Suresh Kothari Richardson Professor of Electrical and Computer Engineering
Iowa State University
An Introductory Tutorial on Applying Mathematics to Address Cybersecurity and Software Safety
This tutorial will trace the history of a branch of mathematics and how that mathematics is likely to be the key to verify software for safety and security. While mathematics is crucial, being able to apply it to real-world software with millions of lines of code poses colossal engineering challenges. The tutorial will bring out the challenges and expose an innovative approach to address those challenges. The exposition will use real world examples of detection of sophisticated malware and verification of the Linux kernel.
Shamik Sural Professor, Computer Science and Engineering
Attribute Based Access Control (ABAC): Recent Advances and Future Directions
In this half-day tutorial, we will first introduce the basic concepts of access control and take the audience through a brief history of the development of various access control models. In the process, we will highlight some of the shortcomings of existing models, thereby motivating the need for the development of Attribute Based Access Control (ABAC). The various components of ABAC will next be presented and its relationship with existing models like Discretionary Access Control (DAC), Mandatory Access Control (MAC) and Role Based Access Control (RBAC) will be established. Using illustrative examples, we plan to explain how access control policies are specified in ABAC and access decisions are taken when a resource access request is made by a user. Finally, we will give an overview of ongoing research in various aspects of ABAC and identify several directions for carrying out further work in this exciting field. Specifically, topics like model standardization, policy mining, security analysis, etc., are being planned to be covered in this tutorial. For the benefit of young researchers and students, pointers will be provided to various online resources as well as list of conferences, workshops and journals where research results in this field are disseminated.