CAREER: Programmable Security for Distributed Systems and Databases

职业：分布式系统和数据库的可编程安全性

• 批准号: 9984774
• 负责人: John Hale
• 金额: $ 21万
• 依托单位: University of Tulsa
• 依托单位国家: 美国
• 项目类别: Continuing Grant
• 财政年份: 2000
• 资助国家: 美国
• 起止时间: 2000-07-01 至 2005-08-31
• 项目状态: 已结题
• 来源: https://www.nsf.gov/awardsearch/showAward?AWD_ID=9984774&HistoricalAwards=false
• 关键词: CAREER; Programmable; Security; Distributed; Systems

John HaleUniversity of TulsaCCR-9984774ABSTRACT Systematic attacks to military, government and corporate networks underscorethe fundamental importance of computer security. Unfortunately, currentapproaches to security often yield ad hoc patchworks of inconsistent policiesand incompatible mechanisms. The problem is two-fold: Techniques and tools arelimited, and educational programs are sparse. The research activities embed configurable security services withinprogramming languages for developing distributed applications. Denotationalsemantics for these languages map high-level access control structures into aticket-based model that captures heterogeneous security policies and supportsthe formal verification of secure behavior. Specialized algorithms implementsecurity proofs for applications at compile-time and runtime. A secure information enclave, a proof-of-concept application, is builtaround a glue language with programmable security policy coordination services.Mediators gather metadata from remote sites, engaging cooperative policymanagement methods to negotiate secure interoperability. Static and dynamicanalyses guarantee global policy consistency for the enclave. The educational activities have three major thrusts: The development of aCenter of Excellence for Information Assurance Education, the expansion of theTulsa Undergraduate Research Challenge --a nationally recognized program ofacademics, research and service designed for computer science majors, and thesystematic incorporation of minorities, especially Native Americans (the PI is anative Cherokee), in computer science and engineering programs in the state ofOklahoma.

约翰·黑尔塔尔萨大学CCR-9984774摘要 对军事、政府和企业网络的系统性攻击凸显了计算机安全的根本重要性。 不幸的是，目前的安全方法往往产生不一致的政策和不兼容的机制的临时拼凑。 问题是双重的：技术和工具有限，教育项目稀少。 研究活动将可配置的安全服务嵌入到编程语言中，用于开发分布式应用程序。 这些语言的表示语义将高级访问控制结构映射到基于票据的模型中，该模型捕获异构的安全策略并支持安全行为的形式化验证。 专门的算法在编译时和运行时为应用程序实现安全性证明。 一个安全的信息飞地，一个概念验证的应用程序，是建立在一个胶水语言与可编程的安全策略协调服务。调解人收集元数据从远程站点，从事合作的策略管理方法协商安全的互操作性。 静态和动态分析保证了安全区的全局策略一致性。 教育活动有三个主要的推力：卓越的信息保障教育中心的发展，塔尔萨大学本科生研究挑战的扩大-一个国家认可的计划ofacademics，研究和服务设计的计算机科学专业，和thesystematic纳入少数民族，特别是美洲原住民（PI是积极的切罗基），在计算机科学和工程计划在俄克拉荷马州。