Research Seminar Presentation, Fall 2006

Time and Place: HSS 3.02.24, Thursday September 7th, 2006

Title: Attribute-based Access Control

Abstract:

Basing authorization on attributes of the resource requester provides flexibility and scalability that is essential in the context of large distributed systems. The first part of this talk will summarize an attribute-based authorization framework built on logic programming: RT, a family of Role-based Trust-management languages that enables authorization decisions to be made based on attribute credentials issued in a non-hierarchical, decentralized manner. The second part of the talk will consider the problem of assessing authorization policies with respect to the vulnerability of resource owners to a variety of security risks to which they are exposed by delegation acts, risks such as authorization of undesirable principles or inaccessability of critical resources. In the context of RT policies, we will consider general forms and several examples of such security properties. Many general properties can be decided efficiently; for others the complexity depends on the subset of RT in which the policy is expressed. The third part of the talk will visit the problem of using attribute credentials to obtain access when the credentials and their contents may themselves be private. Trust negotiation, a simple approach to this problem, will be introduced, as well as an intuitive and useful security property formalizing the protection of private credentials. The talk will close with a summary of on-going and future research. This work was funded by DARPA and the NSF.

Bio:

William H. Winsborough is an Associate Professor in Computer Science at the University of Texas at San Antonio. He received his PhD at the University of Wisconsin-Madison in 1989. Professor Winsborough's current research interests are in computer security and privacy in distributed systems, with an emphasis on policy-based techniques. He is particularly interested in techniques for managing the sharing of resources across multiple organizations or the whole Internet while protecting them from misuse. Professor Winsborough was Program Co-chair of the 2005 IEEE Workshop on Policy in Distributed Systems and Networks (Policy 2005) and Program Co-chair of the 4th International Conference on Trust Management (iTrust'2006), held 16-19 May 2006 in Pisa, Italy. He is the author of about 40 refereed research articles and papers. His seminal article in Automated Trust Negotiation has been cited 50 times according to citeseer. Professor Winsborough has two current projects funded by the National Science Foundation (NSF). Two patents have been awarded based on Professor Winsborough's research, and he received a DARPA award for Excellence in Industrial Research
in 2003.

Opportunities for PhD students: Professor Winsborough is interested in recruiting students to pursue their PhD working with him at the University of Texas at San Antonio. Candidates for this opportunity should be interested in conducting high quality research in computer security and in publishing their results in international conferences and journals. The ideal candidate is interested in using logic and formal methods to design and build systems having provable security properties.