POLLUX: Enhancing the Quality of Service of the Global Information Grid

Principal Investigator: Michael Reiter 
Funding Agency: Vanderbilt University/AFSOR 
Agency Number: 18824-S2

Abstract
The support provided by the AFRL/IF Pollux project has contributed to the development of new distributed algorithms for assembling formal proofs that requests comply with access control policy.   Resource monitors can then easily check these proofs when deciding whether to grant or deny requests.  These proofs are built in a formal authorization logic, from digitally signed credentials that may be located at disparate components in a distributed system or that may even be created on the critical path of a request to perform an access.   As such, the algorithms we have developed enable needed credentials to be sought out or, if they do not yet exist, to guide human users to create the most effective credentials for the request at hand.

Our advances in proof-generation algorithms during the initial stages of this research project have been substantial.   However, it remains the case that some steps of the proof-generation process can slower than is required by performance-sensitive applications, particularly if a human must consent to the creation of credentials on the critical path of that access.   To eliminate these costs from the critical path of time-sensitive requests, we propose to develop a collection of principled approaches for predicting accesses based on histories of prior accesses, and for predicting what credentials will be needed for such accesses and collecting them in advance.  If successful, we believe we can eliminate substantial proof-generation costs from the critical paths of accesses.