Speaker: Ninghui Li , Stanford University
RT: A Role-based Trust-management Framework
Abstract: One main goal of computer security is to ensure that access to resources is restricted to parties with legitimate access permissions. Access control in large-scale, open, and decentralized systems is different from access control in the traditional setting of operating systems and database systems. The main difference is that the resource owner and the requester are often unknown to one another. In the trust-management approach, access control decisions are based on policy statements that encode attributes of parties as well as trust and delegation relationships among parties. Policy statements may be digitally signed to ensure authenticity and integrity; signed policy statements are called credentials. In this talk, we present RT, a family of Role-based Trust-management languages for expressing policy statements. We will focus on the following four aspects of RT. First, RT supports various kinds of delegation relationships and separation-of-duty policies. Second, the semantic foundation of RT is Datalog extended with constraints in tractable domains. This enables RT to express permissions regarding structured resources, while at the same time having a declarative, logic-based, and tractable semantics. Third, RT supports credential chain discovery when credential storage is distributed, through a goal-directed chain discovery algorithm. Fourth, a large class of safety and availability properties about policies expressed in RT are decidable, with most cases efficiently decidable. This result is somewhat surprising, because it has been known for 25 years that a basic form of safety analysis is undecidable in the access matrix model, and RT is more expressive than the access matrix model in some ways.
Short Bio: Ninghui Li is a research associate in Computer Science Department at Stanford University. In September 2000, he received a PhD in Computer Science from New York University. Dr. Li's research interests are in computer security and applied cryptography, including security and privacy in distributed systems, networks, databases, and electronic commerce.
Host: Purush Iyer, Computer Science, NCSU.