Security Research of Michael Huth

The strategic and long-term aim of my security research is to develop and invent foundations for security engineering that incorporate models of systems and users as an integral part of system development, validation, and deployment.

My recent security research considers the policy-based approach to authorization. This work ranges from the design, validation, and optimization of policy languages to the modeling and verification of access-control systems. In particular, I am studying how access control interacts with relationships in social networks and with process-aware information systems and their compliance.

Papers

• Bruns G., Huth M., and Avijit K., Program synthesis in administration of higher-order permissions, ACM SACMAT Symp. 2011: 41-50
• Bruns G., and Huth M., Access Control via Belnap Logic: Intuitive, Expressive, and Analyzable Policy Composition, ACM Trans. Inf. Syst. Secur. 14(1): 9 (2011)
• Crampton J., and Huth M., A Framework for the Modular Specification and Orchestration of Authorization Policies, Aura T. ed (Springer), 2010, (Proc. 15th Nordic Conf. on Secure IT Systems), to appear
• Crampton J., and Huth M., An Authorization Framework Resilient to Policy Evaluation Failure Gritzalis D. and Preneel B. ed (Springer), 2010, (Proc. 15th European Symposium on Research in Computer Security, 2010)
• Huth M., Formal Methods and Access Control in "Encyclopedia of Cryptography and Security, 2nd Edition" Henk C.A. van Tilborg, Sushil Jajodia ed (Springer, Heidelberg) 2010.
• Crampton J. and Huth M., Towards an Access-Control Framework for Countering Insider Threats in Insider Threats in Cybersecurity - And beyond Probst C. et. al. ed (Springer, Heidelberg) 2010.
• Bruns G. and Huth M., Access-Control Policies via Belnap Logic: Effective and Efficient Composition and Analysis Sabelfeld A. ed (IEEE Computer Society Press), 2008, 163-176. (Proc. 21st IEEE Computer Security Foundations Symposium, 2008)
• Crampton J. and Huth M., Detecting and Countering Insider Threats: Can Policy-Based Access Control Help? De Capitani di Vimercati S. and Kuesters R. ed (Electr. Notes in Theo. Comp. Sci.) (Proc. of 5th Int'l Workshop on Security and Trust Management, September 2009)
• Bruns G., Dantas D. S., and Huth M., A simple and expressive semantic framework for policy composition in access control Gligor V. D. and Mantel H. ed (ACM Press, New York) 2007, 12-21. (Proc. 5th ACM workshop on Formal Methods in Security Engineering: From Specifications to Code, 2007)

Resources

• Departmental Security Research

Books

• Huth M., Secure Communicating Systems: design, analysis, and implementation, Cambridge University Press, 2001.

Program Committees

• Fifth International Conference on Network and System Security 2001
• ACM Symposium on Access Control Models and Technologies 2011
• International Workshop in Information Security Theory and Practice 2011
• International Conference on Security and Cryptography 2010
• International Workshop in Information Security Theory and Practices 2010
• International Workshop on Security and Trust Management 2009