[6-27]RT: A Role-based Trust-management Framework
Date:2008-05-26
Title:RT: A Role-based Trust-management Framework
Speaker:Ninghui Li (CERIS, Purdue University)
Time:9:30am, June 27
Venue:Lecture room, Level 5 Building #5, ISCAS
Abstract:
Trust management is an approach to distributed access control that allows one principal to delegate some access decisions to other principals. In this talk, we present RT, a family of Role-based Trust-management languages for expressing policy statements. We will focus on the following four aspects of RT. First, RT supports various kinds of delegation relationships and
separation-of-duty policies. Second, the semantic foundation of RT is Datalog extended with constraints in tractable domains. This enables RT to express permissions regarding structured resources, while at the same time having a declarative, logic-based, and tractable semantics. Third, RT supports credential chain discovery when credential storage is distributed, through a goal-directed chain discovery algorithm. Fourth, a large class of safety and availability properties about policies expressed in RT are decidable, with most cases efficiently decidable.
About Professor Ninghui Li:
Prof. Li has worked extensively on trust management and automated trust negotiation, which are approaches to access control in decentralized, open, and distributed systems. In his Ph.D. thesis work, he designed and implemented Delegation Logic, a logic-based language for distributed authorization. While at Stanford, he has designed, together with Professors John Mitchell and Dr. Will Winsborough, the RT Role-based Trust-management framework, efficient goal-directed algorithms to do distributed credential chain discovery, logic-based semantic foundations for security policy languages, and algorithms and computational complexity characterization for analyzing properties of security policies such as safety and availability.
Professor Li’s recent research focuses on role-based access control, online privacy protection, access control policy specification and analysis, and operating system access control. He has graduated 2 Ph.D. students and are currently supervising 6 Ph.D. students. His research is currently supportted by 3 NSF projects and a project funded by IBM. In 2005, he was awarded the NSF CAREER award for proposed work on "Access Control Policy Verification Through Security Analysis And Insider Threat Assessment".
Professor Li received a Ph.D. in Computer Science from New York University in September 2000. Before joining Purdue, he was a research associate at Computer Science Department, Stanford University. He has served on the Program Committees of more than two dozen conferences and workshops in information security, including the IEEE Symposium on Security and Privacy, ACM Conference on Computer and Communications Security (CCS), the ISOC Network and Distributed System Security Symposium (NDSS), Internation Conference on Data Engineering, ACM Symposium on Access Control Models and Technologies (SACMAT), and IEEE Computer Security Foundations Workshop(CSFW).