February 22, 2013: Seminar Announcement- Prasad Naldurg: "Baaz: A system for detecting access control misconfigurations"

Seminar Announcement


Baaz: A system for detecting access control misconfigurations"

Prasad Naldurg
Researcher, Microsoft Research India
Friday, February 22, 2013
11:00 a.m., 1325 SEO Building


Abstract:

With Baaz, our goal is to understand real world issues related to maintaining correct access control to shared resources such as file servers, wikis, and databases, which is an important part of enterprise network management. A combination of many factors, including high rates of churn in organizational roles, policy changes, and dynamic information-sharing scenarios, can trigger frequent updates to user permissions, leading to potential inconsistencies. We present a distributed system that monitors updates to access control metadata, analyzes this information to alert administrators about potential security and accessibility issues, and recommends suitable changes. In a deployment of our system on an organizational file server that stored confidential data, we found 10 high level security issues that impacted 1639 out of 105682 directories. These were promptly rectified [Usenix Security 2010]. Baaz also provides formal consistency and convergence guarantees, teasing policies out of raw implementations and helping administrators maintain secure access controls [FAST 2011].

Brief Bio:

Prasad Naldurg is a researcher in the Security and Privacy group at Microsoft Research India since September 2005. His research interests include formal methods and verification for security, programming languages and tools, privacy, and applied cryptography. His has published over 30 papers in top security conferences including CCS, Usenix Security and NDSS. He received his PhD in Computer Science from the University of Illinois at Urbana-Champaign in 2004 and has taught several undergraduate and graduate courses in security, cryptography and formal methods.











































 
Copyright 2016 The Board of Trustees
of the University of Illinois.webmaster@cs.uic.edu
WISEST
Helping Women Faculty Advance
Funded by NSF