In trust negotiation and other distributed proving systems, networked entities cooperate to form proofs that are justified by collections of certified attributes. These attributes may be obtained through interactions with any number of external entities and are collected and validated over an extended period of time. Though the collections of credentials in some ways resemble partial system snapshots, these systems currently lack the notion of a consistent global state in which the satisfaction of authorization policies should be checked. In this talk, we argue that unlike the notions of consistency studied in other areas of distributed computing, the level of consistency required during policy evaluation is predicated solely upon the security requirements of the policy evaluator. As such, there is little incentive for entities to participate in complicated consistency preservation schemes like those used in distributed computing, distributed databases, and distributed shared memory. We go on to show that the most intuitive notion of consistency fails to provide basic safety guarantees under certain circumstances and then propose several more refined notions of consistency which provide stronger safety guarantees. We discuss algorithms that allow each of these refined notions of consistency to be attained in practice with minimal overheads and identify important trade-offs that arise when designing consistency preservation algorithms for policy-based authorization systems.
This talk covers joint work with Professor Marianne Winslett that will appear at the 13th ACM Conference on Computer and Communications Security (CCS) in November, 2006.
Adam J. Lee is a fourth-year Ph.D. student at the University of Illinois at Urbana-Champaign. Together with his adviser, Professor Marianne Winslett, Adam is investigating the systems and architectural aspects of trust negotiation, a technique for enabling scalable access control, trust management, and resource sharing in large-scale, heterogeneous open systems. Adam received his Bachelor's degree in Computer Science from Cornell University in 2003 and his Master's degree in Computer Science from UIUC in 2005.