Posted on May 15, 2024 by UTSA School of Data Science
The UTSA School of Data Science (SDS) is hosting the 29th annual Symposium on Access Control Models and Technologies (SACMAT). The international symposium, presented by the Association for Computing Machinery (ACM), is a leading conference for the presentation and discussion of access control tools and techniques and general area of cybersecurity and privacy. The convention will be held from May 15-17 in the Weston Conference Center at San Pedro I.
This year, the symposium is chaired by Jianwei Niu, Ph.D., interim executive director of the school of data science, interim dean of university college, and professor of computer science.
“It is an honor for the School of Data Science to host this year’s symposium,” Niu said. “SACMAT is dedicated to research, professional collaboration, and the sharing of cybersecurity solutions that fulfill vital needs in our society, a commitment also shared by SDS and the greater tech community in San Antonio.”
But what is access control? In essence, it’s exactly what it sounds like, says Jaideep Vaidya, Ph.D., SACMAT program chair, distinguished professor of computer information systems at Rutgers University, and director of the Rutgers Institute of Data Science, Learning, and Applications.
“At its core, access control is just whether or not you should be allowed to do something,” Vaidya explained. “In the context of computer systems, this could include reading digital information, writing to a drive, executing programs, and so on.”
From smart refrigerators to satellites, virtually every modern device has some sort of controls in place dictating who can access its systems. In fact, if you’ve ever clicked “run as administrator” on your laptop, you’ve encountered something known as role-based access control – a model pioneered by Ravi Sandhu, Ph.D., the founder of ACM SACMAT, who also happens to be the director of the UTSA Institute for Cyber Security and Lutcher Brown Endowed Chair in cyber security.
With Sandhu announcing his retirement this year, the symposium’s second day will end with a special session celebrating his career and his legacy, chaired by Niu and Vaidya. After decades in the field, Sandhu’s contributions to computer security are almost legendary, says ACM Vice President and Samuel D. Conte Professor of Computer Science at Perdue University, Elisa Bertino, Ph.D.
“Perhaps his most important contribution was the notion of role-based access control,” Bertino said. “Then, over the years, he did a lot more fundamental work including cloud security, attribute-based access control, and so forth. The community and the research owe him a lot, and everyone recognizes that.”
This year marks the first time SACMAT has been hosted in San Antonio, making Sandhu’s celebration even more meaningful, Vaidya says.
“It’s just perfect how the stars have aligned,” he said. “It makes perfect sense that we would be able to celebrate his truly illustrious career and his humungous contributions to access control over the years. It brings everything full circle.”
Although it promises to be a heartfelt celebration of a storied career, Sandhu’s sendoff is not the conference’s only session of note. The first day of the symposium will end with a Women’s Networking Reception, sponsored by the ACM Special Interest Group on Security, Audit, and Control (SIGSAC) and chaired by Bertino and Vaidya. The event is open to all attendees and intended to encourage networking and recognize contributions to the field from a variety of sources.
“The idea is just to show that we as a community want to be as welcoming as possible,” Vaidya said. “We want to make sure that everyone’s voice is heard, and that we are able not just to network but recognize the strengths that everyone is bringing.”
While women have traditionally been underrepresented in computer science roles, Vaidya believes that the field of access control has historically been more open to women.
“Computer security, and this community in particular, is more fortunate than other fields in that we have many eminent female computer scientists working with us,” Vaidya notes.
This observation is echoed by Bertino, who believes that the study of access control attracts a more diverse group of minds.
“The area of access control has a lot to do with humans, with psychology, and social aspects,” she said, “so I think there is a variety of topics that can accommodate people with different backgrounds.”
But SACMAT isn’t just for celebrating the underrepresented or feting forerunners of the field. The conference is also the place for researchers to present their ongoing, unpolished work and solicit feedback from peers and mentors through its “work-in-progress track.” This openness to workshopping ongoing research projects helps set SACMAT apart from other professional conferences.
“SACMAT is unique in the sense that it’s a community that seeks to nurture ideas,” Vaidya said. “We really want to see cool ideas as early as we can. So, in that sense the work in progress track and the community is unique because we are perfectly fine hearing ideas that can potentially have a big impact even if they’re not fully fleshed out at this point in time.”
And the ideas developed at SACMAT do indeed have a big impact. By bringing together the world’s leading experts to tackle security and privacy concerns, the symposium has influenced not only academia, but government and industry as well. For example, the National Institute of Standards and Technology (NIST) has outlined best practices for access control as an outcome of previous SACMAT meetings. And with new developments in artificial intelligence (AI) and the increasing interconnectedness of devices, tackling issues of security and privacy at SACMAT will become even more important. Bertino likes to use AI as an example.
“Using large language models, now you can generate access control policies,” she explained. “For example, you can express your policies in natural language, and then a large language model can generate the actual code to implement those policies. So from that point of view, there will be a lot of work on automatically generating policies in the language of the system in which you need to put controls.”
But while improved technology can make security measures easier, it can also pose its own challenges. AI can write access control policies, but that makes securing its datasets even more important. Systems access can be granted based on time and physical location – restricting database access to employees in the office, during the workday, for example – but now there are issues of user privacy. It’s a game of cat and mouse, Vaidya says.
“There’s always emerging problems; the situations, environments, and technologies keep changing,” Vaidya said. “New technologies can provide new solutions but create new problems as well.”
Despite – or perhaps because of – these challenges, Bertino and Vaidya predict the symposium will continue to make vital contributions to the field of computer security far into the future.
“There are always going to be new things coming up, and I think in that sense the symposium and the whole study of access control is going to continue being important,” Vaidya said.
But one doesn’t have to be a computer scientist at a professional conference to care about access control. At the end of the day, Vaidya notes, the security of our devices and the privacy of our data is up to us.
“I want to encourage everyone to learn more about security and privacy; there’s so many things to be interested in,” he said. “If nothing else you can learn better habits, better security hygiene, and that makes us all more resilient as a society.”
For more information on the Association of Computing Machinery visit https://www.acm.org/. Details on SACMAT 2024, including a full program, can be found at https://www.sacmat.org/2024/.
-Christopher Reichert