Research objectives and content
Most human societies and organisations are resilient in that they survive the dishonestry or incompetence of individual members, yet this resilience is generally absent from the automatic information processing systems on which these societies and organisations increasingly depend. The overall goal of my proposed research is to develop the means of building distributed systems that continue to obey a desired security policy even when one or more clients or servers are subverted by an attacker.
My first research goal is to establish a theoretical framework for mapping classical access control policies such as Bell-LaPadula and Clark-Wilson on to protocols for distributed authentication and key exchange using mechanisms such as threshold signature and byzantine fault tolerance. My second goal is to build one or more demonstrator systems to show that resilient distributed systems are possible.
I hope to facilitate new distributed applications with a high degree of resilience, that use resources efficiently, and that can be easily administered, while placing only limited trust in the physical security of the hardware and the trustworthiness of individual staff.
Training content (objective, benefit and expected impact)
The project will give me a thorough understanding of threat models and security mechanisms including crypto protocols, access control, hardware aspects of system security, evaluation and formal verification. I will also get to understand the tradeoffs between performance and assurance. Links with industry / industrial relevance (22)
Cambridge has a large number of computer companies, many of them spun off from the University and with which the laboratory maintains close links. The laboratory also advises the UK insurance industry and the British Medical Association on security risks of information systems.