Skip to main content

Seminar:  Application-Sensitive Access Control Evaluation

Date:November 11, 2013 
Talk Title:Application-Sensitive Access Control Evaluation
Speaker:Adam Lee, Assistant Professor, University of Pittsburgh
Time & Location:12:00pm - 1:00pm
CIC Building, Pittsburgh

Abstract

To date, most work regarding the formal analysis of access control schemes has focused on quantifying and comparing the expressive power of a set of schemes. Although expressive power is important, it is a property that exists in an absolute sense, detached from the application-specific context within which an access control scheme will ultimately be deployed. In this talk, by contrast, we formalize the access control suitability analysis problem, which seeks to evaluate the degree to which a set of candidate access control schemes can meet the needs of an application-specific workload. This process involves both reductions to assess whether a scheme is capable of securely implementing a workload, as well as cost analysis using ordered measures to quantify the overheads of using each candidate scheme to service the workload. We will describe a mathematical framework for analyzing instances of the suitability analysis problem, and comment on its use by exploring a group-based messaging workload from the literature.

Speaker Bio

Dr. Adam J. Lee is currently an assistant professor of Computer Science at the University of Pittsburgh. He received the MS and PhD degrees in Computer Science from the University of Illinois at Urbana-Champaign in 2005 and 2008, respectively. Prior to that, he received his BS in Computer Science from Cornell University. His research interests lie at the intersection of the computer security, privacy, and distributed systems fields.