Associate Professor, Department of Computer Science, University of Illinois at Chicago
.Founding Director, Center for Research and Instruction in Technologies for Electronic Security (RITES)
When I initially started working on authorization systems, my work proceeded along two tracks: an operating system based implementation called kernelSec and a theoretical exploration of decidable properties of authorization systems. I had originally thought these were two views of the same thing, but over time it became clear that, while there was overlap, these two views were different.
The higher level view became SPBAC which included both ordinary permissions and administrative controls. The lower level became kernelSec which we are implementing in the Linux operating system kernel. The SPBAC level is intended to be
Of course, maintaining two different representations has a drawback: how do we ensure that two representations are the same (or at least consistent with each other). We have adopted a rather traditional approach of deriving the low level representation from the high level specification algorithmically by a technique we call factoring. (Some students and I have a paper under submission which describes factoring for information flow security properties).
A substantial portion of this work involves both the complexity analysis and the mapping out of security properties. I believe that substantially all of the authorization issues (policies) can be expressed as security properties. Basically, these security properties are the building blocks via which the various security models (Bell-LaPadula, Biba, Clark-Wilson and many others) can be described. I'm doing the more theoretical components of this work with Robert Sloan and Lenore Zuck.