Computer systems must be reliable. TRL actively advances security and privacy functionality to make computer systems more reliable for users. We also are promoting technological development that takes into account all aspects of systems, development, and operation to ensure computer systems are compliant with all necessary standards.
Competency fields
Trusted Computing and Trusted Virtual Domains
In today's IT environments, it is difficult to protect sensitive information from malware or human misbehaviors, since information at different security levels may be handled on each computing platform. The Trusted Virtual Domains (TVD) project aims at building a policy governance framework to address various compliance requirements in distributed enterprise IT environments. The basic concept of TVD includes information flow control technology by taking the data provenance into account, and establishing virtual domains based on the verified states and policies of each platform in order to solve the problems of existing IT computing environments in a comprehensive manner.
XML Access Control
XML is playing an important business role for the Internet. The XML Access Control project focuses on research into security models for XML data, in particular for finer-grained and context-dependent access control technologies. Our first research product, XACL (XML Access Control Language), became the technology base of the OASIS XACML international standard, which has a broad scope over access control policies. We are also focusing on performance and memory optimization techniques for the security policy enforcement points.
XML Access Control
XML & Security
Operation Monitoring and Access Control in Client PCs
Our research aims at providing new comprehensive mechanisms to enforce security policies at the client's side of the computing environ-ment. Our approach is based on hooking system-wide APIs and provid-ing real-time feedback for sharing between multiple processes, which enables fine-grained policy control without depending on applications. By this means, we can enforce flexible and context-aware add-on policies for existing applications.
Personal Information Detection Engine
Our research aims at providing new comprehensive mechanisms to enforce security policies at the client's side of the computing environ-ment. Our approach is based on hooking system-wide APIs and provi-ding real-time feedback for sharing between multiple processes, which enables fine-grained policy control without depending on applications. By this means, we can enforce flexible and context-aware add-on policies for existing applications.
Web 2.0 Security
Web 2.0 technologies, including Ajax and mashup, are part of a new trend that supports rapidly changing business environments. At the same time, there are increasing threats to these Web applications due to their service composition using mashup, user generated content, and rich applications. Our research focuses on analyzing the security threats of Web 2.0 and develops mitigation technologies such as a secure mashup programming models, attack detection and prevention techniques, and browser security models.
