Migliavacca, Matteo and Papagiannis, Ioannis and Eyers, David M. and Shand, Brian and Bacon, Jean and Pietzuch, Peter (2010) Distributed Middleware Enforcement of Event Flow Security Policy. In: Gupta, Indrani and Mascolo, Cecilia, eds. Middleware 2010 ACM/IFIP/USENIX 11th International Middleware Conference. Lecture Notes in Computer Science . Springer, Berlin, Germany, pp. 334-354. ISBN 978-3-642-16954-0. E-ISBN 978-3-642-16955-7. (doi:10.1007/978-3-642-16955-7_17) (KAR id:31862)
|
PDF
Language: English |
|
|
Download this file (PDF/466kB) |
![[thumbnail of 10-middleware-policy.pdf]](https://kar.kent.ac.uk/style/images/fileicons/application_pdf.png) |
| Request a format suitable for use with assistive technology e.g. a screenreader | |
| Official URL: http://dx.doi.org/10.1007/978-3-642-16955-7_17 |
|
Abstract
Distributed, event-driven applications that process sensitive user data and involve multiple organisational domains must comply with complex security requirements. Ideally, developers want to express security policy for such applications in data-centric terms, controlling the flow of information throughout the system. Current middleware does not support the specification of such end-to-end security policy and lacks uniform mechanisms for enforcement.
We describe DEFCon-Policy, a middleware that enforces security policy in multi-domain, event-driven applications. Event flow policy is expressed in a high-level language that specifies permitted flows between distributed software components. The middleware limits the interaction of components based on the policy and the data that components have observed. It achieves this by labelling data and assigning privileges to components. We evaluate DEFCon-Policy in a realistic medical scenario and demonstrate that it can provide global security guarantees without burdening application developers.
| Item Type: | Book section |
|---|---|
| DOI/Identification number: | 10.1007/978-3-642-16955-7_17 |
| Uncontrolled keywords: | multi-domain distributed applications; security policy; information flow control; event-based middleware |
| Subjects: | Q Science > QA Mathematics (inc Computing science) > QA 76 Software, computer programming, |
| Divisions: | Divisions > Division of Computing, Engineering and Mathematical Sciences > School of Computing |
| Depositing User: | Matteo Migliavacca |
| Date Deposited: | 23 Oct 2012 20:47 UTC |
| Last Modified: | 05 Nov 2024 10:14 UTC |
| Resource URI: | https://kar.kent.ac.uk/id/eprint/31862 (The current URI for this page, for reference purposes) |
University of Kent Author Information
Migliavacca, Matteo.
| Creator's ORCID: |
 https://orcid.org/0000-0002-5684-4865
|
|---|---|
| CReDIT Contributor Roles: |
- Link to SensusAccess
- Export to:
- RefWorks
- EPrints3 XML
- BibTeX
- CSV
- Depositors only (login required):
Altmetric
Altmetric
