Urs Hengartner

	Graduated PhD Student Computer Science Department Carnegie Mellon Current Web Page

(Yes, there is a story behind this picture. Two hints: First, the picture was taken on the Bruce Peninsula in Ontario, where, supposedly, there are bears. Second, it helps if you know a little Latin.)

Advisor: Peter Steenkiste

Research

Access control to information in pervasive computing environments:
For my Ph.D. Thesis, I investigated access control to information available in ubicomp environments in the context of Carnegie Mellon's Aura project. While access control has been researched extensively for filesystems or databases, additional challenges arise for ubicomp environments. For example, there are many sources of personal information, which makes it impractical for a single person to make decisions about and issue access rights to every available information item about her. I have developed techniques to reduce the number of access rights that individuals have to define. A central statement of my research is that it is possible to make relationships between information first-class citizens in access control. Information relationships simplify management of access rights and easily support concepts such as granularity-aware access control and access control to complex information. I have examined the types of information relationships important for ubicomp environments and formalized their establishment and usage in access control. In addition, I have implemented the proposed access control framework and evaluated its performance and complexity. Details are in this paper.
I have also examined approaches for distributing access control load. In distributed access control, a client needs to prove to an information source that it is authorized to access the requested information. However, conventional applications of proof-based access control can fail in a ubicomp environment. In particular, if access control is based on the semantics of information that a client is requesting, the client will not know how the required proof of access should look like. I have applied cryptographic primitives (i.e., hierarchical identity-based encryption) to overcome this problem. Details are in this paper.
Access rights to information can be constrained, that is, an access right is valid only if some conditions are satisfied. In ubicomp environments, these conditions can involve confidential information, such as a person's location. Therefore, being granted access and learning that a condition is fulfilled can lead to information leaks. I have developed techniques that enable (distributed) access control to take constraints on access rights into account, without leaking information. (Paper under submission.)
While my research has concentrated on distributed, proof-based access control, I have also investigated alternative approaches. Namely, I have explored encryption-based access control, where an information source encrypts information and gives the ciphertext to any client. Only authorized clients can decrypt the ciphertext. To study the feasibility of encryption-based access control, I have extended existing cryptographic primitives to fit the needs of a ubicomp environment. Details are in this paper.
In previous research, I examined security issues that arise if people can learn about each other's location. Moreover, I designed, implemented, and evaluated a secure people location system. Details are in this paper.
Complete List of Publications:
- Hengartner, U. and Steenkiste, P., Exploiting Hierarchical Identity-Based Encryption for Access Control to Pervasive Computing Information. Proc. of First IEEE/CreateNet International Conference on Security and Privacy for Emerging Areas in Communication Networks (SecureComm 2005), Athens, Greece, September 2005, pp. 384-393. [Abstract] [PDF (164K)] [Postscript (368K)].
  - Extended version: Hengartner, U. and Steenkiste, P., Exploiting Hierarchical Identity-Based Encryption for Access Control to Pervasive Computing Information. Technical Report CMU-CS-04-172, October 2004. [Abstract] [PDF (171K)] [Postscript (259K)].
- Hengartner, U., Access Control to Information in Pervasive Computing Environments. Ph.D. Thesis, available as Technical Report CMU-CS-05-160, Computer Science Department, Carnegie Mellon University, August 2005. [Abstract] [PDF ]
- Hengartner, U. and Steenkiste, P., Exploiting Information Relationships for Access Control. Proc. of Third IEEE International Conference on Pervasive Computing and Communications (PerCom 2005), Kauai Island, HI, March 2005, pp. 269-278. [Abstract] [PDF (134K)] [Postscript (223K)].
- Hengartner, U. and Steenkiste, P., Implementing Access Control to People Location Information. Proc. of 9th ACM Symposium on Access Control Models and Technologies (SACMAT 2004), Yorktown Heights, NY, June 2004, pp. 11-20. [Abstract] [PDF (218K)] [Postscript (226K)].
- Hengartner, U. and Steenkiste, P., Access Control to Information in Pervasive Computing Environments. Proc. of 9th Workshop on Hot Topics in Operating Systems (HotOS IX), Lihue, HI, May 2003, pp. 157-162. [Abstract] [PDF (58K)] [Postscript (109K)] [HTML (81K)].
- Hengartner, U. and Steenkiste, P., Protecting Access to People Location Information. Proc. of First International Conference on Security in Pervasive Computing (SPC 2003), Boppard, Germany, March 2003, pp. 25-38. [Abstract] [PDF (195K)] [Postscript (178K)].
- Hengartner, U. and Steenkiste, P., Protecting People Location Information (Extended Abstract). Workshop on Security in Ubiquitous Computing, Göteborg, Sweden, September 2002. [PDF (25K)] [Postscript (28K)].

Detection of routing loops in packet traces:
- Hengartner, U., Moon, S., Mortier R., and Diot, C., Detection and Analysis of Routing Loops in Packet Traces (Short Paper). Proc. of 2nd Internet Measurement Workshop (IMW 2002), Marseille, France, November 2002, pp. 107-112. [Abstract] [PDF (126K)] [Postscript (250K)]. An earlier version appeared as Sprint ATL Technical Report TR02-ATL-051005, January 2002.

Next-generation Web caches:
- Myers, A., Chuang, J., Hengartner, U., Xie, Y., Zhuang, W., and Zhang, H., A Secure, Publisher-Centric Web Caching Infrastructure. Proc. of IEEE Infocom 2001, Anchorage, AK, April 2001, pp. 1235-1243. [Abstract] [PDF (133K)] [Postscript (197K)] [Gnu-zipped Postscript (68K)].

Network-aware applications:
- Hengartner, U., Bolliger, J., and Gross, T., TCP Vegas Revisited. Proc. of IEEE Infocom 2000, Tel Aviv, Israel, March 2000, pp. 1546-1555. [Abstract] [PDF (94K)] [Postscript (173K)] [Gnu-zipped Postscript (53K)].
- Hemy, M., Hengartner, U., Steenkiste, P., and Gross, T., MPEG System Streams in Best-Effort Networks. Proc. of PacketVideo '99, New York, NY, April 1999. [Abstract] [Html] [Postscript (156K)].
- Bolliger, J., Gross, T., and Hengartner, U., Bandwidth Modelling for Network-Aware Applications. Proc. of IEEE Infocom '99, New York, NY, March 1999, pp. 1300-1309. [Abstract] [PDF (248K)] [Postscript (1.6M)] [Gnu-zipped postscript (200K)].
- Bolliger, J., Hengartner, U., and Gross, T., The Effectiveness of End-to-End Congestion Control Mechanisms. Technical Report #313. Dept. Computer Science, ETH Zürich, February 1999. [Abstract] [PDF (246K)] [Postscript (800K)] [Gnu-zipped postscript (151K)].

Personal

Friends:

Kate, Mahim, Mukesh, Rajesh

Pictures

Last Change: Sept 22, 2005

Urs Hengartner

Research

Complete List of Publications:

Personal