IMSc Webinar
Principled Approaches to Data Security and Policy Enforcement
Abhishek Bichhawat
Carnegie Mellon University
Enforcing security policies in systems have been challenging because of the complexity of both the application code and the policies. As different policies apply at the server and the client, policy enforcement is a non-trivial process. In this talk, I will focus on correct enforcement of security policies in applications in an end-to-end fashion. On the server side, I will present our work on policy inference from audit logs. The inference framework works with a possibly empty set of policies and a set of log entries, and infers policies that after validation can be used audit the logs and enforce runtime policy checks. On the client side, I will discuss our methodology to make the technique of dynamic information flow control more permissive by using ideas from program analysis techniques. I will conclude by discussing our ongoing work on verifying cryptographic protocols that are normally used for communication between two parties, and future interests in the area of policy enforcement.
Join at: meet.google.com/koj-cmup-ueg
Done