TruSe Funded Projects


		Funded Projects
		CAREER: Access Control Policy Verification Through Security Analysis And InsiderThreat Assessment National Science Foundation June 2005 to May 2010 PI: Ninghui Li Access control is one of the most fundamental security mechanisms in use today; however, the specification and management of access control policies remains a challenging problem, and today's administrators have no effective tools to assist them. This research addresses these needs and arising challenges by developing new verification techniques for access control policies, and verification tools that will help administrators specify, understand, and manage their access control policies. In particular, this research studies security analysis and insider threat assessment. Security analysis techniques answer the fundamental question of whether an access control system preserves essential security properties across changes to the authorization state. Insider threat assessment techniques determine what damages insiders can cause if they misuse the trust that has been placed on them. While focusing primarily on the widely-deployed Role-Based Access Control model, this project also aims at developing theoretical foundations and general techniques for access control policy verification. Insights obtained from this research will be applicable to other richer access control models and will help improve the understanding of the power and limitation of access control.
		Collaborative Research: A Comprehensive Policy-Drive Framework For Online Privacy Protection: Integrating IT, Human, Legal and Economic Perspectives National Science Foundation October 2004 to September 2007 Investigators: Purdue Team: Elisa Bertino (PI), Ninghui Li, Robert Proctor, Victor Raskin, Melissa Dark NCSU team: Annie Anton (PI), Ting Yu Privacy is increasingly a major concern that prevents the exploitation of the Internet's full potential. Consumers are concerned about the trustworthiness of the websites to which they entrust their sensitive information. Although significant industry efforts are seeking to better protect sensitive information online, existing solutions are still fragmented and far from satisfactory. Specifically, existing languages for specifying privacy policies lack a formal and unambiguous semantics, are limited in expressive power and lack enforcement as well as auditing support. Moreover, existing privacy management tools aimed at increasing end-users' control over their privacy are limited in capability or difficult to use. This project seeks to provide a comprehensive framework for protecting online privacy, covering the entire privacy policy life cycle. This cycle includes enterprise policy creation, enforcement, analysis and auditing, as well as end user agent presentation and privacy policy processing. The project integrates privacy-relevant human, legal and economic perspectives in the proposed framework. This project will develop an expressive, semantics-based formal language for specifying privacy policies, an access control and auditing language for enforcing privacy policies in applications, as well as theory and tools for verifying privacy policies. Additionally, experiments and surveys will be conducted to better understand the axes of users' privacy concerns and protection objectives. Results from this empirical work will be used to develop an effective paradigm for specifying privacy preferences and methods to present privacy policies to end users in an accurate and accessible way.
		ITR: Automated Trust Negotiation in Open Systems National Science Foundation September 2003 to August 2008 Investigators: Kent Seamons (BYU) PI, Ninghui Li (Purdue), John Mitchell (Stanford), Brian Tung (USC ISI), William Winsborough (GMU), Mairanne Winslett (UIUC) Automated trust negotiation (ATN) is a new approach to access control and authentication for the open, flexible systems formed by sets of organizations that must dynamically form coalitions and work together to respond to unforeseen needs and opportunities. ATN enables open computing by assigning an access control policy to each resource that is to be made accessible to "outsiders"; an attempt to access the resource triggers a trust negotiation, consisting of the iterative, bilateral disclosure of digital credentials and related information. This project will show that ATN is a practical solution to the access control and authentication problems of open computing systems, by resolving the most critical remaining theoretical and systems issues for the deployment of trust negotiation facilities. Specific areas that the project will address include access control policy languages for ATN, light-weight policy evaluation engines, improved ATN protocols and strategies compatible with the new languages, provable privacy and autonomy guarantees for negotiating parties, and a next-generation version of the TrustBuilder ATN prototype, demonstrating the deployment of ATN in a modular, reusable, and highly scalable implementation. These enhancements will be explored in the context of health care applications and additional scenarios supplied by the project partners.
		This website is currently maintained by Qihua Wang. Last modified on 01/15/2005.