1

Consider the following architecture:

Users log into a website and issue commands to the website.

In parallel, separate software processes ("agents") on different computers connect to the website and wait for these commands to be issued.

The agents log into the website separately and programmatically, the user logging into the website has no day-to-day interaction with them (conceivably there could be some interaction at, say, install time).

The website determines where to send each command - any one typical user may have n agents waiting for commands.

The command and therefore the work that the agent performs may be destructive. For example, data on the computer where the agent sits may be deleted.

How can we validate each command such that we know the command was sent by a authenticated user?

I am trying to avoid the vulnerability whereby, if a credential list was compromised, "fake" commands could be issued to agents. If an attacker impersonated the server, how could we avoid the messages being passed to the agent being executed?

As I am a little new to security I don't know what sort of keywords I should be searching for...

Dan Gravell
  • 111
  • 3
  • "The command and therefore the work that the agent performs may be destructive." - are you designing a nuclear weapon C3 system? Seriously, the question is unclear. – Deer Hunter Oct 15 '15 at 15:16
  • LOL, didn't mean physically destructive, see my edit. Let me know how else this is unclear, as I said I'm finding it difficult to know where to begin. – Dan Gravell Oct 15 '15 at 15:19
  • What exactly makes your architecture different than any other application that needs authentication because I don't see the difference? – Gudradain Oct 15 '15 at 20:06
  • How do the agents authenticate the source of commands being passed to them? If an attacker impersonated the server, how could we avoid the messages being passed to the agent being executed? – Dan Gravell Oct 16 '15 at 13:41

0 Answers0