Joe Pato | Massachusetts Institute of Technology (MIT) (original) (raw)
Papers by Joe Pato
Google, Inc. (search), Subscribe (Full Service), Register (Limited Service, Free), Login. Search:... more Google, Inc. (search), Subscribe (Full Service), Register (Limited Service, Free), Login. Search: The ACM Digital Library The Guide. ...
Digest of Papers. COMPCON Spring 88 Thirty-Third IEEE Computer Society International Conference, 1988
security, access control, policy, validation Coordinating security seamlessly across an enterpris... more security, access control, policy, validation Coordinating security seamlessly across an enterprise is a challenge. Enterprises deploy multiple access control mechanisms at different technology layers; each mechanism is painstakingly configured and maintained using specialized user interfaces, most likely by different administrators in different organizations at different sites, perhaps employing different notions of users and roles. This piecemeal approach makes security management labor-intensive and, therefore, expensive, error-prone and slow to adapt. We present a model-driven technique for automated policy-based access analysis. Based on the ideas presented in this paper, we have built a prototype, the Integrated Security Management (ISM) system which, given the security configurations of hosts, applications and network devices, automatically validates whether the enterprise is in compliance with high-level enterprise access policy. The system relies on composable models that ca...
Digital identities, profiles and their management are increasingly required to enable interaction... more Digital identities, profiles and their management are increasingly required to enable interactions and transactions on the Internet among people, enterprises, service providers and government institutions.
Abstract—Private data of individuals is constantly being collected, analyzed, and stored by diffe... more Abstract—Private data of individuals is constantly being collected, analyzed, and stored by different kinds of organizations: shopping sites to provide better service and recommendations, hospitals for improved healthcare, and government agencies to enable national defense and law enforcement. Sharing data between these organizations makes it possible to discover important knowledge and draw useful conclusions but raises concerns about information privacy and trust. Until recently the focus was on restricting access to data on a “need to know ” basis, but since the 9/11 Commission there has been a paradigm shift to “need to share”. Our work explores the use of semantic privacy policies, justifications for data requests, and automated auditing to encourage sharing of sensitive data between organizations. We describe an architecture based on our policy tools that evaluates incoming queries against semantic policies and domain knowledge and provides a justification for each query- why ...
Identity management plays a key role in enabling personal, business and government activities alo... more Identity management plays a key role in enabling personal, business and government activities along with interactions and transactions in the digital world. The “chapter 1” of identity management is about the current paradigm, i.e., multiple, slightly integrated products and solutions for relatively static, closed and well controlled environments. It involves little integration, at the management level, with the management of other aspects such as security, privacy and trust. Current trends suggest that the digital world is going to be more and more flexible, interconnected and open. The boundaries between enterprises, organizations, societies and governments will become increasingly blurry as people play different roles in multiple activities that span across heterogeneous contexts. Identity management needs to evolve. We believe that the “chapter 2” of identity management is about adaptive identity management i.e., open, flexible, policydriven, context-aware identity management th...
This paper presents a distributed authorisation model suitable for use in a web service framework... more This paper presents a distributed authorisation model suitable for use in a web service framework where multiple parties are involved in performing a particular transaction. The authorisation model uses a third party authorisation service that checks users or services' credentials against a set of authorisation policies. A traditional service provision model does not scale well for such transactions. The proposed model uses a hardware security appliance to deliver the service to the most appropriate site involved in the transaction. The authorisation model supports a multi-party session so that authorisation policies can be checked and built as part of the web service composition process.
Traditionally, identity management has been a core component of system security environments wher... more Traditionally, identity management has been a core component of system security environments where it has been used for the maintenance of account information for login access to a system or a limited set of applications. An administrator issues accounts so that resource access can be restricted and monitored. Control has been the primary focus for identity management. More recently, however, identity management has exploded out of the sole purview of information security professionals and has become a key enabler for electronic business.
This paper presents a distributed authorisation model suitable for use in a web service framework... more This paper presents a distributed authorisation model suitable for use in a web service framework where multiple parties are involved in performing a particular transaction. The authorisation model uses a third party authorisation service that checks users or services’ credentials against a set of authorisation policies. A traditional service provision model does not scale well for such transactions. The proposed model uses a hardware security appliance to deliver the service to the most appropriate site involved in the transaction. The authorisation model supports a multi-party session so that authorisation policies can be checked and built as part of the web service composition process.
ABSTRACT This paper presents a distributed authorisation model suitable for use in a web service ... more ABSTRACT This paper presents a distributed authorisation model suitable for use in a web service framework where multiple parties are involved in performing a particular transaction. The authorisation model uses a third party authorisation service that checks users or services' credentials against a set of authorisation policies. A traditional service provision model does not scale well for such transactions. The proposed model uses a hardware security appliance to deliver the service to the most appropriate site involved in the transaction. The authorisation model supports a multi-party session so that authorisation policies can be checked and built as part of the web service composition process.
Page 1. CHALLENGES AND OPPORTUNITIES RESEARCH COUNCIL OF THE NATIONAL ACADEMIES Page 2. Joseph N.... more Page 1. CHALLENGES AND OPPORTUNITIES RESEARCH COUNCIL OF THE NATIONAL ACADEMIES Page 2. Joseph N. Pato and Lynette I. Millett, Editors Whither Biometrics Committee Computer Science and Telecommunications ...
The Field Programming Environment: A Friendly Integrated Environment for Learning and Development, 1995
All the interfaces in FIELD are based on a set of tools developed at Brown University for worksta... more All the interfaces in FIELD are based on a set of tools developed at Brown University for workstation programming. This toolkit, the Brown Workstation Environment or BWE for short, was originally designed to support PECAN and BALSA, extended and extensively rewritten to support GARDEN, and then extended to support FIELD. In the interim it has been used for a variety of other projects.
