Elisa BertinoProfessor, CS Department, CERIAS, Purdue University |
 |
Policies Models and Tools for Collaborative Applications
Abstract
Policies are at the heart of any assured information sharing infrastructure for collaborative applications and may include those for access control, trust and accountability. Policies can be a key component in deciding what and how much to reveal in the discovery stage for both information seekers and providers. Policies can also drive the process of negotiation in the acquisition and release stage. Policies are needed to monitor and enforce usage control as well as for auditing and accountability. Fine-grained policy integration algorithms are needed to support dynamic coalitions and virtual organizations that need to quickly share and integrate information. Policies must adapt, based on events and contexts, to support continuous access to critical information resources. Enforcement mechanisms are also needed to allow different parties to take joint decisions about data accesses. In this talk, we will first discuss the various policies that are relevant in the context of secure information sharing across collaborating organizations. We will then focus on tools for policy similarity analysis, focusing on the case of policies expressed in XACML, and then we will present a reference architecture for collaborative enforcement of access control policies.
Biography
Elisa Bertino is professor of Computer Science at Purdue University and serves as Research Director of the Center for Education and Research in Information Assurance and Security (CERIAS). Previously she was a faculty member at Department of Computer Science and Communication of the University of Milan where she directed the DB&SEC laboratory. She has been a visiting researcher at the IBM Research Laboratory (now Almaden) in San Jose, at the Microelectronics and Computer Technology Corporation, at Rutgers University, at Telcordia Technologies.
Her main research interests include security, privacy, digital identity management systems, database systems, distributed systems, multimedia systems. In those areas, Prof. Bertino has published more than 250 papers in all major refereed journals, and in proceedings of international conferences and symposia. She is a co-author of the books "Object-Oriented Database Systems - Concepts and Architectures" 1993 (Addison-Wesley International Publ.), "Indexing Techniques for Advanced Database Systems" 1997 (Kluwer Academic Publishers), "Intelligent Database Systems" 2001 (Addison-Wesley International Publ.), and “Security for Web Services and Service Oriented Architectures” Springer (to appear in Summer 2007). She has been a co-editor in chief of the Very Large Database Systems (VLDB) Journal from 2001 to 2007. She serves also on the editorial boards of several scientific journals, incuding IEEE Internet Computing, IEEE Security&Privacy, ACM Transactions on Information and System Security, ACM Transactions on Web, Acta Informatica, the Parallel and Distributed Database Journal. She has served as Program Committee members of several international conferences, such as ACM SIGMOD, VLDB, ACM OOPSLA, as Program Co-Chair of the 1998 IEEE International Conference on Data Engineering (ICDE), as program chair of 2000 European Conference on Object-Oriented Programming (ECOOP 2000), of the 7th ACM Symposium of Access Control Models and Technologies (SACMAT 2002), of the EDBT 2004 Conference, and the IEEE Policy 2007 Workshop.
Elisa Bertino is a Fellow member of IEEE and a Fellow member of ACM and has been been named a Golden Core Member for her service to the IEEE Computer Society. She received the 2002 IEEE Computer Society Technical Achievement Award for "For outstanding contributions to database systems and database security and advanced data management systems" and the 2005 IEEE Computer Society Tsutomu Kanai Award “For pioneering and innovative research contributions to secure distributed systems.”