Reps, Thomas U of Wisconsin Madison
The goal of the proposed project is to create techniques that (i) provide better predictions of the behavior of computer systems, and (ii) make computer systems less vulnerable to attack. Speci.cally, we propose to develop improved security-analysis technology to be applied in two areas: Access control of shared computing resources Finding security vulnerabilities in programs Intellectual Merit: Solutions to the problems addressed in this proposal would provide 1. Better methods for access control of shared computing resources. Issues that will be addressed include: Enabling collaboration across separate administrative domains, while preserving privacy. Creating better methods for identifying access-control vulnerabilities and defects in accesscontrol policies. 2. Better tools for identifying security vulnerabilities in programs. While these two topics might, at .rst blush, seem unrelated, they turn out to be closely related at the technical level: problems in both areas can be formulated using the same machinery an automatatheoretic formalism called weighted pushdown systems (WPDSs). WPDS solvers represent a united technology for the key algorithms required in both areas. Consequently, the study of WPDSs and related formalisms provides intellectual leverage for making advances in both areas. Moreover, studying them together is likely to bring added bene.ts: past history has shown that improvements motivated by the needs in one area have had unanticipated bene.ts in the other area. Broader Impact: As the Internet has become pervasive, security and reliability issues have become enormously important to society. New security exploits are announced daily, power-grid failures are caused by bugs in software, and multi-hundred-million-dollar space projects are interrupted by software glitches. Better tools for identifying vulnerabilities in programs will lead to software systems with enhanced security and reliability. The growth of the Internet also o.ers the promise of an improved platform for cross-organization interaction and collaboration. However, the decentralized nature of the Internet presents an obstacle: currently, organizations maintain their own namespaces and impose their own access-control policies. Cross-domain interactions can be hindered by the need to set up access-control mechanisms that incorporate (in whole or part) those of the individual organizations, as well as by conficts in the structure and contents of existing namespaces and access-control policies. Better methods for access control of shared computing resources would provide improved .exibility for supporting cross-domain interactions via the Internet. A related objective is to provide better methods for predicting the behavior and consequences of an access-control policy that crosses organizational and trust boundaries. The proposed project aims to make fundamental advances in science and engineering that address these issues, all of which are relevant to the goals of NSF's Cybertrust program. Our tools and implementations will be made available for other researchers to download over the web and use in their own security-analysis work.