GRIDLOCK: A New Scalable Approach to Unifying Computer and Communications Security
Yale University, New Haven CT
Investigators
Abstract
The GRIDLOCK hypothesis is that use of a globally specified and locally interpreted policy language for specification of access-control policy can provide a new, unified approach to securing network applications. In particular, this approach can be used to specify network access-control policies and host access-control policies in combination to provide "virtual private services." GRIDLOCK simultaneously provides more security to applications, greater scalability, and unification of network access control and host access control. Policies are specified in a new policy-expression language, modeled on the KeyNote trust-management language. This design supports compliance checking, with which credentials provided by a client can be validated to provide access to a resource. The applicability of this layer-crossing approach to multiple virtual private services is investigated. The research focuses on the development of formal semantics for the unified access-control policy, as well as a rigorous experimental investigation, using multiple example applications. The expected results include both the new policy-expression language and the demonstration that a scalable access-control model for networked applications is practical.
View original record on NSF Award Search →