CT-ISG: Attribute-based Security and Messaging

CT-ISG：基于属性的安全和消息传递

• 批准号: 0716626
• 负责人: Carl Gunter
• 金额: --
• 依托单位: University of Illinois at Urbana-Champaign
• 依托单位国家: 美国
• 项目类别: Standard Grant
• 财政年份: 2007
• 资助国家: 美国
• 起止时间: 2007-09-01 至 2010-08-31
• 项目状态: 已结题
• 来源: https://www.nsf.gov/awardsearch/showAward?AWD_ID=0716626&HistoricalAwards=false
• 关键词: CT; ISG; Attribute; based; Security

Messaging systems are a critical application for the Internet, but systems like Internet email based on the SMTP protocol are beset by many problems such as abuse of access control for email in-bins (SPAM), authentication (phishing and other types of fraud), confidentiality (where end-to-end encryption is still a challenge), and reliability. Important application areas such as the medical and financial sectors have turned to other mechanisms. For example, the Centers for Disease Control and Prevention (CDC) standards for messaging envision an architecture in which communications are based on web services, an emerging XML-based foundation for distributed computing. Financial entities like banks and mutual funds have developed techniques where back-end server systems implement their own secure messaging while users are notified of messages by SMTP and use browsers to access messages. This architecture has emerged as a widespread ad hoc work-around to achieve a practical solution but without the deeper analyses (especially for security) for ensuring its rigorous foundations.This project will develop new architectures and strategies for secure messaging systems based on attribute-based security and messaging. In this approach, attributes of principals are the primary foundation for access control, routing, and security transformations. Attribute-Based Access Control promises greater flexibility and integration than access control lists and roles. Attribute-Based Messaging makes messaging more dynamic and targeted. Attribute-Based Encryption allows only the principals with specified attributes to decrypt messages. The project will advance these three attribute-based techniques and assess their effectiveness in a web-services application.

消息传递系统是互联网的关键应用，但像基于SMTP协议的互联网电子邮件系统受到许多问题的困扰，例如滥用对电子邮件回收站的访问控制(垃圾邮件)、身份验证(网络钓鱼和其他类型的欺诈)、机密性(其中端到端加密仍然是一个挑战)和可靠性。医疗和金融等重要应用领域已转向其他机制。例如，疾病控制和预防中心(CDC)的消息传递标准设想了一种通信基于Web服务的体系结构，Web服务是一种新兴的基于XML的分布式计算基础。银行和共同基金等金融实体已经开发出技术，其中后端服务器系统实现自己的安全消息传递，同时通过SMTP通知用户消息并使用浏览器访问消息。这个体系结构已经成为一种广泛的临时解决方案，以实现一个实用的解决方案，但没有进行更深入的分析(特别是安全分析)来确保其严格的基础。该项目将开发基于属性的安全和消息传递系统的新体系结构和策略。在这种方法中，主体的属性是访问控制、路由和安全转换的主要基础。与访问控制列表和角色相比，基于属性的访问控制承诺了更大的灵活性和集成性。基于属性的消息传递使消息传递更具动态化和针对性。基于属性的加密只允许具有指定属性的主体解密消息。该项目将推进这三种基于属性的技术，并评估它们在网络服务应用程序中的有效性。