William Winsborough - George Mason University
"Attribute-Based Access Control"
Dec 01, 2004Download: MP4 Video Size: 220.0MB
Watch on YouTube
AbstractBasing authorization on attributes of the resource requester provides flexibility and scalability that is essential in the context of large distributed systems. Logic programming provides an convenient, expressive, and well-understood framework in which to work with authorization policy. This talk will summarize an attribute-based authorization framework built on logic programming: RT, a family of Role-based Trust-management languages. It will then discuss efficient and effective evaluation of RT policies that are stored in a distributed manner. After discussing these basics, the talk will consider the problem of assessing authorization policies with respect to the vulnerability of resource owners to a variety of security risks to which they are exposed by delegations to other principals, risks such as undesired authorizations and unavailability of critical resources. We will consider several such properties of RT policies, many of which we will see can be decided efficiently. For other properties, we will see that the complexity depends on the subset of RT in which the policy is expressed. This part of the talk will conclude by discussing some prospects for continued research in this area. Finally, the talk will visit the problem of using attribute credentials to obtain access when the credentials and their contents may themselves be private. Trust negotiation, a simple approach to this problem, will be introduced, as well as an intuitive and useful security property formalizing the protection of private credentials. This research was funded by DARPA and the NSF.
About the Speaker
William H. Winsborough is a Research Associate Professor in the Center for Secure Information Systems at George Mason University. He received his PhD at the University of Wisconsin-Madison in 1989. Dr. Winsborough\'s current research interests are in computer security and privacy in distributed systems, with an emphasis on policy-based techniques. He is particularly interested in techniques for managing the sharing of resources across multiple organizations or the whole Internet while protecting them from misuse. Dr. Winsborough is Program Co-chair of the 2005 IEEE Workshop on Policy in Distributed Systems and Networks (Policy 2005). He is the author of 34 refereed research articles and papers, the most recent of them in the Journal of the ACM. His seminal article in Automated Trust Negotiation has been cited 34 times according to citeseer. Two patents have been awarded based on Dr. Winsborough\'s research, and he received a DARPA award for Excellence in Industrial Research in 2003.
Unless otherwise noted, the security seminar is held on Wednesdays at 4:30P.M. STEW G52 (Suite 050B), West Lafayette Campus. More information...