[talks] S Sevinc general exam
Melissa M Lawson
mml at CS.Princeton.EDU
Mon May 12 13:37:51 EDT 2008
Soner Sevinc will present his research seminar/general exam on Friday May 16
at 10AM in Room 402. The members of his committee are: Larry Peterson (advisor),
Jennifer Rexford, and Ed Felten. Everyone is invited to attend his talk and those
faculty wishing to remain for the oral exam following are welcome to do so. His
abstract and reading list follow below.
Large-scale network systems often must support users from multiple organizations that want
to use resources owned by other organizations. Managing resources in such an environment
must, therefore, be decentralized.
Such systems require unique, immutable and verifiable naming of entities, and a security
architecture that includes a fine grained authorization. Verification should allow
multiple levels of trust to make the security system decentralized. Fail safety is
necessary for correct operation of such a large system, limiting the damage a malicious or
mis-operating entity can have to a short period of time.
PlanetLab being one of such systems is in the stage of decentralization with federation
with other similar systems or separating into several autonomous pieces. PlanetLab's
current identity based authorization architecture makes decentralization difficult. The
features of a more manageable system should include making the sources of authorization
explicit, separating identity from rights, and allowing delegation of those rights. The
protocols used within the system should support secure communication, possibly leveraging
existing security schemes.
My talk describes an architecture developed in the context of PlanetLab. The design
includes a naming system, support for decentralized trust, and a fine-grained
authorization mechanism. I will also describe a prototype implementation that leverages
1. L.Peterson and B.Davie, "Computer Networks: A Systems Approach", 3rd Edition.
2. Larry Peterson, Andy Bavier, Marc E. Fiuczynski, and Steve Muir, "Experiences Building
Planetlab", OSDI 2006
3. A.Bavier, N.Feamster, M.Huang, L.Peterson, and J.Rexford, "In VINI Veritas: Realistic
and Controlled Network Experimentation", in Proc. ACM SIGCOMM, Sep 2006.
4. T. Anderson, Timothy Roscoe, "Learning from PlanetLab", 2006, Proceedings of the 3rd
conference on USENIX Workshop on Real, Large Distributed Systems - Volume 3
5. M. Blaze, J. Feigenbaum and J. Lacy, "Decentralized trust management", In Proceedings
of the 1996 IEEE Symposium on Security and Privacy, pages 164-173, May 1996.
6. Thomas Anderson and Michael Reiter, "*GENI Facility Security*," /GENI Design Document
06-23/, Distributed Services Working Group, September 2006.
7. E. Wobber, M. Abadi, M. Burrows and B. Lampson, "Authentication in the Taos operating
system", ACM Transactions on Computer Systems 12(1):3-32, February 1994.
8. T. Jim, "SD3: A trust management system with certified evaluation", In Proceedings of
the 2001 IEEE Symposium on Security and Privacy, pages 106-115, May 2001.
9. Jie Dai, Jim Alves-Foss, "Logic Based Authorization Engineering"
More information about the talks