[talks] Soner Sevinc will present his FPO, "A Framework for Access Control and Resource Allocation in Federations" on Thursday, 1/14/2016 at 9am in CS 402

Nicki Gotsis ngotsis at CS.Princeton.EDU
Tue Jan 5 14:47:17 EST 2016

Soner Sevinc will present his FPO, "A Framework for Access Control and Resource Allocation in Federations" on Thursday, 1/14/2016 at 9am in CS 402.

The members of his committee are: Larry Peterson (adviser); Andy Bavier and Jennifer Rexford (readers); Michael Freedman and David Walker (nonreaders).

A copy of his thesis is available in Room 310.   Everyone is invited to attend his talk. The talk abstract follow below:

In this thesis we address the access control and resource allocation problems in computational
federations, such as testbeds and cloud computing federations. The computational federations of
today are growing in their number of participant organizations, where one challenge is to allow
organizations participate autonomously by expressing how much of their resources should be used
and by whom, through complex policies. In addition, such organizations should be able to exchange
resources with any other organizations without necessarily knowing all of them beforehand.
We introduce our federation framework which allows to build federations in varying complexities
easily, by synthesizing trust management, policy languages and resource discovery into a single
system. Although these three have been studied separately in the past, we show that they are
in fact related, and can be viewed as separate layers of a more general system. We argue that
complex agreements that involve indirect trust relationships is one key way to enable resource
exchange in a federation with numerous organizations, and this can be realized by our synthesis
architecture that provides usability as well as expressiveness.
As part of our framework, federation policy language (FPL) is used to express both the security
and allocation policies, by providing simple primitives such as contracts that hide the underlying
complexity. FPL primitives allow system administrators to express policies such as indirect trust
and resource restrictions within the same construct. Underneath, FPL uses our distributed trust
management system (CERTDIST) to implement and impose policy primitives. CERTDIST uses
digital certificates to allow or deny resource requests and a DHT for complex distributive proofs
in an e!cient way. The Resource discovery part of our framework (CODAL) is layered on top of
FPL, and uses contracts to discover peers, FPL security and allocation policies to authorize for
resources that are located possibly in many di↵erent organizations.
We evaluate the federation framework with a realistic emulation of a large scale federation using
real PlanetLab traces, that shows that complex policies can be expressed with a minimal amount
of code, and we can e!ciently perform the access control and resource discovery operations in a

More information about the talks mailing list