My research interests
Whilst I am interested in computer security in general, my specific research interests are concerned with access control systems. The problem of assigning resources and data to users (both human and machine) has been the topic for a considerable amount of academic research for a number of years and various solutions have been devised that address the problems of the particular age. Todays computer systems are incredibly complex and critical to many aspects of business, government, public service and the day-to-day lives of individuals. Information is a valuable resource and it is important that it does not fall into the hands of unauthorised parties. Custodians of information are required to protect personal privacy, business interests, state security etc. and the systems of access control represent a key protection tool in their armoury.
A focus for recent research has been the development of systems of access control within the context of business process management. Business processes can be modelled as sets of interdependent tasks; workflows basically. Each task can be associated with a set of resources and with a set of users who are entitled to perform that task. An example of a business process is the initialisation, processing, authorisation and approval of a purchase order within a business. The challenge for these access control systems is the implementation of business rules that are specified to enforce security principles across an organisation. For example, a key business rule is "dynamic segregation of duties". This rule, when properly invoked, ensures that no individual can exercise complete control over a business process.
Whilst various models of business process access control have been devised they tend to represent a specific, self-contained solution, often with some form of policy language based upon symbolic logic. Commonly, these models lack the means to analyse access control policies in respect of their security characteristics. I am attempting to develop a generalised, platform-independent modelling environment that enables the encoding of business process access control systems - a metamodel for access control systems if you like. A key feature of the modelling environment is its use of a history of access to task instances by users as this is the only means whereby dynamic segregation of duties can be properly implemented and analysed. The modelling environment enables the detailed analysis of access control policies for satisfiability, i.e. can a specific business process be completed with the available set of users and user/role assignments? and how secure is the system in respect of the potential for information leak e.g. how many colluding users would result in complete control of a business process by an unauthorised third party? The modelling environment, called the pi-epsilon calculus is based upon the applied pi calculus coupled with a universal, monotonically refined history store. Currently, I am endeavouring to develop the underlying theory of the pi-epsilon calculus, specifically, the rules for observational equivalence and labelled bisimilarity and crucially I am attempting to establish that observational equivalence and labelled bisimilarity are equivalent.
Listed below are my progress reports to date:
Reports
Report 2 - April 2007
Report 3 - September 2007
Report 4 - April 2008
A focus for recent research has been the development of systems of access control within the context of business process management. Business processes can be modelled as sets of interdependent tasks; workflows basically. Each task can be associated with a set of resources and with a set of users who are entitled to perform that task. An example of a business process is the initialisation, processing, authorisation and approval of a purchase order within a business. The challenge for these access control systems is the implementation of business rules that are specified to enforce security principles across an organisation. For example, a key business rule is "dynamic segregation of duties". This rule, when properly invoked, ensures that no individual can exercise complete control over a business process.
Whilst various models of business process access control have been devised they tend to represent a specific, self-contained solution, often with some form of policy language based upon symbolic logic. Commonly, these models lack the means to analyse access control policies in respect of their security characteristics. I am attempting to develop a generalised, platform-independent modelling environment that enables the encoding of business process access control systems - a metamodel for access control systems if you like. A key feature of the modelling environment is its use of a history of access to task instances by users as this is the only means whereby dynamic segregation of duties can be properly implemented and analysed. The modelling environment enables the detailed analysis of access control policies for satisfiability, i.e. can a specific business process be completed with the available set of users and user/role assignments? and how secure is the system in respect of the potential for information leak e.g. how many colluding users would result in complete control of a business process by an unauthorised third party? The modelling environment, called the pi-epsilon calculus is based upon the applied pi calculus coupled with a universal, monotonically refined history store. Currently, I am endeavouring to develop the underlying theory of the pi-epsilon calculus, specifically, the rules for observational equivalence and labelled bisimilarity and crucially I am attempting to establish that observational equivalence and labelled bisimilarity are equivalent.
Listed below are my progress reports to date:
Reports
Report 2 - April 2007
Report 3 - September 2007
Report 4 - April 2008