Policies are at the heart of any assured information sharing infrastructure for collaborative applications and may include those for access control, trust and accountability. Policies can be a key component in deciding what and how much to reveal in the discovery stage for both information seekers and providers. Policies can also drive the process of negotiation in the acquisition and release stage. Policies are needed to monitor and enforce usage control as well as for auditing and accountability. Fine-grained policy integration algorithms are needed to support dynamic coalitions and virtual organizations that need to quickly share and integrate information. Policies must adapt, based on events and contexts, to support continuous access to critical information resources. Enforcement mechanisms are also needed to allow different parties to take joint decisions about data accesses. In this talk, we first discuss the various policies that are relevant in the context of secure information sharing across collaborating organizations. We then present EXAM – an environment supporting several functions for XACML policy analysis, including a policy similarity tool, and integration. The policy similarity tool is based on a light-weight ranking approach to help a party quickly locate parties with potentially similar policies for collaboration. In particular, given a policy P, the similarity measure assigns a ranking (similarity score) to each policy compared with P. We formally define the measure by taking into account various factors and prove several important properties of the measure. Our extensive experimental study demonstrates the efficiency and practical value of our approach. EXAM also supports a more fine-grained comparison technique for policies as well as an integration algebra for combining different policies. We finally discuss a model for obligation support in XACML and present a reference architecture for collaborative enforcement of access control policies.
Elisa Bertino is a Fellow of ACM and of IEEE. She received the IEEE Computer Society 2002 Technical Achievement Award and the IEEE Computer Society 2005 Kanai Award. She a member of the editorial board of IEEE Transactions on Dependable and Secure Computing, and IEEE Security & Privacy. She is currently serving as chair of the ACM Special Interest Group on Security, Audit and Control (ACM SIGSAC).
| Cluster | Description |
|---|---|
| Computational Vision and Acoustics | Focuses on the acquisition and processing of visual and acoustical information. Computer vision involves creating algorithms that extract knowledge from the visual domain whereas acoustical analysis involves extracting information from both speech and non-speech sources. |
| Computer Graphics and Visualization | This area provides the technical foundations for studies in Computer Graphics. Areas for advanced study include Advanced Graphics Programming, Image Synthesis, Computer Animation, Virtual Reality, and Data Visualization. |
| Data Management | Studies foundational data management and knowledge discovery challenges prevalent in design, analysis and organization of data. This area can be applied in a variety of domains including data management in resource constrained environments, enterprise and multimedia databases, active and secure databases and knowledge discovery algorithms. |
| Distributed Systems | This area studies systems formed from multiple cooperating computers. This includes the analysis, design, and implementation of distributed systems, distributed middleware, and computer networking protocols, including security. |
| Intelligent Systems | Intelligent Systems encompasses the study of algorithms and architectures that enable effective decision making in complex environments. Researchers in this area include faculty, undergraduate and graduate students working on projects in computer vision, robotics, virtual theatre, sensor networks, data mining, document recognition, and the theoretical foundations of decision-making (e.g. Markov chains and the properties of voting protocols). |
| Languages and Tools | The Languages and Tools area studies language design and implementation together with architecture and use of software development tools. |
| Security | The Security area spans topics from networking to cryptography to secure databases. By choosing different domains in which to study security students can gain a broad understanding of both theoretical and applied knowledge. |
| Theory | The Theory area studies the fundamentals of computation. These fundamentals include complexity theory to determine the inherent limits of computation and communication and cryptography and the design and analysis of algorithms to obtain optimal solutions within those limits. |
