[talks] S Sevinc preFPO
Melissa M. Lawson
mml at CS.Princeton.EDU
Mon Oct 15 15:03:30 EDT 2012
Soner Sevinc will present his preFPO on Monday October 22 at 8:30 AM in Room 402.
The members of his committee are: Larry Peterson (advisor), Jennifer Rexford and
Andy Bavier, readers; Michael Freedman and David Walker, nonreaders. Everyone is
invited to attend his talk. His abstract follows below.
Discovering and authorizing resources dispersed across autonomous organizations is a
challenge for federations as they scale in number of participant organizations.
We first give an analysis of some of today's federations in terms of trust models and
argue that complex trust models, that entail indirect trust relations, can be one way to
scale federations in the future.
We introduce our federation framework, which can be used to realize access control and resource discovery in
federations with arbitrary complex trust models.
This framework synthesizes three area of previous work; trust management systems,
policy languages and resource discovery systems.
CERTDIST trust management system performs access control using digital certificates for proof construction.
Different from its counterparts such as ABAC or SD3, it can construct proofs for more complex trust relations,
by utilizing a DHT to perform key based certificate lookup.
In addition, CERTDIST's programmable credentials allow dynamic policies be expressed as digital certificates.
Federation Policy Language, FPL, is used to express security and resource allocation policies in federation.
FPL primitives interface to underlying CERTDIST functionality, which are used by
security architects and resource providers to write policies easily.
Our contract based discovery and allocation system, CODAL, performs policy-driven peer discovery
and collaborative resource discovery/allocation to address two problems: (1) participants in a
federation can be unknown, and (2) their resource information and policies can be private.
We evaluate our design in PlanetLab, emulating a realistic federation based on PlanetLab usage logs.
Results show that our system is capable of discovering and allocating resources in a large scale federation,
fulfilling a request from tens of organizations. We also show allocation policies are successfully
enforced by our language, and explore run-time characteristics of the FPL proof construction process,
and investigate certificate retrieval in terms of time and incurred system load."
More information about the talks