The ubiquity of the Internet has led to increased sharing of computational and data resources amongst large numbers of users. As traditional identity-based solutions to the authorization problem do not scale to such large numbers of users, novel attribute-based access control systems based on techniques such as trust negotiation and other forms of distributed proving have been proposed. To date, research in these areas has been largely of a theoretical nature and has produced many important foundational results. However, if these techniques are to be safely deployed in practice, the systems-level barriers hindering their adoption must be overcome.
In this talk, we will show that safely and securely adopting trust negotiation technologies is not simply a matter of implementation and deployment, but requires careful consideration of both formal properties and practical issues. We will then describe our theoretical and systems work on reducing the overheads of the policy compliance checking process. In particular, we will discuss Clouseau, a policy compiler that translates access control policies written in existing policy languages into constraint patterns that can be analyzed using a pattern-matching, rather than theorem proving, approach. This approach vastly improves the runtime efficiency of the compliance checking process over more traditional approaches, thereby making it practical to check compliance with non-trivial policies and investigate the design of more scalable server-side trust negotiation implementations.
Adam J. Lee is a Ph.D. candidate at the University of Illinois at Urbana-Champaign. His research interests lie at the intersection of computer security, privacy, and distributed systems, and his dissertation focuses on the systems challenges associated with adopting decentralized authorization approaches, such as trust negotiation, in open distributed systems. He received his B.S. from Cornell University in 2003 and his M.S. from UIUC in 2005.