Keith Irwin

On the management of user obligations

This paper is part of a project investigating authorization systems that assign obligations to users. We are particularly interested in obligations that require authorization to be performed and that, when performed, may modify the authorization state. In this context, a user may incur an obligation she is unauthorized to perform. Prior work has introduced a property of the authorization system state that ensures users will be authorized to fulfill their obligations. We call this property accountability because users that fail to perform authorized obligations are accountable for their non-performance. While a reference monitor can mitigate violations of accountability, it cannot prevent them entirely. This paper presents techniques to be used by obligation system managers to restore accountability. We introduce several notions of dependence among pending obligations that must be considered in this process. We also introduce a novel notion we call obligation pool slicing, owing to its similarity to program slicing. An obligation pool slice identifies a set of obligations that the administrator may need to consider when applying strategies proposed here for restoring accountability. The paper also presents the system architecture of an authorization system that incorporates obligations that can require and affect authorizations.

Toward practical authorization-dependent user obligation systems

Many authorization system models include some notion of obligation. Little attention has been given to user obligations that depend on and affect authorizations. However, to be usable, the system must ensure users have the authorizations they need when their obligations must be performed. Prior work in this area introduced accountability properties that ensure failure to fulfill obligations is not due to lack of required authorizations. That work presented inconclusive and purely theoretical results concerning the feasibility of maintaining accountability in practice. The results of the current paper include algorithms and performance analysis that support the thesis that maintaining accountability in a reference monitor is reasonable in many applications.

A course gamification platform supporting student motivation and engagement

Gamification - the use of game design elements in non-game contexts - has seen rapid adoption in various areas in recent years. Its application in education is particularly promising, due to its potential to shape user behavior in desirable directions through increasing user motivation and engagement. This work-in-progress paper presents a course gamification platform aimed at supporting instructors to gamify courses that target skill development, such as computing-related courses.

Ensuring authorization privileges for cascading user obligations

User obligations are actions that the human users are required to perform in some future time. These are common in many practical access control and privacy and can depend on and affect the authorization state. Consequently, a user can incur an obligation that she is not authorized to perform which may hamper the usability of a system. To mitigate this problem, previous work introduced a property of the authorization state, accountability, which requires that all the obligatory actions to be authorized when they are attempted. Although, existing work provides a specific and tractable decision procedure for a variation of the accountability property, it makes a simplified assumption that no cascading obligations may happen, i.e., obligatory actions cannot further incur obligations. This is a strong assumption which reduces the expressive power of past models, and thus cannot support many obligation scenarios in practical security and privacy policies. In this work, we precisely specify the strong accountability property in the presence of cascading obligations and prove that deciding it is NP-hard. We provide for several special yet practical cases of cascading obligations (i.e., repetitive, finite cascading, etc.) a tractable decision procedure for accountability. Our experimental results illustrate that supporting such special cases is feasible in practice.

Avoiding information leakage in security-policy-aware planning

In early computer systems only simple actions would be governed by security policies. However, computers are increasingly handling complex organizational tasks which may have complex preconditions and postconditions. As such, it is useful to be able to plan and schedule actions in advance in order to ensure that desired actions will be able to be carried out without violating the security policy. However, there is a possibility that planning systems could accidentally leak information about future plans which should be kept confidential. In this paper, we investigate how sensitive information could be leaked by a planning system which uses security policies to ensure that planned actions will be able to occur. We formally define information leakage in this context. Then we present two techniques which can be used to mitigate or eliminate this information leakage and prove their security.

On the design of an educational game for a Data Structures course

In this paper we present work-in-progress on developing an educational game for teaching Stacks as part of a Data Structures course. We first present a review of the published related work and then describe our approach to the development of the Stack game. As an essential part of the design, we discuss in detail the requirements to the game. We also describe the developed parts of this intriguing puzzle game with realistic 3D graphics that covers all aspects of teaching the Stack data structure, from concept to use to implementation.

Open Extensible System for Dynamic Problem Creation for Computer Science (Abstract Only)

There is good evidence that students learn better when given more opportunity to practice skills using related problems. However, this requires a sufficient supply of automatically graded problems to enable instant feedback. This can be achieved through automating the process of problem generation. While a few dynamic problem generation systems exist, they are either very specific to a single topic (such as tools for automatic generation of parameterized questions for Java or C programming or they are intended for other disciplines and not easily adapted to the needs of Computer Science. We have developed a prototype system for authoring, administering, and grading dynamic problems. This system is specifically designed for computer science. To this end, it supports complex logic, calling external programs such as compilers or databases, and the creation and manipulation of figures and diagrams. Problems and useful code libraries can be created and shared between instructors. It is a web-based system where instructors can specify problems by combining static text or images with bits of Lua code which add dynamism. When students use the system, their answers will be graded automatically, and they will be able to see the results, thus giving them quicker feedback. This is an integrated portion of a larger gamified learning platform called OneUp which is under development and aims to combine hands-on practicing with additional game-like motivational mechanisms. The goal of both the larger platform and the dynamic problems in specific is to increase student engagement in the learning process.

OneUp Learning: A Course Gamification Platform

Gamification of education is still evolving. It lacks systematic studies assessing its effect in different contexts. Creating a gamified course is still time-consuming and design limited. As a response to these challenges, we developed OneUp Learning – a customizable platform aimed at facilitating the process of gamifying learning activities and enabling contextual studies. In this paper we present the platform architecture and its functionality, which includes support for integrating game design elements in learning activities, for creation of dynamic problems and for visualizing student performance and progress. At the end, we present a usability study of the platform and the assessment results from an end user perspective.

Redesigning Secure Protocols to Compel Security Checks

In the study of secure protocols, we must both ensure that the design of the protocol is secure and that the implementation is correct. One implementation problem which has frequently occurred is that implementations fail to implement some of the checks which are needed for the protocol to be secure. For example, implementations may fail to validate certificates or fail to validate all aspects of the certificate. In this paper, we demonstrate that it is possible to change the design of a protocol to compel the implementation to carry out the checks. We assume that programmers will always do at least what is necessary to read and produce properly formatted messages. Then we use some simple cryptography to ensure that reading properly formatted messages essentially requires checking the parameters.

The complexity and application of syntactic pattern recognition using finite inductive strings

We describe herein the results of implementing an algorithm for syntactic pattern recognition using the concept of Finite Inductive Sequences (FI). We discuss this idea, and then provide a big O estimate of the time to execute for the algorithms. We then provide some empirical data to support the analysis of the timing. This timing is critical if one wants to process millions of symbols from multiple sequences simultaneously. Lastly, we provide an example of the two FI algorithms applied to actual data taken from a gene and then describe some results as well as the associated data derived from this example.