Distributed middleware enforcement of event flow security policy

Distributed, event-driven applications that process sensitive user data and involve multiple organisational domains must comply with complex security requirements. Ideally, developers want to express security policy for such applications in data-centric terms, controlling the flow of information thr...

Ausführliche Beschreibung

Gespeichert in:

Bibliographische Detailangaben
Hauptverfasser:	Migliavacca, Matteo, Papagiannis, Ioannis, Eyers, David M., Shand, Brian, Bacon, Jean, Pietzuch, Peter
Format:	Tagungsbericht
Sprache:	eng
Schlagworte:	Computer systems organization > Architectures > Distributed architectures Networks > Network services Security and privacy Social and professional topics > Computing > technology policy > Computer crime Software and its engineering > Software organization and properties > Software system structures > Distributed systems organizing principles
Online-Zugang:	Volltext
Tags:	Tag hinzufügen Keine Tags, Fügen Sie den ersten Tag hinzu!

container_end_page	354
container_issue
container_start_page	334
container_title
container_volume	6452
creator	Migliavacca, Matteo Papagiannis, Ioannis Eyers, David M. Shand, Brian Bacon, Jean Pietzuch, Peter
description	Distributed, event-driven applications that process sensitive user data and involve multiple organisational domains must comply with complex security requirements. Ideally, developers want to express security policy for such applications in data-centric terms, controlling the flow of information throughout the system. Current middleware does not support the specification of such end-to-end security policy and lacks uniform mechanisms for enforcement. We describe DEFCon-Policy, a middleware that enforces security policy in multi-domain, event-driven applications. Event flow policy is expressed in a high-level language that specifies permitted flows between distributed software components. The middleware limits the interaction of components based on the policy and the data that components have observed. It achieves this by labelling data and assigning privileges to components. We evaluate DEFCon-Policy in a realistic medical scenario and demonstrate that it can provide global security guarantees without burdening application developers.
doi_str_mv	10.5555/2023718.2023741
format	Conference Proceeding
fullrecord	<record><control><sourceid>proquest_acm_b</sourceid><recordid>TN_cdi_acm_books_10_5555_2023718_2023741</recordid><sourceformat>XML</sourceformat><sourcesystem>PC</sourcesystem><sourcerecordid>EBC3066182_21_344</sourcerecordid><originalsourceid>FETCH-LOGICAL-a201t-4a1defcd7789635d58086cfcf42d77c3909c6c27e3d92ea74008c280e8b017a73</originalsourceid><addsrcrecordid>eNqNULtOAzEQNEIgopCa9kqaBL_Ojw4UCCBFooHa8tlrcXCJg-0jyt9zIWnomGZ2VzOj1SB0RfCsHnBDMWWSqNkvc3KCJloqJjglQte1PP2zc3yORkIJyaVm6gJNcv7AAzgXgqoRur1vc0lt0xfw1ar1voOtTVDBOsTkYAXrUsVQwfd-CF3cVhlcn9qyqzaxa93uEp0F22WYHHmM3hYPr_On6fLl8Xl-t5xaikmZcks8BOelVFqw2tcKK-GCC5wON8c01k44KoF5TcFKjrFyVGFQDSbSSjZG7JC7SfGrh1wMNDF-uuGvZDv3bjcFUjYMC0EUNZQYxvnguj64rFuZvT4bgs2-RnOs0RxrHKSzf0pNk1oI7AeMlW6h</addsrcrecordid><sourcetype>Publisher</sourcetype><iscdi>true</iscdi><recordtype>conference_proceeding</recordtype><pqid>EBC3066182_21_344</pqid></control><display><type>conference_proceeding</type><title>Distributed middleware enforcement of event flow security policy</title><source>Springer Books</source><creator>Migliavacca, Matteo ; Papagiannis, Ioannis ; Eyers, David M. ; Shand, Brian ; Bacon, Jean ; Pietzuch, Peter</creator><contributor>Gupta, Indranil ; Mascolo, Cecilia</contributor><creatorcontrib>Migliavacca, Matteo ; Papagiannis, Ioannis ; Eyers, David M. ; Shand, Brian ; Bacon, Jean ; Pietzuch, Peter ; Gupta, Indranil ; Mascolo, Cecilia</creatorcontrib><description>Distributed, event-driven applications that process sensitive user data and involve multiple organisational domains must comply with complex security requirements. Ideally, developers want to express security policy for such applications in data-centric terms, controlling the flow of information throughout the system. Current middleware does not support the specification of such end-to-end security policy and lacks uniform mechanisms for enforcement. We describe DEFCon-Policy, a middleware that enforces security policy in multi-domain, event-driven applications. Event flow policy is expressed in a high-level language that specifies permitted flows between distributed software components. The middleware limits the interaction of components based on the policy and the data that components have observed. It achieves this by labelling data and assigning privileges to components. We evaluate DEFCon-Policy in a realistic medical scenario and demonstrate that it can provide global security guarantees without burdening application developers.