Startseite // SnT // Distinguishe... // Subterfuge in Decentralized Authorization Systems - October 18, 2012

Subterfuge in Decentralized Authorization Systems - October 18, 2012

It is our pleasure to host this distinguished lecture by Dr. Simon Foley, University College Cork. The lecture will be followed by a reception. Please feel free to forward this invitation.

Date: October 18, 2012
Time: 16:30
Venue: Weicker Building - Atrium ground floor, 4 rue Alphonse Weicker, L-2721 Luxembourg

Abstract: Trust Management systems provide a decentralized approach for managing delegation of trust between principals. These systems are typically explicit in their assumption that principals can be tied to an unambiguous identification, for example, Alice with her unique public key. However, the literature has generally not been as prescriptive in terms of how permission identifiers should be tied to the actions that they authorize. While central authorities such as ICANN provide identifiers that could be used for this purpose, a malicious principal can still choose to ignore or misrepresent the interpretation. 

Subterfuge arises when there is ambiguity in interpreting a delegated permission. This can come about from an attacker perturbing a victim's delegation graph by concealing and/or injecting delegation certificates. As a consequence, the victim may violate the requirements that guide its own delegation actions.

In this lecture I will give examples and discuss the design and analysis of decentralized authorization systems that are resilient to subterfuge. The material is reasonably self-contained and presumes minimal understanding of network security.

Dr. Simon Foley is a Statutory Lecturer in Computer Science at University College Cork where he leads the security group based in the Cork Constraint Computation Centre. His research interests include distributed security, security modeling, security configuration, risk management and security psychology. Prior to his current appointment in 1991, he was at Odyssey Research Associates NY and Cranfield IT Institute. He has also held visiting positions at SRI International, Cambridge University and IBM. Dr. Foley currently serves on the Editorial Board of the Journal of Computer Security, and is General Chair of the Seventh International Conference on Risks and Security of Internet and Systems held in Cork, October 2012.