Thursday, April 8, 2004
Noon - 1 pm
Hamerschlag Hall D-210
Exploiting Information Relationships for Access Control
New large-scale distributed computing environments, such as in pervasive computing or sensor networks, present a challenge for access control to information. The traditional approach to defining service-specific access policies does not scale to these environments, because there is a multitude of services that offer information. In this talk, we propose a new kind of access policy, which has information as first-class citizen and enables the definition of policies bound neither to a particular service nor to a particular environment. Having information as first-class citizen also allows us to exploit relationships between information for access control. In particular, it is possible to replace multiple access policies for information having identical access constraints with a single policy. In addition, we can exploit derivation properties of information to limit the capabilities of intruders. We formalize the presented concepts using Lampson et al.'s speaks-for formalism, and we describe the application of these concepts in a distributed access control architecture. To demonstrate the feasibility of our design, we give a complexity analysis of the architecture and a performance analysis of a prototype implementation.
Urs Hengartner is a fifth year CSD PhD student at Carnegie Mellon University working under Prof. Peter Steenkiste. His research interests lie in security and pervasive computing. In particular, his current research focuses on the specification and implementation of access policies to information.
Seminar Info Contact:
or visit http://www.pdl.cmu.edu/SDI/