Google, Inc. (search), Subscribe (Full Service), Register (Limited Service, Free), Login. Search:... more Google, Inc. (search), Subscribe (Full Service), Register (Limited Service, Free), Login. Search: The ACM Digital Library The Guide. ...
Digest of Papers. COMPCON Spring 88 Thirty-Third IEEE Computer Society International Conference, 1988
security, access control, policy, validation Coordinating security seamlessly across an enterpris... more security, access control, policy, validation Coordinating security seamlessly across an enterprise is a challenge. Enterprises deploy multiple access control mechanisms at different technology layers; each mechanism is painstakingly configured and maintained using specialized user interfaces, most likely by different administrators in different organizations at different sites, perhaps employing different notions of users and roles. This piecemeal approach makes security management labor-intensive and, therefore, expensive, error-prone and slow to adapt. We present a model-driven technique for automated policy-based access analysis. Based on the ideas presented in this paper, we have built a prototype, the Integrated Security Management (ISM) system which, given the security configurations of hosts, applications and network devices, automatically validates whether the enterprise is in compliance with high-level enterprise access policy. The system relies on composable models that ca...
Digital identities, profiles and their management are increasingly required to enable interaction... more Digital identities, profiles and their management are increasingly required to enable interactions and transactions on the Internet among people, enterprises, service providers and government institutions.
Abstract—Private data of individuals is constantly being collected, analyzed, and stored by diffe... more Abstract—Private data of individuals is constantly being collected, analyzed, and stored by different kinds of organizations: shopping sites to provide better service and recommendations, hospitals for improved healthcare, and government agencies to enable national defense and law enforcement. Sharing data between these organizations makes it possible to discover important knowledge and draw useful conclusions but raises concerns about information privacy and trust. Until recently the focus was on restricting access to data on a “need to know ” basis, but since the 9/11 Commission there has been a paradigm shift to “need to share”. Our work explores the use of semantic privacy policies, justifications for data requests, and automated auditing to encourage sharing of sensitive data between organizations. We describe an architecture based on our policy tools that evaluates incoming queries against semantic policies and domain knowledge and provides a justification for each query- why ...
Identity management plays a key role in enabling personal, business and government activities alo... more Identity management plays a key role in enabling personal, business and government activities along with interactions and transactions in the digital world. The “chapter 1” of identity management is about the current paradigm, i.e., multiple, slightly integrated products and solutions for relatively static, closed and well controlled environments. It involves little integration, at the management level, with the management of other aspects such as security, privacy and trust. Current trends suggest that the digital world is going to be more and more flexible, interconnected and open. The boundaries between enterprises, organizations, societies and governments will become increasingly blurry as people play different roles in multiple activities that span across heterogeneous contexts. Identity management needs to evolve. We believe that the “chapter 2” of identity management is about adaptive identity management i.e., open, flexible, policydriven, context-aware identity management th...
This paper presents a distributed authorisation model suitable for use in a web service framework... more This paper presents a distributed authorisation model suitable for use in a web service framework where multiple parties are involved in performing a particular transaction. The authorisation model uses a third party authorisation service that checks users or services' credentials against a set of authorisation policies. A traditional service provision model does not scale well for such transactions. The proposed model uses a hardware security appliance to deliver the service to the most appropriate site involved in the transaction. The authorisation model supports a multi-party session so that authorisation policies can be checked and built as part of the web service composition process.
Traditionally, identity management has been a core component of system security environments wher... more Traditionally, identity management has been a core component of system security environments where it has been used for the maintenance of account information for login access to a system or a limited set of applications. An administrator issues accounts so that resource access can be restricted and monitored. Control has been the primary focus for identity management. More recently, however, identity management has exploded out of the sole purview of information security professionals and has become a key enabler for electronic business.
This paper presents a distributed authorisation model suitable for use in a web service framework... more This paper presents a distributed authorisation model suitable for use in a web service framework where multiple parties are involved in performing a particular transaction. The authorisation model uses a third party authorisation service that checks users or services’ credentials against a set of authorisation policies. A traditional service provision model does not scale well for such transactions. The proposed model uses a hardware security appliance to deliver the service to the most appropriate site involved in the transaction. The authorisation model supports a multi-party session so that authorisation policies can be checked and built as part of the web service composition process.
ABSTRACT This paper presents a distributed authorisation model suitable for use in a web service ... more ABSTRACT This paper presents a distributed authorisation model suitable for use in a web service framework where multiple parties are involved in performing a particular transaction. The authorisation model uses a third party authorisation service that checks users or services' credentials against a set of authorisation policies. A traditional service provision model does not scale well for such transactions. The proposed model uses a hardware security appliance to deliver the service to the most appropriate site involved in the transaction. The authorisation model supports a multi-party session so that authorisation policies can be checked and built as part of the web service composition process.
Page 1. CHALLENGES AND OPPORTUNITIES RESEARCH COUNCIL OF THE NATIONAL ACADEMIES Page 2. Joseph N.... more Page 1. CHALLENGES AND OPPORTUNITIES RESEARCH COUNCIL OF THE NATIONAL ACADEMIES Page 2. Joseph N. Pato and Lynette I. Millett, Editors Whither Biometrics Committee Computer Science and Telecommunications ...
The Field Programming Environment: A Friendly Integrated Environment for Learning and Development, 1995
All the interfaces in FIELD are based on a set of tools developed at Brown University for worksta... more All the interfaces in FIELD are based on a set of tools developed at Brown University for workstation programming. This toolkit, the Brown Workstation Environment or BWE for short, was originally designed to support PECAN and BALSA, extended and extensively rewritten to support GARDEN, and then extended to support FIELD. In the interim it has been used for a variety of other projects.