Specification and Management of Attribute-based Authorization Policy
Dr. William H. Winsborough - George Mason University
Oct 08, 2003
AbstractAn approach to authorization that is based on attributes of the resource requester provides flexibility and scalability that is essential in the context of large distributed systems. Logic programming provides an elegant, expressive, and well-understood framework in which to work with attribute-based authorization policy. This talk will summarize one specific attribute-based authorization framework built on logic programming: RT, a family of Role-based Trust-management languages. RT's logic programming foundation has facilitated the conception and specification of several extensions that greatly enhance its expressivity with respect to important security concepts such as parameterized roles, thresholds, and separation of duties. After examining language design issues, the talk will consider the problem of assessing authorization policies with respect to vulnerability of resource owners to a variety of security risks due to delegations to other principals, risks such as undesired authorizations and unavailability of critical resources. We will consider several such properties of RT policies, many of which we will see can be decided efficiently. For other properties, we will see that the complexity depends on the subset of RT in which the policy is expressed. The research is joint work with Professor Ninghui Li of Purdue University and Professor John C. Mitchell of Stanford University. The talk will conclude by discussing some prospects for continued research in this area.
About the SpeakerWilliam H. Winsborough received his PhD at the University of Wisconsin-Madison in 1989. He recently joined the Center for Secure Information Systems at George Mason University as a Research Associate Professor. In the intervening years his affiliations included the University of Chicago, Argonne National Laboratory, Penn State University, Transarc Corporation, IBM, and Network Associates Laboratories.
Dr. Winsborough\'s research interests include computer security, authorization, trust management, trust negotiation, and release control, as well as programming languages, program analysis, language implementation technologies, and programming-support tools. He is the author of about 30 refereed research articles and papers, and he has served on the program committee of various conferences and workshops (including the International Symposium on Programming Languages: Implementations, Logics and Programs (PLILP), Static Analysis Symposium (SAS), IEEE International Workshop on Policies for Distributed Systems and Networks) and as a reviewer for many journals. Two patents have been awarded based on Dr. Winsborough\'s research, and he received a DARPA award for Excellence in Industrial Research in 2003. Dr. Winsborough will be an invited speaker at the 2003 International Logic Programming Conference in Mumbay, India.
The views, opinions and assumptions expressed in these videos are those of the presenter and do not necessarily reflect the official policy or position of CERIAS or Purdue University. All content included in these videos, are the property of Purdue University, the presenter and/or the presenter’s organization, and protected by U.S. and international copyright laws. The collection, arrangement and assembly of all content in these videos and on the hosting website exclusive property of Purdue University. You may not copy, reproduce, distribute, publish, display, perform, modify, create derivative works, transmit, or in any other way exploit any part of copyrighted material without permission from CERIAS, Purdue University.