, April 4, 2002
Noon - 1 pm
Hamerschlag Hall, D-Level Conference Room
Distributed Systems Lab, University of Pennsylvania
Fine-Grain Policy-Based Access Control for Distributed Systems
With the explosion in network use, the scope of computer security has
greatly expanded. Novel technologies, such as active content and massively
distributed services offer great new capabilities to users and service
providers. Unfortunately, these same technologies offer great potential
security mechanisms that offer the necessary flexibility and efficiency
has become all too clear. One general approach towards addressing this
defficiency is the use of access control mechanisms that can offer such
services. In my recent work, I have investigated the use of policy-based
access control, using the KeyNote trust-management system, in the areas
of active content protection and security composition of distributed services.
In the domain of protection from active content, such as scripting languages
executed in browsers or mail attachments, I have developed the SubOS architecture.
SubOS uses a policy-controlled data-flow architecture, using labels associated
with objects to limit authorizations. The prototype for the OpenBSD operating
system, as well as two sample applications, a secure web browser and a
secure mailer, demonstrate the practicality and efficiency of this architecture.
For distributed services, I designed a policy-based system which is used
to control network access and host access in concert. Use of a global
policy and automatic distribution to the relevant access points allows
for consistent access control throughout the system, resulting in among
other things the first implementation of a distributed firewall. This
system instantiates what I call "Virtual Private Services,"
and the evaluation shows that this is achieved at a low cost in performance.
The use of policy-based access control in these two new domains suggests
that this technique has considerable promise as an access control scheme
for many modern distributed systems with both scale and complexity challenges.
Sotiris Ioannidis is a Ph.D candidate at the university of Pennsylvania.
He earned a M.S. in computer science from the University of Rochester,
and a B.S. in Mathematics from the University of Crete, Greece. His research
interests include Operating System and Network Security, Network Management,
and Active Networking.
Further Seminar Info: