People
Principal Investigator:
Virgil Gligor (e-mail)
Co-Principal Investigator:
John S. Baras (e-mail)
Research Scientists:
Himanshu Khurana (e-mail)
Serban Gavrila (e-mail)
Graduate Students:
Vijay G. Bharadwaj (e-mail)
Rakesh Bobba (e-mail)
Emilian Dinu (e-mail)
Laurent Eschenauer (e-mail)
Omer Horvitz (e-mail)
Radostina Koleva (e-mail)
Anuja Sonalker (e-mail)
Gelareh Taban (e-mail)
Hong Zhao
Undergraduate Students:
Aurelie Gatelet
Approach
The project is based on the following five basic ideas: (1) the
integration of a common access control policies, PKIs, and
group-communication technologies is mandated by the dynamic
coalitions; (2) the representation of a common security policy is
mandated by the requirement for dynamic policy negotiation, and, in
its turn, requires the definition of policy properties and property
dependencies, (3) the effective management of a security policy is
mandated by the visualization of the common policy representation; (4)
the scalable group-key generation, distribution, revocation, which
survives denial-of-service attacks caused by dynamic re-keying, is
mandated by the requirement of frequent group-membership changes; and
(5) the extension of PKIs with certificate revocation and review
policies (not just mechanisms) is mandated by policy integration.
We conduct the project in three phases, namely the analysis, design,
and implementation of servers for access control policies, secure
group communication, and certificate management in PKIs. In each
phase, we investigate the implications of the five basic ideas in the
context of practical systems and applications.
FY-2003 Prototype Development Efforts:
We have developed a prototype of tools for coalition
infrastructure services, which includes joint policy
administration services, certificate services, and group
communication services. The joint administration services
include a coalition authority, and signature servers for
signing attribute certificates with shared private keys. The
coalition authority comprises an access certificate authority
that distributes attribute certificates and whose private key
is shared among the coalition domains, and a role based
access control module to manage coalition resource access
policies at the coalition web server that manages the jointly
owned applications. Secure group communication services
include group key generation and management built on reliable
multicast communication. These tools support the join,
voluntary departure and involuntary departure of a member
domain. Using collusion-based techniques, a majority of the
domains can exclude a particular member domain and revoke the
departing domain's access to coalition resources. We also
support large-scale revocation of attribute certificates to
affect the domain's departure via an intuitive graphical
interface. We demonstrated these tools at the DARPA PI meeting
in San Antonio, TX in January 2003, at the DARPA DISCEX III
conference in April 2003, and at the DARPA PI meeting in
Honolulu, Hawaii in July 2003.
* Stage IV prototype of the Coalition Infrastructure was
presented at the DARPA-DC PI meeting in San Antonio, TX in January
2003.
- Power Point Presentation by H. Khurana and V. Baradwaj at
Joint Principal Investigator Meeting, San Antonio,
TX, January 2003.
-
Poster presentation at Joint Principal Investigator Meeting,
San Antonio, TX, January 2003.
* Vijay G. Bharadwaj and John S. Baras, "A Framework for Automated Negotiation of
Access Control Policies" Published in the Proceedings of the Third
DARPA Information Survivability Conference and Exposition (DISCEX
III), 2003.
* Himanshu Khurana, Serban Gavrila, Rakeshbabu Bobba,
Radostina Koleva, Anuja Sonalker, Emilian Dinu, Virgil Gligor and John
S. Baras,
"Integrated Security Services for
Dynamic Coalitions " Proc. of the third DARPA Information
Survivability Conference and Exposition, Washington D.C., April 2003.
-
Poster presentation at DISCEX III, Washington, DC, April 2003.
* Vijay G. Bharadwaj and John S. Baras, "Towards Automated Negotiation of
Access Control Policies" Presented at the Fourth International
Workshop on Policies for Distributed Systems and Networks (POLICY
2003), Lake Como, Italy, June 2003.
* Vijay G. Bharadwaj and John S. Baras, "Dynamic Adaptation of Access Control
Policies" To be presented at Military Communications Conference
(MILCOM 2003), Boston, October 2003.
* Stage V prototype of the Coalition Infrastructure was
presented at the DARPA-DC PI meeting in Honolulu, HI, July 2003.
- Power Point Presentation by H. Khurana at
Joint Principal Investigator Meeting, Honolulu, HI, July 2003.
-
Poster presentation at Joint Principal Investigator Meeting,
Honolulu, HI, July 2003.
FY-2002 Accomplishments:
* H. Khurana, V. Gligor and J. Linn "
Reasoning about Joint Administration of Access Policies for Coalition
Resources" appeared in the International Conference
on Distributed Computing Systems, Vienna, Austria, July
2002.
* Stage II prototype of the Negotiation Module was
presented at the DARPA-DC PI meeting in San Diego, CA in January
2002
- Power Point Presentation by V.D. Gligor and J. Baras at
Joint Principal Investigator Meeting, San Diego, CA, January, 2002.
-
Poster presentation at Joint Principal Investigator Meeting, San
Diego, CA, January 2002.
* Stage III prototype for Joint Administration of Access Policies in dynamic coalitions.
- Poster presentation at Joint Principal Investigator Meeting, Newport, R, July 2002.FY-2001 Accomplishments:
* Virgil Gligor presented a paper, co-authored
with Himanshu Khurana, Radostina Koleva, Vijay Bharadwaj, and John
Baras, titled "On the
Negotiation of Access Control Policies",
Proc. of the Security Protocols Workshop, Cambridge, UK, April
2001. To appear in Lecture Notes in Computer Science, Springer-Verlag,
2002.
* Virgil Gligor presented a paper, co-authored with Himanshu Khurana,
titled
"Enforcement
of Certificate Dependencies in ad-hoc Networks" at the IEEE
International Conference on Telecommunications, Bucharest, Romania,
June 2001.
* The paper "Information
Theoretic Approach for Design and Analysis of Rooted-Tree Based
Multicast Key Management Schemes," (R. Poovendran and J. Baras)
appeared in the IEEE Transactions on Information Theory.
Future Plans
- finish the implementation of the Negotiation Module
- write a technical paper on the tools and technologies necessary for
the support of coalition dynamics
FY-2003 Technology Transition
Continue to disseminate research findings via conference, workshop,
and symposia presentations and to collaborate with our peers in the
industry, government, and academia.
For further information
about this project, please contact
Principal Investigator: Virgil D. Gligor
Professor Electrical and Computer Engineering Department
University of Maryland, College Park, Maryland 20742
Tel. (301) 405-3647
Fax. (301) 657-9021
(e-mail)
http://www.glue.umd.edu/~gligor/
Department of Electrical and Computer
Engineering
A.V.
Williams Building
University of Maryland
College Park, MD 20742
