Computer Sciences Seminar
Friday, April 21, 2004 

Frtial Trust and Scalable Authorization
Eric Freudenthal
Courant Institute, NYU

Large and decentralized security-sensitive systems require mechanisms to enforce access control polices that may involve hundreds to many thousands of agents (users) and distinct classes of access rights. For example, consider the security needs of an Internet-scale service composed from dynamically instantiated mobile agents deployed onto a set of hosts that span a diverse group of loosely allied administrative domains. Agents and hosts must determine the level of each other's authorization and agents must determine the amount of authorization to attribute to other agents. In addition, the level of authorization should degrade as it is transitively delegated. Current access control systems provide no representation of this degradation beyond explicit enumeration, and do not address the systems challenges of collecting authorizing credentials and monitoring prolonged relationships between agents. This talk describes my recent work addressing these challenges. dRBAC is a Decentralized Role-Based Access Control system that provides mechanisms to collect credentials and authorize prolonged relationships. In addition, dRBAC embeds the degradation of authorization within transitive delegation credentials, thus permitting access-control decisions to specify a limit to this degradation. I will also describe my more recent investigation of a stochastic framework for evaluating the level of authorization conveyed via co-endorsement.

----------------------------------------

Eric Freudenthal is an Associate Research Scientist in the Computer Science Department of the Courant Institute at New York University. An objective of much of Eric's research has been the design and development of hardware and software system that provide high performance over a range of operating conditions.

His dissertation work, conducted at Courant, evaluated and improved the interaction of algorithmic and architectural mechanisms for coordinating large shared memory systems. Eric has also contributed structural and algorithmic components to the MSTAR model-based target recognition project. Most recently, Eric has investigated abstractions and mechanism useful for constructing robust, secure and self-organizing distributed systems.

=== Eric Freudenthal // Courant Institute // New York University
719 Broadway, Room 712 // New York, NY 10003
office: 212-998-3345 // cell: 917-279-6208