Principal Investigator: Virgil Gligor (e-mail)
Co-Principal Investigator: John S. Baras (e-mail)
Himanshu Khurana (e-mail)
Serban Gavrila (e-mail)
Vijay G. Bharadwaj (e-mail)
Rakesh Bobba (e-mail)
Emilian Dinu (e-mail)
Laurent Eschenauer (e-mail)
Omer Horvitz (e-mail)
Radostina Koleva (e-mail)
Anuja Sonalker (e-mail)
Gelareh Taban (e-mail)
The project is based on the following five basic ideas: (1) the integration of a common access control policies, PKIs, and group-communication technologies is mandated by the dynamic coalitions; (2) the representation of a common security policy is mandated by the requirement for dynamic policy negotiation, and, in its turn, requires the definition of policy properties and property dependencies, (3) the effective management of a security policy is mandated by the visualization of the common policy representation; (4) the scalable group-key generation, distribution, revocation, which survives denial-of-service attacks caused by dynamic re-keying, is mandated by the requirement of frequent group-membership changes; and (5) the extension of PKIs with certificate revocation and review policies (not just mechanisms) is mandated by policy integration. We conduct the project in three phases, namely the analysis, design, and implementation of servers for access control policies, secure group communication, and certificate management in PKIs. In each phase, we investigate the implications of the five basic ideas in the context of practical systems and applications.
FY-2003 Prototype Development Efforts:
We have developed a prototype of tools for coalition infrastructure services, which includes joint policy administration services, certificate services, and group communication services. The joint administration services include a coalition authority, and signature servers for signing attribute certificates with shared private keys. The coalition authority comprises an access certificate authority that distributes attribute certificates and whose private key is shared among the coalition domains, and a role based access control module to manage coalition resource access policies at the coalition web server that manages the jointly owned applications. Secure group communication services include group key generation and management built on reliable multicast communication. These tools support the join, voluntary departure and involuntary departure of a member domain. Using collusion-based techniques, a majority of the domains can exclude a particular member domain and revoke the departing domain's access to coalition resources. We also support large-scale revocation of attribute certificates to affect the domain's departure via an intuitive graphical interface. We demonstrated these tools at the DARPA PI meeting in San Antonio, TX in January 2003, at the DARPA DISCEX III conference in April 2003, and at the DARPA PI meeting in Honolulu, Hawaii in July 2003.
* Stage IV prototype of the Coalition Infrastructure was
presented at the DARPA-DC PI meeting in San Antonio, TX in January
- Power Point Presentation by H. Khurana and V. Baradwaj at Joint Principal Investigator Meeting, San Antonio, TX, January 2003.
Poster presentation at Joint Principal Investigator Meeting,
San Antonio, TX, January 2003.
* Vijay G. Bharadwaj and John S. Baras, "A Framework for Automated Negotiation of
Access Control Policies" Published in the Proceedings of the Third
DARPA Information Survivability Conference and Exposition (DISCEX
* Himanshu Khurana, Serban Gavrila, Rakeshbabu Bobba,
Radostina Koleva, Anuja Sonalker, Emilian Dinu, Virgil Gligor and John
"Integrated Security Services for
Dynamic Coalitions " Proc. of the third DARPA Information
Survivability Conference and Exposition, Washington D.C., April 2003.
Poster presentation at DISCEX III, Washington, DC, April 2003.
* Vijay G. Bharadwaj and John S. Baras, "Towards Automated Negotiation of
Access Control Policies" Presented at the Fourth International
Workshop on Policies for Distributed Systems and Networks (POLICY
2003), Lake Como, Italy, June 2003.
* Vijay G. Bharadwaj and John S. Baras, "Dynamic Adaptation of Access Control
Policies" To be presented at Military Communications Conference
(MILCOM 2003), Boston, October 2003.
* Stage V prototype of the Coalition Infrastructure was
presented at the DARPA-DC PI meeting in Honolulu, HI, July 2003.
- Power Point Presentation by H. Khurana at Joint Principal Investigator Meeting, Honolulu, HI, July 2003.
Poster presentation at Joint Principal Investigator Meeting,
Honolulu, HI, July 2003.
* H. Khurana, V. Gligor and J. Linn " Reasoning about Joint Administration of Access Policies for Coalition Resources" appeared in the International Conference on Distributed Computing Systems, Vienna, Austria, July 2002.
Point Presentation by V.D. Gligor at Conference on
Distributed Computing Systems, Vienna, Austria , July 2002.
* Stage II prototype of the Negotiation Module was
presented at the DARPA-DC PI meeting in San Diego, CA in January
- Power Point Presentation by V.D. Gligor and J. Baras at Joint Principal Investigator Meeting, San Diego, CA, January, 2002.
Poster presentation at Joint Principal Investigator Meeting, San
Diego, CA, January 2002.
* Stage III prototype for Joint Administration of Access Policies in dynamic coalitions.
- Power Point Presentation by H. Hkurana and V. Baradwaj at Joint Principal Investigator Meeting, Newport, RI, July 2002.- Poster presentation at Joint Principal Investigator Meeting, Newport, R, July 2002.
* Virgil Gligor presented a paper, co-authored with Himanshu Khurana, Radostina Koleva, Vijay Bharadwaj, and John Baras, titled "On the Negotiation of Access Control Policies", Proc. of the Security Protocols Workshop, Cambridge, UK, April 2001. To appear in Lecture Notes in Computer Science, Springer-Verlag, 2002.
* Virgil Gligor presented a paper, co-authored with Himanshu Khurana, titled "Enforcement of Certificate Dependencies in ad-hoc Networks" at the IEEE International Conference on Telecommunications, Bucharest, Romania, June 2001.
* The paper "Information Theoretic Approach for Design and Analysis of Rooted-Tree Based Multicast Key Management Schemes," (R. Poovendran and J. Baras) appeared in the IEEE Transactions on Information Theory.
- finish the implementation of the Negotiation Module
- write a technical paper on the tools and technologies necessary for the support of coalition dynamics
FY-2003 Technology Transition
Continue to disseminate research findings via conference, workshop, and symposia presentations and to collaborate with our peers in the industry, government, and academia.
For further information
about this project, please contact
Principal Investigator: Virgil D. Gligor
Professor Electrical and Computer Engineering Department
University of Maryland, College Park, Maryland 20742
Tel. (301) 405-3647
Fax. (301) 657-9021
Department of Electrical and Computer
A.V. Williams Building
University of Maryland
College Park, MD 20742