McDaniel, Patrick PA St U University Park Non-Lead Collaborative with 0524010, 0524035, 0524036
Protecting confidential information in dynamic, distributed environments whose participants have heterogeneous trust relationships is an important and difficult challenge. An important problem is how to consistently enforce security constraints in a practical manner as policies and the systems themselves evolve over time. Without care, inconsistently-viewed updates to policy could allow a principal to perform actions granted by an old policy, or worse, could allow a principal to release information or perform actions authorized by neither an old nor a new policy, but rather an illegal combination of the two.
The objective of the proposed research is to develop, implement, and evaluate security infrastructure for providing strong end-to-end security guarantees in dynamic environments where policy can change. The researchers will explore a novel synthesis of the state-of-the-art in security-typed programming languages for governing information flow; analysis for uncovering dependencies between principals, programs, and policies; and distributed protocols for coordinating policy updates. To motivate and validate the design decisions, this infrastructure will be incorporated into the programming language Cyclone, a type-safe variant of C, and used to build and evaluate distributed file system.