|
|
|
|
|
Funded Projects |
|
|
|
|
CAREER: Access Control Policy
Verification Through Security Analysis And InsiderThreat Assessment
-
National Science Foundation
-
June 2005 to May 2010
-
PI: Ninghui Li
-
Access control is one of the most fundamental security mechanisms in
use today; however, the specification and management of access
control policies remains a challenging problem, and today's
administrators have no effective tools to assist them. This research
addresses these needs and arising challenges by developing new
verification techniques for access control policies, and
verification tools that will help administrators specify,
understand, and manage their access control policies. In particular,
this research studies security analysis and insider threat
assessment. Security analysis techniques answer the fundamental
question of whether an access control system preserves essential
security properties across changes to the authorization state.
Insider threat assessment techniques determine what damages insiders
can cause if they misuse the trust that has been placed on them.
While focusing primarily on the widely-deployed Role-Based Access
Control model, this project also aims at developing theoretical
foundations and general techniques for access control policy
verification. Insights obtained from this research will be
applicable to other richer access control models and will help
improve the understanding of the power and limitation of access
control.
|
|
|
|
|
Collaborative Research: A
Comprehensive Policy-Drive Framework For Online Privacy Protection:
Integrating IT, Human, Legal and Economic Perspectives
-
National Science Foundation
-
October 2004 to September
2007
-
Investigators:
-
Purdue Team: Elisa Bertino (PI), Ninghui Li,
Robert Proctor, Victor Raskin, Melissa Dark
-
NCSU team: Annie Anton (PI), Ting Yu
-
Privacy is increasingly a major concern that prevents the
exploitation of the Internet's full potential. Consumers are
concerned about the trustworthiness of the websites to which they
entrust their sensitive information. Although significant industry
efforts are seeking to better protect sensitive information online,
existing solutions are still fragmented and far from satisfactory.
Specifically, existing languages for specifying privacy policies
lack a formal and unambiguous semantics, are limited in expressive
power and lack enforcement as well as auditing support. Moreover,
existing privacy management tools aimed at increasing end-users'
control over their privacy are limited in capability or difficult to
use. This project seeks to provide a comprehensive framework for
protecting online privacy, covering the entire privacy policy life
cycle. This cycle includes enterprise policy creation, enforcement,
analysis and auditing, as well as end user agent presentation and
privacy policy processing. The project integrates privacy-relevant
human, legal and economic perspectives in the proposed framework.
This project will develop an expressive, semantics-based formal
language for specifying privacy policies, an access control and
auditing language for enforcing privacy policies in applications, as
well as theory and tools for verifying privacy policies.
Additionally, experiments and surveys will be conducted to better
understand the axes of users' privacy concerns and protection
objectives. Results from this empirical work will be used to develop
an effective paradigm for specifying privacy preferences and methods
to present privacy policies to end users in an accurate and
accessible way.
|
|
|
|
|
ITR: Automated Trust
Negotiation in Open Systems
National Science Foundation
-
September 2003 to August 2008
-
Investigators: Kent Seamons (BYU) PI, Ninghui
Li (Purdue), John Mitchell (Stanford), Brian Tung (USC ISI), William
Winsborough (GMU), Mairanne Winslett (UIUC)
-
Automated trust negotiation (ATN) is a new approach to access
control and authentication for the open, flexible systems formed
by sets of organizations that must dynamically form coalitions
and work together to respond to unforeseen needs and
opportunities. ATN enables open computing by assigning an access
control policy to each resource that is to be made accessible to
"outsiders"; an attempt to access the resource triggers a trust
negotiation, consisting of the iterative, bilateral disclosure
of digital credentials and related information. This project
will show that ATN is a practical solution to the access control
and authentication problems of open computing systems, by
resolving the most critical remaining theoretical and systems
issues for the deployment of trust negotiation facilities.
Specific areas that the project will address include access
control policy languages for ATN, light-weight policy evaluation
engines, improved ATN protocols and strategies compatible with
the new languages, provable privacy and autonomy guarantees for
negotiating parties, and a next-generation version of the
TrustBuilder ATN prototype, demonstrating the deployment of ATN
in a modular, reusable, and highly scalable implementation.
These enhancements will be explored in the context of health
care applications and additional scenarios supplied by the
project partners.
|
|
|
|
|
This website is currently maintained by
Qihua
Wang. Last modified on 01/15/2005. |
|
|