24/2018

SPX: Preserving End-to-End Security for Edge Computing

Beyond point solutions, the vision of edge computing is to enable web se...
research
12/18/2022

PlexiChain: A Secure Blockchain-based Flexibility Aggregator Framework

Flexible resources in built environments are seen as a low-cost opportun...
research
06/28/2023

BLEND: Efficient and blended IoT data storage and communication with application layer security

Many IoT use cases demand both secure storage and secure communication. ...
research
10/01/2021

A Step Towards On-Path Security Function Outsourcing

Security function outsourcing has witnessed both research and deployment...
research
08/24/2020

Who ya gonna call? (Alerting Authorities): Measuring Namespaces, Web Certificates, and DNSSEC

During disasters, crisis, and emergencies the public relies on online se...
research
09/11/2023

Adaptive Address Family Selection for Latency-Sensitive Applications on Dual-stack Hosts

Latency is becoming a key factor of performance for Internet application...

Please sign up or login with your details

Forgot password? Click here to reset