Information Trust Institute (ITI) Calendar

Back to Listing

TSS, Compiler, and Software Engineering Seminar: Todd Millstein: "Fine-Grained Access Control with Object-Sensitive Roles"

Event Type
Information Trust Institute and Department of Computer Science
2405 Siebel Center
Sep 23, 2009   4:00 pm  
Todd Millstein, University of California, Los Angeles
Originating Calendar
Information Trust Institute (ITI) archival calendar



Role-based access control (RBAC) is a common paradigm to ensure that users have sufficient rights to perform various system operations. In many cases, though, traditional RBAC does not easily express application-level security requirements. For instance, in a medical records system it is difficult to express that doctors should only update the records of their own patients. Further, traditional RBAC frameworks like Java's Enterprise Edition rely solely on dynamic checks, which makes application code fragile and difficult to ensure as correct.


We introduce Object-sensitive RBAC (ORBAC), a generalized RBAC model for object-oriented languages. ORBAC resolves the expressiveness limitations of RBAC by allowing roles to be parameterized by properties of the business objects being manipulated. We define a dependent type system that statically validates a program's conformance to an ORBAC policy. We have implemented our type system for Java and have used it to validate fine-grained access control in the OpenMRS medical records system.




Todd Millstein is an Associate Professor in the Computer Science Department at the University of California, Los Angeles. His research aims to make software systems easier to create, maintain, understand, and validate.  Todd received his Ph.D. and M.S. from the University of Washington and his A.B. from Brown University, all in Computer Science. He received an NSF CAREER award in 2006, was selected for the DARPA Computer Science Study Panel in 2008, and received an IBM Faculty Award in 2008.

link for robots only