</description><identifier>ISBN: 9783642169540</identifier><identifier>ISBN: 3642169546</identifier><identifier>EISBN: 9783642169557</identifier><identifier>EISBN: 3642169554</identifier><identifier>DOI: 10.5555/2023718.2023741</identifier><identifier>OCLC: 686747938</identifier><identifier>LCCallNum: TK5105.5-5105.9</identifier><language>eng</language><publisher>Berlin, Heidelberg: Springer-Verlag</publisher><subject>Computer systems organization -- Architectures -- Distributed architectures ; Networks -- Network services ; Security and privacy ; Social and professional topics -- Computing -- technology policy -- Computer crime ; Software and its engineering -- Software organization and properties -- Software system structures -- Distributed systems organizing principles</subject><ispartof>Middleware 2010, 2010, Vol.6452, p.334-354</ispartof><lds50>peer_reviewed</lds50><woscitedreferencessubscribed>false</woscitedreferencessubscribed></display><links><openurl>$$Topenurl_article</openurl><openurlfulltext>$$Topenurlfull_article</openurlfulltext><thumbnail>$$Uhttps://ebookcentral.proquest.com/covers/3066182-l.jpg</thumbnail><link.rule.ids>309,310,779,780,784,789,790,793,27925</link.rule.ids></links><search><contributor>Gupta, Indranil</contributor><contributor>Mascolo, Cecilia</contributor><creatorcontrib>Migliavacca, Matteo</creatorcontrib><creatorcontrib>Papagiannis, Ioannis</creatorcontrib><creatorcontrib>Eyers, David M.</creatorcontrib><creatorcontrib>Shand, Brian</creatorcontrib><creatorcontrib>Bacon, Jean</creatorcontrib><creatorcontrib>Pietzuch, Peter</creatorcontrib><title>Distributed middleware enforcement of event flow security policy</title><title>Middleware 2010</title><description>Distributed, event-driven applications that process sensitive user data and involve multiple organisational domains must comply with complex security requirements. Ideally, developers want to express security policy for such applications in data-centric terms, controlling the flow of information throughout the system. Current middleware does not support the specification of such end-to-end security policy and lacks uniform mechanisms for enforcement. We describe DEFCon-Policy, a middleware that enforces security policy in multi-domain, event-driven applications. Event flow policy is expressed in a high-level language that specifies permitted flows between distributed software components. The middleware limits the interaction of components based on the policy and the data that components have observed. It achieves this by labelling data and assigning privileges to components. We evaluate DEFCon-Policy in a realistic medical scenario and demonstrate that it can provide global security guarantees without burdening application developers.</description><subject>Computer systems organization -- Architectures -- Distributed architectures</subject><subject>Networks -- Network services</subject><subject>Security and privacy</subject><subject>Social and professional topics -- Computing -- technology policy -- Computer crime</subject><subject>Software and its engineering -- Software organization and properties -- Software system structures -- Distributed systems organizing principles</subject><isbn>9783642169540</isbn><isbn>3642169546</isbn><isbn>9783642169557</isbn><isbn>3642169554</isbn><fulltext>true</fulltext><rsrctype>conference_proceeding</rsrctype><creationdate>2010</creationdate><recordtype>conference_proceeding</recordtype><recordid>eNqNULtOAzEQNEIgopCa9kqaBL_Ojw4UCCBFooHa8tlrcXCJg-0jyt9zIWnomGZ2VzOj1SB0RfCsHnBDMWWSqNkvc3KCJloqJjglQte1PP2zc3yORkIJyaVm6gJNcv7AAzgXgqoRur1vc0lt0xfw1ar1voOtTVDBOsTkYAXrUsVQwfd-CF3cVhlcn9qyqzaxa93uEp0F22WYHHmM3hYPr_On6fLl8Xl-t5xaikmZcks8BOelVFqw2tcKK-GCC5wON8c01k44KoF5TcFKjrFyVGFQDSbSSjZG7JC7SfGrh1wMNDF-uuGvZDv3bjcFUjYMC0EUNZQYxvnguj64rFuZvT4bgs2-RnOs0RxrHKSzf0pNk1oI7AeMlW6h</recordid><startdate>20101129</startdate><enddate>20101129</enddate><creator>Migliavacca, Matteo</creator><creator>Papagiannis, Ioannis</creator><creator>Eyers, David M.