Attribute-Based Security and Messaging

  • Carl Gunter | University of Illinois at Urbana-Champaign

Attribute-Based Access Control (ABAC) provides a strategy for setting up access rules by exploiting attributes of principals and objects from an enterprise information system or digital credentials. ABAC can replace or complement other approaches like Access Control Lists (ACLs) and Role-Based Access Control (RBAC). In recent years, there has been a growth of other attribute-based systems including Attribute-Based Encryption (ABE) and Attribute-Based Messaging (ABM). In ABM email messages use addresses that describe recipient attributes rather than an explicit list of the recipients. Such addressing makes messages more efficient, exclusive, and intensional but raises challenges for security and privacy. This talk will discuss attribute-based security systems in general and use of ABAC and ABE to solve security problems faced by ABM. We describe requirements for ABM and a practical architecture that addresses them. We have built a prototype and collected performance results that show its feasibility for at least mid-size organizations. We end with some speculation on other ways to exploit attribute-based security techniques for goals like adding protection to databases and multi-tier web systems.

Speaker Details

Dr. Gunter received his BA from the University of Chicago in 1979 and his PhD from the University of Wisconsin at Madison in 1985. He worked as a postdoctoral researcher at Carnegie-Mellon University and the University of Cambridge in England before joining the faculty of the University of Pennsylvania in 1987. He joined the University of Illinois at Urbana-Champaign (UIUC) in 2004 where he is a professor, Director of the Illinois Security Lab, and member of the Arms Control, Disarmament and International Security executive committee and the Information Trust Institute Steering Committee. He is the head of the Systems and Networking Area of the department of Computer Science at UIUC and the chair of the steering committee for the ACM Conference on Computer and Communications Security (CCS).He does research and teaches in his areas of technical expertise: security, networks, programming languages, and software engineering. His work includes contributions to the semantics and design of programming and policy languages, models and analysis techniques for networks and security, and applications of formal logic in computer science. He is the author of more than 80 scientific research publications and patents and a textbook on semantics of programming languages published by MIT Press. He is a founder of Probaris, a company that provides identity management technologies, and has served as a consultant to research labs and companies and as an expert witness on legal cases concerning fraud, contract, copyright, and patent infringement.

Watch Next