Faculty Host: Naftaly Minsky

Abstract:

The term "distributed access control" is used here to refer to a weak form of information flow control, one that ensures that access control restrictions on data are propagated to all the places where it is accessed in a distributed system. The motivation for DAC is accountability: building an audit trail based on accesses to data. The key to making this practical is performing the access checks statically, at compile-time.

Various forms of type-based access control and information flow control require that network security be maintained by the runtime rather than the application. This is because the guarantees of the information flow might otherwise be violated by unsafe communication. This talk presents the "Key-based Decentralized Label Model (KDLM)", an approach to extending a type system for distributed access control to a typed API for cryptographic operations, that ensures that the access control restrictions are preserved by the application's use of cryptography to secure communications. The notion of "declassification certificates" is introduced to support the declassification of encrypted data.

This is joint work with Tom Chothia (Stevens) and Jan Vitek (Purdue University).