Soner Sevinc will present his research seminar/general exam on Friday May 16 at 10AM in Room 402. The members of his committee are: Larry Peterson (advisor), Jennifer Rexford, and Ed Felten. Everyone is invited to attend his talk and those faculty wishing to remain for the oral exam following are welcome to do so. His abstract and reading list follow below. ------------------------------------- Large-scale network systems often must support users from multiple organizations that want to use resources owned by other organizations. Managing resources in such an environment must, therefore, be decentralized. Such systems require unique, immutable and verifiable naming of entities, and a security architecture that includes a fine grained authorization. Verification should allow multiple levels of trust to make the security system decentralized. Fail safety is necessary for correct operation of such a large system, limiting the damage a malicious or mis-operating entity can have to a short period of time. PlanetLab being one of such systems is in the stage of decentralization with federation with other similar systems or separating into several autonomous pieces. PlanetLab's current identity based authorization architecture makes decentralization difficult. The features of a more manageable system should include making the sources of authorization explicit, separating identity from rights, and allowing delegation of those rights. The protocols used within the system should support secure communication, possibly leveraging existing security schemes. My talk describes an architecture developed in the context of PlanetLab. The design includes a naming system, support for decentralized trust, and a fine-grained authorization mechanism. I will also describe a prototype implementation that leverages PlanetLab. " Reading List: 1. L.Peterson and B.Davie, "Computer Networks: A Systems Approach", 3rd Edition. 2. Larry Peterson, Andy Bavier, Marc E. Fiuczynski, and Steve Muir, "Experiences Building Planetlab", OSDI 2006 3. A.Bavier, N.Feamster, M.Huang, L.Peterson, and J.Rexford, "In VINI Veritas: Realistic and Controlled Network Experimentation", in Proc. ACM SIGCOMM, Sep 2006. 4. T. Anderson, Timothy Roscoe, "Learning from PlanetLab", 2006, Proceedings of the 3rd conference on USENIX Workshop on Real, Large Distributed Systems - Volume 3 5. M. Blaze, J. Feigenbaum and J. Lacy, "Decentralized trust management", In Proceedings of the 1996 IEEE Symposium on Security and Privacy, pages 164-173, May 1996. 6. Thomas Anderson and Michael Reiter, "*GENI Facility Security*," /GENI Design Document 06-23/, Distributed Services Working Group, September 2006. 7. E. Wobber, M. Abadi, M. Burrows and B. Lampson, "Authentication in the Taos operating system", ACM Transactions on Computer Systems 12(1):3-32, February 1994. 8. T. Jim, "SD3: A trust management system with certified evaluation", In Proceedings of the 2001 IEEE Symposium on Security and Privacy, pages 106-115, May 2001. 9. Jie Dai, Jim Alves-Foss, "Logic Based Authorization Engineering"
participants (1)
-
Melissa M Lawson