The primary focus of the DAIS Trust Group involves the establishment and maintenance of trust in information, services, and individuals in open distributed systems. In open systems, resources are shared across organizational boundaries and as such, traditional identity-based access control lists (ACLs) are not viable options for protecting resources, as the set of authorized users may not be known a priori. One facet of our research involves the investigation of trust negotiation, an attribute-based access control (ABAC) model in which parties conduct bilateral and iterative exchanges of policies and certified attributes to negotiate for access to system resources including services, roles, capabilities, personal credentials, and sensitive system policies. The TrustBuilder project investigates many aspects of trust negotiation including families of interoperable negotiation strategies, requirements for policy languages, architectures for trust negotiation, enforcing the safety and consistency of access decisions, enhancing the reliability and robustness of trust negotiation systems, and the establishment of privacy-preserving identifiers to enable reputation establishment and distributed audit in ABAC systems. An introduction to trust negotiation is available here.
The TrustBuilder project has led to several sub-projects providing more in-depth treatment of specific issues related to the properties of, deployment strategies for, and uses of trust negotiation. PeerAccess provides a logical framework for reasoning about the properties of trust negotiations and other forms of distributed proof construction. Such a framework is a necessity if we are to rigorously prove the properties needed to accept more advanced access control systems. The Traust project examined the use a third-party authorization service that relies on trust negotiation to broker access tokens to legacy services operating within a security domain. In this system, clients can carry out trust negotiation sessions with a Traust server to gain access to resources within a security domain without requiring existing services and protocols be modified to support trust negotiation natively. The Synergy project explores many issues surrounding the use of trust negotiation to facilitate real-time data dissemination in disaster-response and emergency-management scenarios.
Recent research thrusts in the DAIS Trust Group have focused on the maintenance of trust in data and systems over time. One area of concern to our group involves maintaining trustworthy data repositories and indexes on write-once read many (WORM) devices to facilitate compliance with audit mandates such as HIPAA and the Sarbanes-Oxley Act. In this scenario, it is important to maintain not only the trustworthiness, but also the completeness, of data in spite of malicious insiders. This is essential so that future audits can be guaranteed to have a complete and accurate picture of a business or enterprise's operational data. Another project focused on trust maintenance involves managing the configurations of software-defined radio (SDR) systems. In industry, the configuration and upgrade of communication devices is outsourced to third-party contractors. To ensure that the full power of SDR systems can be leveraged in diverse environments like disaster response and the SCADA systems used in electric power grid, we must have an efficient means of verifying the integrity of the software stack installed on an SDR device. As in the compliance storage area, these systems must also be secured against not only outsiders, but also malicious insiders.
All e-mail addresses are in the cs.uiuc.edu domain.
Principal Investigator: Marianne Winslett
Postdoctoral Associates:
Graduate Students:
Alumni:
8/10/06: The paper "A Statistical Analysis of Disclosed Storage Security Breaches" by Ragib Hasan and William Yurcik, has been accepted for publication in the "2nd International Workshop on Storage Security and Survivability (StorageSS)" in conjunction with 12th ACM Conference on Computer and Communications Security (CCS 2006), October 2006.
7/21/2006: The paper "Safety and Consistency in Policy-Based Authorization Systems" was accepted for publication at the 13th ACM Conference on Computer and Communications Security (CCS 2006).
7/15/2006: Graduate student Soumyadeb Mitra leaves for a six-month internship at IBM Almaden to work on Compliance Storage.
6/26/2005: The paper "Toward an On-Demand Restricted Delegation Mechanism for Grids" was accepted for publication at the 7th ACM/IEEE International Conference on Grid Computing (Grid 2006).
6/2006:The paper "Trustworthy Inverted Index for Regulatory Compliance" was accepted for publication at the 32nd International Conference on Very Large Data Bases (VLDB 2006).
3/24/2006: The paper "Synergy: A Trust-aware, Policy-driven Information Dissemination Framework" was accepted for publication at the IEEE International Conference on Intelligence and Security Informatics (ISI 2006), San Diego, USA, May 23-24, 2006.
2/28/2006: The paper "Traust: A Trust Negotiation-Based Authorization Service for Open Systems" was accepted for publication at the 11th ACM Symposium on Access Control Models and Technologies (SACMAT 2006).
2/19 - 2/25/2006: Professor Piero Bonatti visits our group to discuss agent modelling research and to serve on Charles's prelim committee. A picture from a dinner with Prof. Bonatti at Dos Reales can be found here.
2/17/2006: The demonstration paper "Traust: A Trust Negotiation Based Authorization Service" was accepted for publication at the Fourth International Conference on Trust Management (iTrust 2006).
Older News Return to top