Joint ISR and CyLab Seminar Series CyLab and ISR present: Brian LaMacchia, Microsoft Monday, November 6, 2006, noon CIC Distributed Education Center lunch will be provided SecPAL: A Declarative Language for Specifying Access Control, Trust and Delegation in Distributed Grid Computing Environments Abstract: The development of large-scale, multi-domain, Grid computing environments has highlighted the need for fine-grained control over trust relationships and delegated access rights. Existing approaches do not fully satisfy these needs-- they typically lack precision or require an undesirable reliance on centralized administration to be effective. In addition, one finds multiple independent mechanisms, with disparate semantics, being used to manage trust, delegation and authorization. This makes it difficult to understand the effective security in large distributed systems and complicates their management. This talk will present SecPAL, a "security policy authorization language" that we have designed and implemented as part of recent work focused on providing a more flexible and effective means of securing complex distributed systems. SecPAL provides a unified approach for specifying trust, delegation, and authorization policies as well as security assertions about principals in the system. Both policies and credentials are defined in SecPAL as collections of asserted claims. These claims are then expressed using predicates defined by logical clauses in the style of constraint logic programming. Access requests are mapped to logical authorization queries, and access is granted if the query succeeds against the current database of claims. Our implementation of SecPAL uses an XML-based encoding for security policies and security tokens that fits naturally into a Web Services-based environment. Several examples will be presented showing how one can use this technology to achieve a highly flexible and uniform approach to controlling resource access in large-scale distributed computing environments like Grids. Joint work with Blair Dillaway, Gregory Fee and Jason Mackay of the Microsoft Advanced Technology Incubation Group, and Moritz Becker, Cédric Fournet and Andrew Gordon of Microsoft Research. Bio: Dr. Brian A. LaMacchia is a Software Architect in the Office of the Chief Research and Strategy Officer at Microsoft, where he works on security architectures for fine-grained, decentralized execution environments. Brian is also a founding member of the Microsoft Cryptography Review Board and consults on security and cryptography architectures, protocols and implementations across the company. Prior positions Brian has held at Microsoft include Software Architect for cryptography in Windows Security, Development Lead for .NET Framework Security and Program Manager for core cryptography in Windows 2000. Prior to joining Microsoft, Brian was a member of the Public Policy Research Group at AT&T Labs-Research in Florham Park, NJ. Brian is also an affiliate faculty member of the Department of Computer Science and Engineering at the University of Washington. He received S.B., S.M., and Ph.D. degrees in Electrical Engineering and Computer Science from MIT in 1990, 1991, and 1996, respectively. For appointments with the speaker, please contact Jennifer Lucas