Ph. D. Defense

SAFE: A Declarative Trust-Agile System with Linked Credentials

Speaker:Vamsidhar Thummala
vamsi at
Date: Tuesday, April 5, 2016
Time: 2:30pm - 4:30pm
Location: D344 LSRC, Duke


Secure Access For Everyone (SAFE), is an integrated system for managing trust using a logic-based declarative language. Logical trust systems authorize each request by constructing a proof from a context---a set of authenticated logic statements representing credentials and policies issued by various principals in a networked system. A key barrier to practical use of logical trust systems is the problem of managing proof contexts: identifying, validating, and assembling the credentials and policies that are relevant to each trust decision.

SAFE addresses this challenge by (i) proposing a distributed authenticated data repository for storing the credentials and policies; (ii) introducing a programmable credential discovery and assembly layer that generates the appropriate tailored context for a given request. The authenticated data repository is built upon a scalable key-value store with its contents named by secure identifiers and certified by the issuing principal. The SAFE language provides scripting primitives to generate and organize logic sets representing credentials and policies, materialize the logic sets as certificates, and link them to reflect delegation patterns in the application. The authorizer fetches the logic sets on demand, then validates and caches them locally for further use. Upon each request, the authorizer constructs the tailored proof context and provides it to the SAFE inference for certified validation. Delegation-driven credential linking with certified data distribution provides flexible and dynamic policy control within an agile security and trust infrastructure.

We evaluated SAFE by using it to build example applications based on case studies drawn from practice: (i) a secure name service similar to DNS that resolves names across multi-domain federated systems; (ii) a secure proxy shim to support rich access control in a key-value store; (iii) an authorization module for a networked infrastructure-as-a-service system with a federated trust structure (NSF GENI architecture); and (iv) authorization rules for a secure cooperative data analytics service that enables computation on sensitive data in compliance with secrecy constraints. We present empirical evaluation based on these case studies.

Advisor(s): Jeffrey Chase
Committee: Landon Cox, Bruce Maggs, Ilya Baldin, Michael Reiter