Home
About
- Welcome
- History
- Directions
- Sennott Square Maps
- Industry Board
- Contact Us
- Affiliated Programs:
- Intelligent Systems Program (ISP)
- Pittsburgh Supercomputing Center
- Organizations:
- Women in Computer Science
- Technology Leadership Initiative
People
Research
Graduate
- CS Events & Talks
- News & Announcements
- Course Schedule:
- Course Schedule (Spring 2012)
- Course Schedule (Summer 2012)
- Course Schedule (Fall 2012)
- Course Descriptions
- Graduate Degrees in Computer Science:
- Program Overview
- PhD Degree
- MS Degree
- Admissions
- Joint Programs:
- Computer Engineering
- Dual MS Degree
Undergraduate
- CS Events & Talks
- News & Announcements
- Course Schedule:
- Spring 2012
- Summer 2012
- Fall 2012
- Course Descriptions
- Degree in Computer Science:
- Program Overview
- Bachelors Degree
- CS Major Concentrations
- BS+MS Degree
- Minor
- Related Areas
- Degree Specializations:
- Bioinformatics
- Computer Engineering
- Scientific Computing
- Financial Assistance
- Financial Assistance
- Grants & Scholarships
- Career Opportunities:
- CS Opportunities
- Internships
- Co-Op Program
News
Intranet
Loading

Research Spotlight: Adam Lee, Assistant Professor

Assistant Professor Adam Lee receives an NSF Award in the Division of Computer and Network Systems. Towards Formal, Risk-Aware Authorization. This award is a four year grant.

The Trustworthy Computing Program supports research and education activities that explore novel frameworks, theories, and approaches towards secure and privacy-preserving systems, recognizing that a number of intertwined scientific, technological, economic and sociological challenges must be overcome, if we are to realize a trustworthy computing future.

Towards Formal, Risk-Aware Authorization

Traditional security authorization decisions are black and white: a user either satisfies a particular access policy or does not. This rigidity is a handicap in our complex and unpredictable world. As a result, even security-conscious organizations typically grossly over-provision principals with access rights and/or underconstrain access policies to ensure that principals can always carry out the organization's mission effectively and respond to unexpected opportunities and challenges.

Dr. Lee's project on Towards Formal, Risk-Aware Authorization focuses on developing dynamic and risk-aware approaches to access control that allow organizations to make security-critical decisions in the face of incomplete information and unexpected circumstances. This is accomplished by combining proof-theoretic access controls with economic models of risk. In the event that the expected proof of authorization for an action cannot be generated, the systems developed in this project carry out an efficient search for similar proofs of authorization that minimize the overall risk incurred by deviating from the expected. This approach allows policies to adapt dynamically to the changing context of the systems in which they are deployed.

This research will have several benefits, including increased system availability during disasters or other uncommon cases not explicitly modeled by policies; reduced instances of permission creep, as over-provisioning users is no longer required to ensure that an organization's business needs are met; a quantifiable means of assessing how policies are actually used and how they might be changed to better reflect the evolution of organizations; and the development of metrics for assessing access control risks.

Additional information about Dr. Lee's award can be found on the NSF Division of Computer and Network Systems website.

You can find more information about Dr. Lee's research projects from his personal web page.

You are using an older browser that does not support current Web standards. Although this site is viewable in all browsers, it will look much better in a browser that supports Web standards.