Shahbaz Khan’s Profile
October 19th, 2010 By Waqar Afridi

Shahbaz Khan

He has been working on network and system engineering where most of the time he had been involved in software integration, porting, configuration, maintenance and administration. He had achieved Microsoft Certified System Engineer certification in the year 2000 but since 2002 he has been consumed with opensource tools and technologies. He completed his MS in Information Technology from Institute of Management Sciences in 2007 where he specialized in Computer Networks and Communication Systems. These days he hacks mobile platforms and web/application frameworks for security enhancements.

Job description:
His job responsibilities include analyzing theoretical and applied research on access control and trust management integration in secure systems. He started as a technical expert and soon he was able to produce research impact as well.

In his free time he studies para-psychology, esoteric and occult literature to solve the mysteries of non-physical planes. He spends his weekends at his farm house where he practices martial arts and tactical equipment.

R&D Activities and Interests:

I have been using the SHR based overlay in OpenEmbedded for experimentation lately after handling everything distinctly with the Openmoko toolchain. SELinux and Trusted Computing are incorporated in, and ported to, the Openmoko platform. FSO/2, a dbus based framework is utilized to provide an application runtime for third party service constraints’ regulation. The usage control component has an interpreter (PDP)  and an actuator/event-handler, which evaluates constraints and instructs other security agents (e.g. measurement agents) accordingly. Qemuarm and Neo FreeRunner are my client machines, while server side web services are utilized to abstract the server side of the usage control framework to reduce complexity in the first place. I have lately started experimenting with Puppet and cfengine based Model Driven Architecture to automate the usage control of the SRM and CRM but customization will be required to automate the Model Driven Usage Control Platformization (UCP) Framework for distributed applications.

An interesting part of the R&D is to adapt the model driven engineering tools to the distributed applications and services along with our management and enforcement enhancements. This would mean that model driven configuration becomes part of an organization’s application where specification is done by the principal entities through specific authorized tools and interfaces but automated configuration is achieved by applications updating the configurations rather then just rely on the administrator for invoking the configuration management with a high level policy following reports from monitoring and audit trails.

Currently some of our research work has progressed from web services to a more challenging cloud based usage model for combining the server side reference monitor semantics more clearly and effectively for a complex real world use case. Our work will also provide strong feedback to related community efforts as well.

The EASIP project at SERG also uses the concept of constraint based usage control framework to extend the user experience for runtime management of conflict resolution with dynamic constraints. Scholars have made related contributions as well.

The EASIP approach is an experiment limited in a way where server side runtime constraint management is not considered. Therefore it lacks dynamic rights management to satisfy the possible manageability with flexibility that has been demonstrated in a recent refereed work where rights management is automated with model driven engineering. This way a flexible runtime management can be implemented with suitable infrastructural enhancements.

As a matter of fact extending with both platforms seems to be a good point as MDA based approach can be proven with sophistication. Personally I continue with the Dbus and SELinux based runtime enhancements, while EASIP extends the Android Runtime’s enforcement capabilities. Mandatory Access Control at the Native OS level is quite similar in nature.

Using Dbus is advantageous as the approach can be easily implemented and ported to multiple platforms for experimentation, while Android based approach attracts the research and commercial community but at the same time it is difficult to incorporate the usage control framework in it. The basic hurdle is the more layered architecture of Android’s application framework.

We are also shifting towards a novel application scenario using health care OpenERP modules to enhance our existing example use case with utilizing model driven approach (MVC/MVT) for application development. With cloud computing usage models, which is being the center of interest these days, the usage control paradigm gets a complete coverage to demonstrate the feasibility of our work for industry acceptance of our usage based secure computing solutions.

It seems the more our efforts mature the more it gets closer to intelligent computing, where the models and policy constraints act as a knowledge base. Before inferencing can be utilized properly the knowledge base would require additional knowledge. The resource page shows some earlier published articles by my supervisor.

2 Responses to " Shahbaz Khan’s Profile "
October 19th, 2010

Dangerous hobbies

Waqar Afridi
October 19th, 2010

Some Times he suspends him in Air in Such a way that people start to Conceder it as Suicide, He Jumped from 17 story building to see how it feels while you are flying…

Leave a Reply