Distributed Middleware Enforcement of Event Flow Security Policy - Middleware 2010
Conference Papers Year : 2010

Distributed Middleware Enforcement of Event Flow Security Policy

Abstract

Distributed, event-driven applications that process sensitive user data and involve multiple organisational domains must comply with complex security requirements. Ideally, developers want to express security policy for such applications in data-centric terms, controlling the flow of information throughout the system. Current middleware does not support the specification of such end-to-end security policy and lacks uniform mechanisms for enforcement. We describe DEFCon-Policy, a middleware that enforces security policy in multi-domain, event-driven applications. Event flow policy is expressed in a high-level language that specifies permitted flows between distributed software components. The middleware limits the interaction of components based on the policy and the data that components have observed. It achieves this by labelling data and assigning privileges to components. We evaluate DEFCon-Policy in a realistic medical scenario and demonstrate that it can provide global security guarantees without burdening application developers.
Fichier principal
Vignette du fichier
sf-mw10.pdf (294.32 Ko) Télécharger le fichier
Origin Files produced by the author(s)
Loading...

Dates and versions

hal-01055277 , version 1 (12-08-2014)

Licence

Identifiers

Cite

Matteo Migliavacca, Ioannis Papagiannis, David M. Eyers, Brian Shand, Jean Bacon, et al.. Distributed Middleware Enforcement of Event Flow Security Policy. ACM/IFIP/USENIX 11th International Middleware Conference (MIDDLEWARE), Nov 2010, Bangalore, India. pp.334-354, ⟨10.1007/978-3-642-16955-7_17⟩. ⟨hal-01055277⟩
185 View
119 Download

Altmetric

Share

More