Visible to the public Biblio

Filters: Author is Chari, Suresh  [Clear All Filters]
2020-01-21
Gunasinghe, Hasini, Kundu, Ashish, Bertino, Elisa, Krawczyk, Hugo, Chari, Suresh, Singh, Kapil, Su, Dong.  2019.  PrivIdEx: Privacy Preserving and Secure Exchange of Digital Identity Assets.. The World Wide Web Conference. :594–604.
User's digital identity information has privacy and security requirements. Privacy requirements include confidentiality of the identity information itself, anonymity of those who verify and consume a user's identity information and unlinkability of online transactions which involve a user's identity. Security requirements include correctness, ownership assurance and prevention of counterfeits of a user's identity information. Such privacy and security requirements, although conflicting, are critical for identity management systems enabling the exchange of users' identity information between different parties during the execution of online transactions. Addressing all such requirements, without a centralized party managing the identity exchange transactions, raises several challenges. This paper presents a decentralized protocol for privacy preserving exchange of users' identity information addressing such challenges. The proposed protocol leverages advances in blockchain and zero knowledge proof technologies, as the main building blocks. We provide prototype implementations of the main building blocks of the protocol and assess its performance and security.
2017-09-26
Chen, Haining, Chowdhury, Omar, Li, Ninghui, Khern-am-nuai, Warut, Chari, Suresh, Molloy, Ian, Park, Youngja.  2016.  Tri-Modularization of Firewall Policies. Proceedings of the 21st ACM on Symposium on Access Control Models and Technologies. :37–48.

Firewall policies are notorious for having misconfiguration errors which can defeat its intended purpose of protecting hosts in the network from malicious users. We believe this is because today's firewall policies are mostly monolithic. Inspired by ideas from modular programming and code refactoring, in this work we introduce three kinds of modules: primary, auxiliary, and template, which facilitate the refactoring of a firewall policy into smaller, reusable, comprehensible, and more manageable components. We present algorithms for generating each of the three modules for a given legacy firewall policy. We also develop ModFP, an automated tool for converting legacy firewall policies represented in access control list to their modularized format. With the help of ModFP, when examining several real-world policies with sizes ranging from dozens to hundreds of rules, we were able to identify subtle errors.

2017-08-22
Chen, Haining, Chowdhury, Omar, Li, Ninghui, Khern-am-nuai, Warut, Chari, Suresh, Molloy, Ian, Park, Youngja.  2016.  Tri-Modularization of Firewall Policies. Proceedings of the 21st ACM on Symposium on Access Control Models and Technologies. :37–48.

Firewall policies are notorious for having misconfiguration errors which can defeat its intended purpose of protecting hosts in the network from malicious users. We believe this is because today's firewall policies are mostly monolithic. Inspired by ideas from modular programming and code refactoring, in this work we introduce three kinds of modules: primary, auxiliary, and template, which facilitate the refactoring of a firewall policy into smaller, reusable, comprehensible, and more manageable components. We present algorithms for generating each of the three modules for a given legacy firewall policy. We also develop ModFP, an automated tool for converting legacy firewall policies represented in access control list to their modularized format. With the help of ModFP, when examining several real-world policies with sizes ranging from dozens to hundreds of rules, we were able to identify subtle errors.