Attribute-Based Access Control
William Winsborough - George Mason University
Dec 01, 2004Size: 220.0MB
Download: MP4 Video
Watch in your Browser Watch on YouTube
AbstractBasing authorization on attributes of the resource requester provides flexibility and scalability that is essential in the context of large distributed systems. Logic programming provides an convenient, expressive, and well-understood framework in which to work with authorization policy. This talk will summarize an attribute-based authorization framework built on logic programming: RT, a family of Role-based Trust-management languages. It will then discuss efficient and effective evaluation of RT policies that are stored in a distributed manner. After discussing these basics, the talk will consider the problem of assessing authorization policies with respect to the vulnerability of resource owners to a variety of security risks to which they are exposed by delegations to other principals, risks such as undesired authorizations and unavailability of critical resources. We will consider several such properties of RT policies, many of which we will see can be decided efficiently. For other properties, we will see that the complexity depends on the subset of RT in which the policy is expressed. This part of the talk will conclude by discussing some prospects for continued research in this area. Finally, the talk will visit the problem of using attribute credentials to obtain access when the credentials and their contents may themselves be private. Trust negotiation, a simple approach to this problem, will be introduced, as well as an intuitive and useful security property formalizing the protection of private credentials. This research was funded by DARPA and the NSF.
About the SpeakerWilliam H. Winsborough is a Research Associate Professor in the Center for Secure Information Systems at George Mason University. He received his PhD at the University of Wisconsin-Madison in 1989. Dr. Winsborough\'s current research interests are in computer security and privacy in distributed systems, with an emphasis on policy-based techniques. He is particularly interested in techniques for managing the sharing of resources across multiple organizations or the whole Internet while protecting them from misuse. Dr. Winsborough is Program Co-chair of the 2005 IEEE Workshop on Policy in Distributed Systems and Networks (Policy 2005). He is the author of 34 refereed research articles and papers, the most recent of them in the Journal of the ACM. His seminal article in Automated Trust Negotiation has been cited 34 times according to citeseer. Two patents have been awarded based on Dr. Winsborough\'s research, and he received a DARPA award for Excellence in Industrial Research in 2003.
The views, opinions and assumptions expressed in these videos are those of the presenter and do not necessarily reflect the official policy or position of CERIAS or Purdue University. All content included in these videos, are the property of Purdue University, the presenter and/or the presenter’s organization, and protected by U.S. and international copyright laws. The collection, arrangement and assembly of all content in these videos and on the hosting website exclusive property of Purdue University. You may not copy, reproduce, distribute, publish, display, perform, modify, create derivative works, transmit, or in any other way exploit any part of copyrighted material without permission from CERIAS, Purdue University.