Usable Security With Constraint Satisfaction
Presenter
Gary Levin, Telcordia Technologies
Time
Session III - 1:30am - 3:00pm
Abstract
There is an inherent tension between usability and security. The former is about enabling desirable behavior whereas the latter is about preventing undesirable behavior. Incorrect resolution of this tension can disable mission-critical services and potentially cause as much harm as allowing an adversary access to those services. This talk presents the ConfigAssure system for automatically resolving this tension. Usability and security requirements are specified as constraints and a constraint solver is used to compute a solution to their conjunction. If constraints are solvable, a solution is found that is guaranteed to satisfy both usability and security requirements. If constraints are unsolvable, a typically small unsolvable subset of these is computed. Solvability is restored by removing one or more constraints from this subset. ConfigAssure is implemented with Kodkod, a SAT-based model finder. ConfigAssure’s scalability derives from partially evaluating a constraint from available configuration information, and transforming it into an equivalent quantifier-free form that truly requires the power of model-finding. The talk also present a new type of user interface in the form of a deductive spreadsheet. ConfigAssure is being trialed at a major enterprise to set up a collaboration infrastructure.
Presentation
Download (PPT, 2.1 MB)