[talks] S Sevinc preFPO

Melissa M. Lawson mml at CS.Princeton.EDU
Mon Oct 15 15:03:30 EDT 2012 

Soner Sevinc will present his preFPO on Monday October 22 at 8:30 AM in Room 402.
The members of his committee are: Larry Peterson (advisor), Jennifer Rexford and 
Andy Bavier, readers; Michael Freedman and David Walker, nonreaders.  Everyone is 
invited to attend his talk.  His abstract follows below. 
--------------------

"Federation Framework 

Discovering and authorizing resources dispersed across autonomous organizations is a 
challenge for federations as they scale in number of participant organizations.
We first give an analysis of some of today's federations in terms of trust models and
argue that complex trust models, that entail indirect trust relations, can be one way to 
scale federations in the future.

We introduce our federation framework, which can be used to realize access control and resource discovery in 
federations with arbitrary complex trust models. 
This framework synthesizes three area of previous work; trust management systems, 
policy languages and resource discovery systems.

CERTDIST trust management system performs access control using digital certificates for proof construction.
Different from its counterparts such as ABAC or SD3, it can construct proofs for more complex trust relations,
by utilizing a DHT to perform key based certificate lookup. 
In addition, CERTDIST's programmable credentials allow dynamic policies be expressed as digital certificates.

Federation Policy Language, FPL, is used to express security and resource allocation policies in federation. 
FPL primitives interface to underlying CERTDIST functionality, which are used by
security architects and resource providers to write policies easily.

Our contract based discovery and allocation system, CODAL, performs policy-driven peer discovery 
and collaborative resource discovery/allocation to address two problems: (1) participants in a 
federation can be unknown, and (2) their resource information and policies can be private.

We evaluate our design in PlanetLab, emulating a realistic federation based on PlanetLab usage logs.
Results show that our system is capable of discovering and allocating resources in a large scale federation,
fulfilling a request from tens of organizations. We also show allocation policies are successfully 
enforced by our language, and explore run-time characteristics of the FPL proof construction process, 
and investigate certificate retrieval in terms of time and incurred system load."

More information about the talks mailing list