Communications of the ACM - Scratch Programming for All
On the declarativity of declarative networking
ACM SIGOPS Operating Systems Review
SecureBlox: customizable secure distributed data processing
Proceedings of the 2010 ACM SIGMOD International Conference on Management of data
Towards a data-centric view of cloud security
CloudDB '10 Proceedings of the second international workshop on Cloud data management
MOMMIE knows best: systematic optimizations for verifiable distributed algorithms
HotOS'13 Proceedings of the 13th USENIX conference on Hot topics in operating systems
NetQuery: a knowledge plane for reasoning about network properties
Proceedings of the ACM SIGCOMM 2011 conference
Dedalus: datalog in time and space
Datalog'10 Proceedings of the First international conference on Datalog Reloaded
Securing data provenance in the cloud
iNetSec'11 Proceedings of the 2011 IFIP WG 11.4 international conference on Open Problems in Network Security
Recent advances in declarative networking
PADL'12 Proceedings of the 14th international conference on Practical Aspects of Declarative Languages
G2C: cryptographic protocols from goal-driven specifications
TOSCA'11 Proceedings of the 2011 international conference on Theory of Security and Applications
A concept of unification of network security policies
Proceedings of the Fifth International Conference on Security of Information and Networks
Declarative secure distributed information systems
Computer Languages, Systems and Structures
The design and implementation of the A3 application-aware anonymity platform
Computer Networks: The International Journal of Computer and Telecommunications Networking
| Hi-index | 0.00 |
We present a unified declarative platform for specifying, implementing, and analyzing secure networked information systems. Our work builds upon techniques from logic-based trust management systems, declarative networking, and data analysis via provenance. We make the following contributions. First, we propose the Secure Network Datalog (SeNDlog) language that unifies Binder, a logic-based language for access control in distributed systems, and Network Datalog, a distributed recursive query language for declarative networks. SeNDlog enables network routing, information systems, and their security policies to be specified and implemented within a common declarative framework. Second, we extend existing distributed recursive query processing techniques to execute SeNDlog programs that incorporate authenticated communication among untrusted nodes. Third, we demonstrate that distributed network provenance can be supported naturally within our declarative framework for network security analysis and diagnostics. Finally, using a local cluster and the PlanetLab testbed, we perform a detailed performance study of a variety of secure networked systems implemented using our platform.