Defense Advanced Research Projects Agency

Integrated Security Services for Dynamic Coalition Management

 

 

Virgil Gligor, John Baras, Raadhakrishnan Poovendran

Objective

The objective of this project is to enable the creation and management of coalitions with diverse and rapidly changing membership, dynamically. Specifically, the project aims at providing solutions to fundamental problems of integrating diverse access control policies, public-key infrastructures (PKIs) and secure group-communication techniques for dynamic coalitions. Currently, the project objective is unattainable because of (1) inability to represent, negotiate, and enforce a consistent security policy across multiple organizations, system platforms, and public-key infrastructures, (2) lack of secure group-communication services, products, and policies to enable large-scale management of group access rights within tight time constraints, and (3) absence of visual tools for definition and management of security policies.

Approach

The project is based on the following five basic ideas: (1) the integration of a common access control policies, PKIs, and group-communication technologies is mandated by the dynamic coalitions; (2) the representation of a common security policy is mandated by the requirement for dynamic policy negotiation, and, in its turn, requires the definition of policy properties and property dependencies, (3) the effective management of a security policy is mandated by the visualization of the common policy representation; (4) the scalable group-key generation, distribution, revocation, which survives denial-of-service attacks caused by dynamic re-keying, is mandated by the requirement of frequent group-membership changes; and (5) the extension of PKIs with certificate revocation and review policies (not just mechanisms) is mandated by policy integration. We conduct the project in three phases, namely the analysis, design, and implementation of servers for access control policies, secure group communication, and certificate management in PKIs. In each phase, we investigate the implications of the five basic ideas in the context of practical systems and applications.

Accomplishments

FY 2000 -- The project started in 'mid March 2000, and since then we focused on the access control policy representation and integration with PKIs. In this area, we presented the paper ``Review and Revocation of Access Privileges distributed with PKI Certificates,'' (H. Khurana and V.D. Gligor) at the 8th International Workshop on Security Protocols, held at the University of Cambridge, UK, in April 2000. We have also completed part of the analysis of secure group-key management and completed at paper entitled ``Information Theoretic Approach for Design and Analysis of Rooted-Tree Based Multicast Key Management Schemes,'' (R. Poovendran and J. Baras) to appear in the IEEE Transactions on Information Theory.

Plans for FY 2001

Continue the analysis of:

  • access control policy representation and negotiation;
  • integration of access control with PKIs and secure group communication;
  • key management properties for secure group communication.

Technology Transition

Continue to disseminate research findings via conference, workshop, and symposia presentations and to collaborate with our peers in the industry, government, and academia.

Web Site

This project is sponsored by the Defense Advanced Research Projects Agency (DARPA).

Send questions or comments about this web site to the Center for Satellite and Hybrid Communication Networks, Institute for Systems Research, University of Maryland.