Michiharu Kudo's Home Page

Profile

explanation of image

I am a researcher at IBM Tokyo Research Laboratory. My research interests include security policy, access control, trusted computing, and information governance. Please visit XML Access Control project, Trusted Computing project home pages. I chair the ACM Workshop on Information Security Governance 2009. My recent research interest is on theoretic models and technologies for managing governance and business integrity, where the notion of information provenance, accountability, and transparency are deeply involved.

Major Research Contribution

I am one of the founders of the XACML Technical Committee in the OASIS standardization organization. XACML is an extensible access control policy specification language which aims at being used in many security software products as a lingua franca for authorization. The XACML 2.0 specification was ratified as an OASIS standard in Feb 2005. The committee has been discussing XACML 3.0 specification. The XACML Specification has been widely accepted in many industries and governments. References are available from within XACML homepage. Some portions of the XACML specification is originated from our prior research projects XACL in TRL, some contributions include the security policy model with the notion of Obligation associated with access control policy, which is getting more and more interests among TC members and several industries, e.g. healthcare industry.

Publications

Journal Papers

Sanehiro Furuichi and Michiharu Kudo, "New Approach for Managing Access Control Policy for Multiple Interactive Applications", IPSJ Journal, Vol.49, No.9, pp. 3074-3084, Sep, 2008 (in Japanese).
Takuya Mishina, Yasuharu Katsuno, Sachiko Yoshihama and Michiharu Kudo, "Document Management System Based On Mutli-level Security With Information Provenance", Vol.49, No.9, pp. 3062-3073, Sep, 2008 (in Japanese).
Sachiko Yoshihama, Michiharu Kudo and Kazuko Oyanagi, "Dynamic Approach of Language Level Information Flow Control, IPSJ Journal, Vol.48 No.9, pp. 3060-3072, Sep, 2007 (in Japanese).
Michiharu Kudo, Yoshio Araki, Hiroshi Nomiyama, Shin Saito and Yukihiko Sohda, "Best practices and tools for personal information compliance management", IBM Systems Journal, Volume 46, Number 2, pp.235-254, 2007.
Michiharu Kudo, "PBAC: Provision-based Access Control Model", International Journal for Information Security, Springer Verlag, Vol. 1, No. 2, pp. 116-130, February, 2002.
Michiharu Kudo and Satoshi Hada, "Access Control Model with Provisional Enforcement", IEICE Transactions on Fundamentals of Electronics, Communications and Computer Sciences, Vol. E84-A, No. 1, pp. 295-302, January 2001.
Michiharu Kudo, "Secure Electronic Sealed-Bid Auction Protocol with Public Key Cryptography", IEICE Transactions on Fundamentals of Electronics, Communications and Computer Sciences, Vol. E81-A, No. 1, pp. 20-27, January 1998.

