Protecting privacy using the decentralized label model
ACM Transactions on Software Engineering and Methodology (TOSEM)
The Power of Events: An Introduction to Complex Event Processing in Distributed Enterprise Systems
The Power of Events: An Introduction to Complex Event Processing in Distributed Enterprise Systems
DEXA '03 Proceedings of the 14th International Workshop on Database and Expert Systems Applications
Labels and event processes in the asbestos operating system
Proceedings of the twentieth ACM symposium on Operating systems principles
Information flow control for standard OS abstractions
Proceedings of twenty-first ACM SIGOPS symposium on Operating systems principles
Making information flow explicit in HiStar
OSDI '06 Proceedings of the 7th symposium on Operating systems design and implementation
Manageable fine-grained information flow
Proceedings of the 3rd ACM SIGOPS/EuroSys European Conference on Computer Systems 2008
SIF: enforcing confidentiality and integrity in web applications
SS'07 Proceedings of 16th USENIX Security Symposium on USENIX Security Symposium
Securing distributed systems with information flow control
NSDI'08 Proceedings of the 5th USENIX Symposium on Networked Systems Design and Implementation
Enforcing "sticky" security policies throughout a distributed application
Proceedings of the 2008 workshop on Middleware security
DEFCON: high-performance event processing with information security
USENIXATC'10 Proceedings of the 2010 USENIX conference on USENIX annual technical conference
Using argumentation logic for firewall policy specification and analysis
DSOM'06 Proceedings of the 17th IFIP/IEEE international conference on Distributed Systems: operations and management
Enforcing end-to-end application security in the cloud (big ideas paper)
Proceedings of the ACM/IFIP/USENIX 11th International Conference on Middleware
CloudFilter: practical control of sensitive data propagation to the cloud
Proceedings of the 2012 ACM Workshop on Cloud computing security workshop
Hi-index | 0.00 |
Distributed, event-driven applications that process sensitive user data and involve multiple organisational domains must comply with complex security requirements. Ideally, developers want to express security policy for such applications in data-centric terms, controlling the flow of information throughout the system. Current middleware does not support the specification of such end-to-end security policy and lacks uniform mechanisms for enforcement. We describe DEFCon-Policy, a middleware that enforces security policy in multi-domain, event-driven applications. Event flow policy is expressed in a high-level language that specifies permitted flows between distributed software components. The middleware limits the interaction of components based on the policy and the data that components have observed. It achieves this by labelling data and assigning privileges to components. We evaluate DEFCon-Policy in a realistic medical scenario and demonstrate that it can provide global security guarantees without burdening application developers.