Project Details
Description
Assurance for distributed systems is based on constantly strengthening the protective boundaries that prevent and detect unauthorized access to computer systems. Accountability, ensuring that principals are liable for their actions, is an equally important issue. This project investigates a programming language approach to tracking accountability in distributed systems, specifically by extending the Java language to maintain a fine-grained audit trail for accountability purposes.
The proposed approach is based on associating secrecy (access control) and integrity information with data as it is retrieved and copied over the network. Distributed access control is not just enforced at one point in the network where the data is accessed, but may be enforced wherever a copy of the data is accessed. Distributed information flow types enforce access rights and enforce a form of causality that supports tracking of tracking of accountability for principals. In recognition of the fact that communication may be over an insecure network, sensitive data is assumed to be 'virtually' signed or encrypted, for integrity and secrecy guarantees, respectively. The computational burden of the ubiquitous application of cryptographic operations is avoided through the use of cryptographic types for static checking where possible.
Status | Finished |
---|---|
Effective start/end date | 1/09/02 → 31/08/08 |
Funding
- National Science Foundation