</creator><creator>Shand, Brian</creator><creator>Bacon, Jean</creator><creator>Pietzuch, Peter</creator><general>Springer-Verlag</general><general>Springer Berlin / Heidelberg</general><scope>FFUUA</scope></search><sort><creationdate>20101129</creationdate><title>Distributed middleware enforcement of event flow security policy</title><author>Migliavacca, Matteo ; Papagiannis, Ioannis ; Eyers, David M. ; Shand, Brian ; Bacon, Jean ; Pietzuch, Peter</author></sort><facets><frbrtype>5</frbrtype><frbrgroupid>cdi_FETCH-LOGICAL-a201t-4a1defcd7789635d58086cfcf42d77c3909c6c27e3d92ea74008c280e8b017a73</frbrgroupid><rsrctype>conference_proceedings</rsrctype><prefilter>conference_proceedings</prefilter><language>eng</language><creationdate>2010</creationdate><topic>Computer systems organization -- Architectures -- Distributed architectures</topic><topic>Networks -- Network services</topic><topic>Security and privacy</topic><topic>Social and professional topics -- Computing -- technology policy -- Computer crime</topic><topic>Software and its engineering -- Software organization and properties -- Software system structures -- Distributed systems organizing principles</topic><toplevel>peer_reviewed</toplevel><toplevel>online_resources</toplevel><creatorcontrib>Migliavacca, Matteo</creatorcontrib><creatorcontrib>Papagiannis, Ioannis</creatorcontrib><creatorcontrib>Eyers, David M.</creatorcontrib><creatorcontrib>Shand, Brian</creatorcontrib><creatorcontrib>Bacon, Jean</creatorcontrib><creatorcontrib>Pietzuch, Peter</creatorcontrib><collection>ProQuest Ebook Central - Book Chapters - Demo use only</collection></facets><delivery><delcategory>Remote Search Resource</delcategory><fulltext>fulltext</fulltext></delivery><addata><au>Migliavacca, Matteo</au><au>Papagiannis, Ioannis</au><au>Eyers, David M.</au><au>Shand, Brian</au><au>Bacon, Jean</au><au>Pietzuch, Peter</au><au>Gupta, Indranil</au><au>Mascolo, Cecilia</au><format>book</format><genre>proceeding</genre><ristype>CONF</ristype><atitle>Distributed middleware enforcement of event flow security policy</atitle><btitle>Middleware 2010</btitle><date>2010-11-29</date><risdate>2010</risdate><volume>6452</volume><spage>334</spage><epage>354</epage><pages>334-354</pages><isbn>9783642169540</isbn><isbn>3642169546</isbn><eisbn>9783642169557</eisbn><eisbn>3642169554</eisbn><abstract>Distributed, event-driven applications that process sensitive user data and involve multiple organisational domains must comply with complex security requirements. Ideally, developers want to express security policy for such applications in data-centric terms, controlling the flow of information throughout the system. Current middleware does not support the specification of such end-to-end security policy and lacks uniform mechanisms for enforcement. We describe DEFCon-Policy, a middleware that enforces security policy in multi-domain, event-driven applications. Event flow policy is expressed in a high-level language that specifies permitted flows between distributed software components. The middleware limits the interaction of components based on the policy and the data that components have observed. It achieves this by labelling data and assigning privileges to components. We evaluate DEFCon-Policy in a realistic medical scenario and demonstrate that it can provide global security guarantees without burdening application developers.</abstract><cop>Berlin, Heidelberg</cop><pub>Springer-Verlag</pub><doi>10.5555/2023718.2023741</doi><oclcid>686747938</oclcid><tpages>21</tpages></addata></record>
fulltext	fulltext
identifier	ISBN: 9783642169540
ispartof	Middleware 2010, 2010, Vol.6452, p.334-354
issn
language	eng
recordid	cdi_acm_books_10_5555_2023718_2023741
source	Springer Books
subjects	Computer systems organization -- Architectures -- Distributed architectures Networks -- Network services Security and privacy Social and professional topics -- Computing -- technology policy -- Computer crime Software and its engineering -- Software organization and properties -- Software system structures -- Distributed systems organizing principles
title	Distributed middleware enforcement of event flow security policy
url	https://sfx.bib-bvb.de/sfx_tum?ctx_ver=Z39.88-2004&ctx_enc=info:ofi/enc:UTF-8&ctx_tim=2025-01-08T00%3A38%3A20IST&url_ver=Z39.88-2004&url_ctx_fmt=infofi/fmt:kev:mtx:ctx&rfr_id=info:sid/primo.exlibrisgroup.com:primo3-Article-proquest_acm_b&rft_val_fmt=info:ofi/fmt:kev:mtx:book&rft.genre=proceeding&rft.atitle=Distributed%20middleware%20enforcement%20of%20event%20flow%20security%20policy&rft.btitle=Middleware%202010&rft.au=Migliavacca,%20Matteo&rft.date=2010-11-29&rft.volume=6452&rft.spage=334&rft.epage=354&rft.pages=334-354&rft.isbn=9783642169540&rft.isbn_list=3642169546&rft_id=info:doi/10.5555/2023718.2023741&rft_dat=%3Cproquest_acm_b%3EEBC3066182_21_344%3C/proquest_acm_b%3E%3Curl%3E%3C/url%3E&rft.eisbn=9783642169557&rft.eisbn_list=3642169554&disable_directlink=true&sfx.directlink=off&sfx.report_link=0&rft_id=info:oai/&rft_pqid=EBC3066182_21_344&rft_id=info:pmid/&rfr_iscdi=true