I returned to graduate school in fall 2003 after four years helping build a company. My advisor was Ninghui Li. The other members of my thesis committee were Profs. Mike Atallah, Elisa Bertino and Gene Spafford. I graduated with the Ph.D. in December 2005 and accepted a position in the Security and Privacy Technology Lab of Motorola Labs in Schaumburg, IL. My dissertation is titled, "A Theory Based on Security Analysis for Comparing the Expressive Power of Access Control Models."

      CV

      Research Statement

      Teaching Statement

Research

I work in computer security. My primary interests are in foundational and applied aspects of access control. I have worked also on vulnerability analysis and backward-compatible solutions to security problems in network protocols.

Publications

Journals

1. Tripunitara, M.V. and Li, N. 2007. A Theory for Comparing the Expressive Power of Access Control Models. Journal of Computer Security (JCS) 15, 2, 231--272. PDF

2. Li, N. and Tripunitara, M.V. 2006. Security Analysis in Role-Based Access Control. ACM Transactions on Information and Systems Security (TISSEC) 9, 4 (November), 391--420. PDF

3. Li, N., Tripunitara, M.V. and Bizri, Z. On Mutually-Exclusive Roles and Separation of Duty. Accepted to appear, ACM Transactions on Information and Systems Security (TISSEC). PDF

   Under Review:

4. Tripunitara, M.V. and Li, N. The Foundational Work of Harrison-Ruzzo-Ullman Revisited. Under review, Information Processing Letters. PDF

5. Jha, S., Li, N., Tripunitara, M.V., Wang, Q. and Winsborough, W. Towards Formal Verification of Role-Based Access Control Policies. Under review, IEEE Transactions on Dependable and Secure Computing (TDSC). PDF

Technical Magazines

6. Tripunitara, M. V. and Messerges, T. 2007. Resolving the Micropayment Problem. IEEE Computer 40, 2 (February), 104--106. PDF

7. Tripunitara, M.V. and Spafford, E. 2001. Connectivity Provisioning with Security Attributes. Software Focus 2, 3, 112--116.

Conferences

8. Li, N., Tripunitara, M.V. and Wang, Q. 2006. Resiliency Policies in Access Control. ACM Conference on Computer and Communications Security (CCS'06), 113--123. PDF

9. Li, N. and Tripunitara, M.V. 2005. On Safety in Discretionary Access Control. IEEE Symposium on Security and Privacy, 96--109. PDF

10. Tripunitara, M.V. and Li, N. 2004. Comparing the Expressive Power of Access Control Models. ACM Conference on Computer and Communications Security (CCS'04), 62--71. PDF

11. Li, N., Bizri, Z. and Tripunitara, M.V. 2004. On Mutually-Exclusive Roles and Separation of Duty. ACM Conference on Computer and Communications Security (CCS'04), 42--51. PDF

12. Li, N. and Tripunitara, M.V. 2004. Security Analysis in Role-Based Access Control. ACM Symposium on Access Control, Models and Technologies (SACMAT), 126--135. PDF

13. Tripunitara, M.V. and Dutta, P. 1999. A Middleware Approach to Asynchronous and Backward-Compatible Detection and Prevention of ARP Cache Poisoning. Annual Computer Security Applications Conference (ACSAC'99), 303--309. PDF

14. Krsul, I., Spafford, E. and Tripunitara, M.V. 1998. An Analysis of Some Software Vulnerabilities. National Information Systems Security Conference (NISSC).

Patents

• A Middleware Approach to Asynchronous and Backward-Compatible Detection and Prevention of ARP Cache Poisoning, US Patent Number 6,771,649, Granted August 2004.