Addressing Intractable Optimization and Verification Problems in Access Control


May 15, 2013


Mahesh Tripunitara


University of Waterloo


Access control deals with regulating the accesses principals have to resources, and is an important aspect of security. Intractable (NP-hard) problems arise frequently in access control. In this talk, I will discuss three such problems. Two are multi-dimensional optimization problems that arise in the context of access-enforcement, and the third is a policy-verification problem. I will discuss the manner in which we have addressed the intractability of each using well-founded techniques, particularly the use of constraint-solvers augmented with domain-knowledge.

(This is joint work with Nima Mousavi and Vijay Ganesh of the University of Waterloo, Karthick Jayaraman of Microsoft, Martin Rinard of MIT, and Steve Chapin of Syracuse University.)


Mahesh Tripunitara

Mahesh Tripunitara is an assistant professor in the ECE department at the University of Waterloo in Canada, where he had been since 2009.
He works mostly in information security, on problems in access control, conditional payments, cryptographic key transport and more recently, computer hardware. He has a PhD in computer science from Purdue University, and about 9 years of industry-experience.