Commit 4e25cb44 authored by Pietro Abate's avatar Pietro Abate
Browse files

[r2004-10-28 22:52:21 by beppe] Empty log message

Original author: beppe
Date: 2004-10-28 22:52:21+00:00
parent a3019519
......@@ -81,8 +81,7 @@ aspects related to streaming also when the data is compressed.
document validation and for checking integrity constraints, but as
with standard programming languages, types are at the basis of many
helpful optimizations. This makes the study of typing systems one of
our primary objectives.<br/><br/></li>
<li>
our primary objectives.<br/><br/>
Another motivation for line of work is our interest in integrity
constraints whose satisfaction does not depend on the ordering of
the fields in a document, unlike the constraints expressible in
......@@ -135,10 +134,36 @@ developing type theoretic methods and tools that enable formal analyses of
security guarantees appropriate for systems and applications on the global
computing platform.</p>
<p>More information about the project can we found in the following page on
<p>More information about the project can be found in the following page on
<a href="http://www.informatics.sussex.ac.uk/users/vs/myths/index.htm">MyThS</a></p>
</box>
<box title="Casc" link="casc">
<p>
Preserving the confidentiality and integrity of data hosted in multiple distributed sources (personal, administrative, healthcare, business or scientific data) constitutes a tremendous challenge for the database community. Unfortunately, existing access control models implemented in Data Base Management Systems (DBMS) exhibit important weaknesses. First, existing models are unable to tackle the complexity of distributed and decentralized organizations as well as the growing diversity of channels to access the information. Second, while the semantics of access control policies is well established when applied to relational data, things become fuzzier when semi-structured and hierarchical data like XML documents - are considered. Third, existing models suffer from a centralized access rights administration, making them more vulnerable to both internal and external attacks (according to the FBI computer crime and security report, more than 50% of database attacks are conducted by insiders). The goal of the CASC project is to address these three important issues: how to tackle complex distributed organizations, how to define accurate access control policies on XML-like data and how to secure the global architecture against attacks.
</p>
<p>
Several access right models have been proposed in the literature (the most well known being DAC, MAC and RBAC) and existing DBMS mix concepts from different models in the same implementation. The resulting models are not always well formalized so that some situations are complex to model and may lead to unexpected information leakage. In this context, we proposed a formal access right model, called ORBAC (Organization Based Access Control model), that encompass all the concepts required to express a security policy in complex distributed organizations. Its generality and formal foundation makes this model the best candidate to serve as a common framework in this project. The work plan will be divided into three tasks, each of them addressing one of the aforementioned issues:
</p>
<p>
- Extending ORBAC towards distributed architectures. The objective is to extend ORBAC with the concepts required to deploy and administer the model in distributed organizations. More precisely, the following problems have to be addressed: consistency of the access rules to be deployed, distribution of the access right control, distribution of the access right administration and characterization of the trusted components that need to be integrated in the global architecture to secure it.
</p>
<p>
- Instantiate ORBAC in the XML context. XML is now a de facto standard to exchange data on the Internet. To date, few attentions have been paid on the definition of an access right model for XML and all proposals suffer from important drawbacks. Defining a coherent and powerful access right model for XML is still an open issue that slows down the deployment of many Web applications dealing with sensitive data. The ORBAC model provides a sound basis to define such a model. While ORBAC is agnostic wrt a data model, interesting and difficult problems are foreseen in the translation of ORBAC concepts into XML concepts.
</p>
<p>
- Chip-Secured XML-ORBAC architecture. Whatever be the expressive power of an access right model, it remains inoperative against attacks directed to the database footprint on disk by an intruder and against the actions of an ill-intentioned Database Administrator (DBA) (a DBA has enough privileges to change the access right policy or to tamper the access right management). Our objective is to study how data encryption and secured hardware components (e.g., smartcards or tokens) could be exploited to secure the control and the administration of ORBAC access right rules applied to XML documents.
</p>
<p>
This project may lead to significant advances in the following areas: (1) abstraction of the fundamental concepts required in any access right model and formalization of the associated administration procedures, (2) definition of a powerful and sound access right model for XML documents and (3) definition of chip-secured data access and administration architectures. In addition, this combination of research efforts around the ORBAC model allows to investigate a complete and general solution to secure distributed confidential data.
</p>
<p>
This ambitious objective could be reached thanks to the complementary skills of the CASC partners, namely: formalization of access right models integrating the concepts of organization and context usage (ENST-B), access right models for XML documents (LIUPPA), security analysis of XML transformations (ENS-LRI) and chip-secured data access models and data encryption (INRIA).
</p>
<p>More information about the project can be found in the following
<a href="http://www-smis.inria.fr/~bouganim/CASC/">page</a></p>
</box>
</page>
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment