SecureBlox: customizable secure distributed data processing

Authors:
William R. Marczak;Shan Shan Huang;Martin Bravenboer;Micah Sherr;Boon Thau Loo;Molham Aref
Affiliations:
University of California - Berkeley, Berkeley, CA, USA;LogicBlox, Atlanta, GA, USA;LogicBlox, Atlanta, GA, USA;University of Pennsylvania, Philadelphia, PA, USA;University of Pennsylvania, Philadelphia, PA, USA;LogicBlox, Atlanta, GA, USA
Venue:
Proceedings of the 2010 ACM SIGMOD International Conference on Management of data
Year:
2010

Citing 22
Cited 5

Programming in Prolog

Programming in Prolog
Authentication in distributed systems: theory and practice

ACM Transactions on Computer Systems (TOCS)
Maintaining views incrementally

SIGMOD '93 Proceedings of the 1993 ACM SIGMOD international conference on Management of data
Delegation logic: A logic-based approach to distributed authorization

ACM Transactions on Information and System Security (TISSEC)
Binder, a Logic-Based Security Language

SP '02 Proceedings of the 2002 IEEE Symposium on Security and Privacy
Decentralized Trust Management

SP '96 Proceedings of the 1996 IEEE Symposium on Security and Privacy
SD3: A Trust Management System with Certified Evaluation

SP '01 Proceedings of the 2001 IEEE Symposium on Security and Privacy
Cassandra: Distributed Access Control Policies with Tunable Expressiveness

POLICY '04 Proceedings of the Fifth IEEE International Workshop on Policies for Distributed Systems and Networks
Declarative routing: extensible routing with declarative queries

Proceedings of the 2005 conference on Applications, technologies, architectures, and protocols for computer communications
Implementing declarative overlays

Proceedings of the twentieth ACM symposium on Operating systems principles
Declarative networking: language, execution and optimization

Proceedings of the 2006 ACM SIGMOD international conference on Management of data
Tor: the second-generation onion router

SSYM'04 Proceedings of the 13th conference on USENIX Security Symposium - Volume 13
Querying the internet with PIER

VLDB '03 Proceedings of the 29th international conference on Very large data bases - Volume 29
Towards a declarative language and system for secure networking

NETB'07 Proceedings of the 3rd USENIX international workshop on Networking meets databases
The chase revisited

Proceedings of the twenty-seventh ACM SIGMOD-SIGACT-SIGART symposium on Principles of database systems
Evita raced: metacompilation for declarative networks

Proceedings of the VLDB Endowment
Unified Declarative Platform for Secure Netwoked Information Systems

ICDE '09 Proceedings of the 2009 IEEE International Conference on Data Engineering
Exception analysis and points-to analysis: better together

Proceedings of the eighteenth international symposium on Software testing and analysis
Strictly declarative specification of sophisticated points-to analyses

Proceedings of the 24th ACM SIGPLAN conference on Object oriented programming systems languages and applications
On chase termination beyond stratification

Proceedings of the VLDB Endowment
Boom analytics: exploring data-centric, declarative programming for the cloud

Proceedings of the 5th European conference on Computer systems
CloudViews: communal data sharing in public clouds

HotCloud'09 Proceedings of the 2009 conference on Hot topics in cloud computing

Towards a data-centric view of cloud security

CloudDB '10 Proceedings of the second international workshop on Cloud data management
Datalog and emerging applications: an interactive tutorial

Proceedings of the 2011 ACM SIGMOD International Conference on Management of data
Recent advances in declarative networking

PADL'12 Proceedings of the 14th international conference on Practical Aspects of Declarative Languages
LogicBlox, platform and language: a tutorial

Datalog 2.0'12 Proceedings of the Second international conference on Datalog in Academia and Industry
Declarative datalog debugging for mere mortals

Datalog 2.0'12 Proceedings of the Second international conference on Datalog in Academia and Industry

Quantified Score

Hi-index	0.00

Visualization

Abstract

We present SecureBlox, a declarative system that unifies a distributed query processor with a security policy framework. SecureBlox decouples security concerns from system specification, allowing easy reconfiguration of a system's security properties to suit a given execution environment. Our implementation of SecureBlox is a series of extensions to LogicBlox, an emerging commercial Datalog-based platform for enterprise software systems. SecureBlox enhances LogicBlox to enable distribution and static meta-programmability, and makes novel use of existing LogicBlox features such as integrity constraints. SecureBlox allows meta-programmability via BloxGenerics - a language extension for compile-time code generation based on the security requirements and trust policies of the deployed environment. We present and evaluate detailed use-cases in which SecureBlox enables diverse applications, including an authenticated declarative routing protocol with encrypted advertisements and an authenticated and encrypted parallel hash join operation. Our results demonstrate SecureBlox's abilities to specify and implement a wide range of different security constructs for distributed systems as well as to enable tradeoffs between performance and security.