International Conference Papers

Takuya Mishina, Sachiko Yoshihama and Michiharu Kudo, "Fine-grained Sticky Provenance Architecture for Office Documents", IWSEC 2007, November, 2007.
Sachiko Yoshihama, Takeo Yoshizawa, Yuji Watanabe, Michiharu Kudo, and Kazuko Oyanagi, "Dynamic Information Flow Control Architecture for Web Applications", 12th ESORICS, Sep, 2007.
Yasuharu Katsuno, Yuii Watanabe, Sanehiro Furuichi and Michiharu Kudo, "Chinese-Wall Process Confinement for Practical Distributed Coalition", 12th SACMAT, June 2007.
Yasuharu Katsuno, Yuji Watanabe, Sachiko Yoshihama, Takuya Mishina and Michiharu Kudo, "Layering Negotiations for Flexible Attestation", ACM Workshop on Scalable Trusted Computing (STC'06), Nov. 2006.
Yasuharu Katsuno, Michiharu Kudo, Yuji Watanabe, Sachiko Yoshihama, Ronald Perez, Reiner Sailer and Leendert van Doorn "Towards Multi Layer Trusted Virtual Domains", Workshop on Advances in Trusted Computing (WATC), Nov, 2006.
Yuji Watanabe, Sachiko Yoshihama, Takuya Mishina, Michiharu Kudo and Hiroshi Maruyama, "Bridging the Gap between Inter-Communication Boundary and Inside Trusted Components", 11th ESORICS, Sep. 2006.
Y. Katsuno, Y. Watanabe, S. Yoshihama, T. Mishina and M. Kudo, "Layering Negotiations for Flexible Attestation", First ACM Workshop on Scalable Trusted Computing (STC'06), Nov, 2006.
Naishin Seki, Michiharu Kudo, Jussy Myllymaki and Hamid Pirahesh, "A Function-Based Access Control Model for XML Databases", CIKM 2005, Oct. 2005.
Naishin Seki and Michiharu Kudo, "XML Access Control with Policy Matching Tree", 10th ESORICS, Sep, 2005
Naishin Seki and Michiharu Kudo, "Access-Condition-Table-based Access Control for XML Databases", 9th ESORICS, Sep. 2004.
Makoto Murata, Akihiko Tozawa, Michiharu Kudo and Satoshi Hada, "XML Access Control Using Static Analysis", 10th ACM Conference on Computer and Communication Security (CCS 2003), pp.73-84, Washington D.C., Oct, 2003.
Rui Zhang, Michiharu Kudo, Kanta Matsuura and Hideki Imai, "A Model for Signature Revocation", International Symposium on Information Theory and Its Applications, Xin, PRC, October 7, 2002.
Michiharu Kudo and Satoshi Hada, "XML Document Security Based On Provisional Authorization", 7th ACM Conference on Computer and Communication Security (CCS7), Nov. 3, 2000.
Sushil Jajodia, Michiharu Kudo and V. S. Subrahmanian, "Provisional Authorization", Workshop on Security and Privacy in E-Commerce, Nov. 5, 2000.
Michiharu Kudo and Anish Mathuria, "An Extended Logic for Analyzing Timed Release Public-Key Protocols", International Conference on Information and Communication Security (ICICS), Springer Verlag Lecture Notes in Computer Science, Nov. 11, 1999.
Michiharu Kudo, "Electronic Submission Protocol Based on Temporal Accountability", 14th Annual Computer Security Applications Conference (ACSAC), IEEE, Dec. 11, 1998.

Books

Naishin Seki and Michiharu Kudo, "Access Control Policy for XML", Handbook of Database Security : Applications and Trends, ed Gertz, Michael, et. al., Springer Verlag, 2007, ISBN:9780387485324
Naishin Seki and Michiharu Kudo, "Access Control Policy Models for XML", Security in Decentralized Data Management, ed Ting Yu et al., Springer Verlag, 2007, ISBN: 978-0-387-27694-6
Michiharu Kudo, "Access Control", IEICE, Ohmusha, 2004 (in Japanese), ISBN4-274-07980-5
Sushil Jajodia, Michiharu Kudo, and V. S. Subrahmanian, "Provisional Authorization", E-Commerce Security and Privacy, ed Anup Ghosh, Kluwer Academic Publishers, Boston, 2001.

Domestic Conferences and Workshops

23 papers

Academic Activities

Conference Organizer

ACM Workshop on XML Security in Conjunction with ACM CCS Conference, 2002 and 2003, Virgina, USA
Workshop on Advances in Trusted Computing (WATC), March and November, Tokyo, 2005
Workshop on Information Security Governance in Conjunction with ACM CCS Conference, November, Chicago, USA, 2009

Program Committee

IWSEC 2009
ESORICS 2008, IWSEC 2008, APTC 2008, ASIACCS 2008
ESORICS 2007, IWSEC 2007
IEEE S&P 2006, IWSEC 2006
ACM CCS 2001
ACM CCS 2000

Other Academic Activities

Editorial reviewer member of the International Journal of Digital Crime and Forensics (IJDCF)

Standardization

ISO/IEC JTC 1/SC 27/WG 2, Information Security: Working Group 2: Information Security Algorithms and Protocols, 2000-2002.
OASIS XACML, eXtensible Access Control Markup Language Technical Committee, 2001-2006.

University Activities

Tokyo Institute of Technology, Cooperation Professor, 2000-
University of Tsukuba, Visiting Professor, 2008-
Japan Advanced Institute of Science and Technology, Cooperation Professor, 2008-