!!! !!! !!! !!! !!! !!! !!! !!! !!! !!! !!! !!! !!! !!! !!! !!! !!! !!! !!! !!! ------------------------------------------------------------------------------- B O S T O N U N I V E R S I T Y Computer Science Department C O L L O Q U I U M Distributed, Multi-Party Security Policies Trevor Jim University of Pennsylvania Friday, April 23 11:00am (Coffee served at 10:45am) Seminar Room / MCS 135 ------------------------------------------------------------------------------- Any large scale security architecture that uses certificates to provide security in a network will need both a system for verifying and evaluating certificates, and a system for moving certificates around in the network. We have designed a system, QCM, that integrates the two. The key to the design is a high-level language for security policies that does not require knowledge of cryptographic primitives or protocols -- the policy writer does not have to write code to verify signatures or send messages. Instead, these tasks are handled by the QCM engine: given a policy, QCM automatically derives a protocol that verifies local certificates and obtains remote certificates as necessary to evaluate the policy. We have experimented with a wide variety of strategies for obtaining remote certificates, including query/response protocols, mirroring of security repositories, and integration with COTS databases. We are also able to handle both online and offline signatures, transparently to the user. In this talk I will demonstrate the system and discuss our efforts to deploy QCM as a security infrastructure on the active network backbone. Host: Mark Crovella (crovella@cs.bu.edu) ------------------------------------------------------------------------------- For colloquium info, including directions, see http://cs-www.bu.edu/colloquium -------------------------------------------------------------------------------