|
 |
Hongxin Hu
Ph.D. Student / Research
Assistant
Department of Software and Information
System
University of North Carolina at Charlotte |
Research Interests
- Access control models and mechanisms
- Verification and validation of access control model and policies
- Secure software engineering (automatic analysis and realization of
security model and polices)
- Security in social network
- Security in future home network
- Network and system security
Education
- Spring 2006 – Present Ph.D. student in Department of
Software and Information System,
University of North Carolina at Charlotte, USA
- Advisor: Dr. Gail-Joon Ahn
- Tentative dissertation title: Assurance Management
Framework for Access Control
- August 2002 Master of Science in Computer
Science, China University of Geosciences, P.R. China
- August 1997 Bachelor of Science in
Computer Science, China University of Geosciences, P.R. China
Current Research
Activities
Ø
These works are
partially supported by the grants (PI – Dr. Gail-Joon Ahn) from National
Science Foundation (NSF-IIS-0242393, NSF-DUE-0416042), Department of Energy
CAREER Award (DE-FG02-03ER25565) and Department of Defense (H98230-04-1-0210).
- Automatic Analysis and Realization of Access Control Model and Polices
There still exists an open question on how to
build secure software and information systems. This project focuses on
applying security models and policies in secure software development. We
develops a novel framework, Assurance Management Framework (AMF) , to
integrate the representation of security model, the specification of policy,
the validation of both security model and policy, and automatic generation of
security enforcement codes. We implements a proof-of-concept prototype of tool
set, RBAC Authorization Environment (RAE) and RBAC Authorization Simulation
System (RASS), that facilitates existing software engineering mechanisms to
achieve aforementioned features of our framework. We demonstrate our approach
using NIST/ANSI standard for RBAC. With the help of our tool support, the
standard can be defined using the composition of Unified Modeling Language (UML)
and Object Constraints Language (OCL). Through using a special constraint
language, Role-based Constraint Language 2000 (RCL2000), which can be
translated to OCL, more fine-granted constraints can be specified and enforced
in the standard. The standard model for RBAC and corresponding constraints can
be validated further to avoid conflicts and errors in the design of the
system. Additionally, our tool set can facilitate to generate security
enforcement modules automatically, and evaluate the generated security modules
and analyze concrete security configurations under simulation. Currently, we
are enhancing the framework to support automatic policy analysis and automatic
test generation, and using a formal verification technique, SAT solver, to
demonstrate the possibility of the enhancement. In the future, we plan to
support the specification and analysis of more complicated policies, such as
context-aware policy. A more generic role-based constraint language should be
designed, and other formal verification techniques, such as model checking and
theorem proving, will be used in our framework.
- Security-enhanced OSGi Service Environments
OSGi service platform as the core platform installed at the border of home
networks need provide a strong authorization mechanism for various home
devices and services. The current OSGi authorization mechanism, however, uses
a relatively sample access control model which is not enough to satisfy the
security requirement for dynamic and open OSGi environment. This project is to
design an innovative access control framework for OSGi-enabled home network
environment. We accommodated features of RBAC model in our approach. A
prototype has been implemented by using an open source OSGi framework, called
Knopflerfish.
- Trust-aware Access Management for Ad-hoc Collaborations
In a dynamic collaborative sharing environment, attribute-based access
control provides a promising approach in defining authorization over shared resources based on users' properties/attributes other than their identities. While the user's
attributes are always asserted by different authorities in the form of credentials,
these authorities may not be accepted by the resource owner with the same degree of trust. In
this project, we present a trust-aware role-based authorization framework to address both
the access control and the trust management issues in such ad-hoc collaboration
environment.
Selected Publications
(1) Conferences and Workshops:
- Hongxin Hu and Gail-Joon Ahn, “Enabling
Verification and Conformance Testing for Access Control Model”,
In Proceedings of 13th ACM Symposium on Access Control Models And Technologies
(SACMAT), Estes Park, Colorado, USA, June 11-12, 2008.
- Jing
Jin, Gail-Joon Ahn, Mohammed Shehab and Hongxin Hu, “Towards Trust-aware Access
Management for Ad-hoc Collaborations”, In Proceedings of the 3rd
International Conference on Collaborative Computing,
IEEE, New York, November 12-15, 2007. [PDF]
- Gail-Joon Ahn and Hongxin Hu, "Towards Realizing a Formal RBAC Model in Real Systems" ,
In Proceedings of 12th ACM Symposium on Access Control Models
And Technologies (SACMAT), Sophia Antipolis, France, June 20-22, 2007.
[PDF]
(2)
Submitted papers:
- Gail-Joon Ahn, Hongxin Hu and Jing Jin, “Security-enhanced OSGi Service Environments”, submitted to
IEEE Transactions on Systems, Man, and Cybernetics, Part C: Applications and
Reviews.
(3) Journals in process:
- Gail-Joon Ahn and Hongxin Hu, “Automatic Analysis, Realization
and Conformance Testing
of Access Control Model and Polices”, manuscript to be submit to ACM
Transactions on Information and System Security.
(4) Technical
Reports:
- Gail-Joon Ahn, Hongxin Hu, and Jing Jin, “Towards Security-enhanced OSGi Service Environments”, Technical Report, College of Computing and
Informatics, UNC Charlotte, Fall 2007.
More publications can be found here.
Main Experiences
- PhD student and research assistant, Department of Software and
Information Systems, University of North Carolina at Charlotte, Spring
2006-present
- Visiting scholar, Department of Software and Information Systems,
University of North Carolina at Charlotte, 2005
- Lecturer, College of Computer, China University of Geosciences, 2002-2005
- Assistant, College of Computer, China University of Geosciences,
1997-2002
Courses Taught
- Computer Network
- Network-Based Application Development
- Software engineering
- Network Security,
- Network engineering
- Computer Architecture
Professional Activities
- Conference
Paper Reviewer, ACM Conference on Computer and Communications Security
(CCS), 2007
- Conference Paper Reviewer, ACM Symposium on Access Control Models
And Technologies (SACMAT), 2006, 2007, 2008
- Conference Paper Reviewer, ACM Symposium on InformAtion, Computer
and Communications Security (ASIACCS), 2007
- Conference Paper Reviewer, ACM Symposium on Applied Computing
(SAC)--Computer Security Track, 2007, 2008
- Journal Paper Reviewer, ACM Transactions on Software Engineering and
Methodology, 2006
- Journal Paper Reviewer, IEEE Transactions on Knowledge and Data
Engineering, 2008
Honors/Awards
- First Class of Undergraduate Academic Technology Competition, Hubei
Province, China, 1997
- New Teacher for Teaching Award, China University of Geosciences, 2000
- Young Teacher for Excellent Teaching Award, Department of Computer
Science and Technology, China University of Geosciences, 2000
- Model in the three aspects of education, China University of
Geosciences, 2001
- Excellent teacher in charge of a class, Department of Computer Science
and Technology, China University of Geosciences, 2001, 2002
- Young Teacher for Excellent Teaching Award, China University of
Geosciences, 2004
- Nominated for IBM PhD Fellowship,
University of North Carolina at Charlotte, 2007
Useful Resources
