Abstract: Managing least-privilege access to enterprise services is a complex undertaking. Numerous security mechanisms must be painstakingly configured and maintained, often by different administrators in different organizations and at different sites. This piecemeal approach results in labor-intensive security management practices that are expensive, slow to adapt, and often lead to unintended consequences.

We present a systematic approach to bridge the gap between high-level access policies and their distributed implementation. Our techniques enable automated validation and generation of access control configurations against end-to-end access policies. This talk will describe our approach and laboratory prototype, and present questions for further research.

This is joint work with Bill Horne, S. Rajagopalan and Prasad Rao at HP Labs.

Sandeep Bhatt is a research scientist in the HP Trusted Systems Laboratory. He previously worked at Bellcore (now Telcordia) where he led the network algorithms and optimization group, at Akamai Technologies, where he led the systems performance group, and Yale University. His interests have included graph algorithms, with applications to network management, parallel computing, and VLSI layout. He received his undergraduate and graduate degrees at MIT. Appointments: rosemary@cs.cmu.edu