Distributed Middleware Enforcement of Event Flow Security Policy

Distributed, event-driven applications that process sensitive user data and involve multiple organisational domains must comply with complex security requirements. Ideally, developers want to express security policy for such applications in data-centric terms, controlling the flow of information throughout the system. Current middleware does not support the specification of such end-to-end security policy and lacks uniform mechanisms for enforcement. We describe DEFCon-Policy, a middleware that enforces security policy in multi-domain, event-driven applications. Event flow policy is expressed in a high-level language that specifies permitted flows between distributed software components. The middleware limits the interaction of components based on the policy and the data that components have observed. It achieves this by labelling data and assigning privileges to components. We evaluate DEFCon-Policy in a realistic medical scenario and demonstrate that it can provide global security guarantees without burdening application developers.

[1]  Steve Vandebogart,et al.  Labels and event processes in the Asbestos operating system , 2005, TOCS.

[2]  Silas Boyd-Wickizer,et al.  Securing Distributed Systems with Information Flow Control , 2008, NSDI.

[3]  David W. Chadwick,et al.  Enforcing "sticky" security policies throughout a distributed application , 2008, MidSec '08.

[4]  David M. Eyers,et al.  DEFCON: High-Performance Event Processing with Information Security , 2010, USENIX Annual Technical Conference.

[5]  Eddie Kohler,et al.  Manageable fine-grained information flow , 2008, Eurosys '08.

[6]  Siani Pearson,et al.  Towards accountable management of identity and privacy: sticky policies and enforceable tracing services , 2003, 14th International Workshop on Database and Expert Systems Applications, 2003. Proceedings..

[7]  Andrew C. Myers,et al.  Protecting privacy using the decentralized label model , 2000, Foundations of Intrusion Tolerant Systems, 2003 [Organically Assured and Survivable Information Systems].

[8]  Alessandra Russo,et al.  Using Argumentation Logic for Firewall Policy Specification and Analysis , 2006, DSOM.

[9]  Frank P. Coyle Review of 'The power of events: An introduction to complex event processing in distributed enterprise systems,' by David Luckham, Addison Wesley Professional, May 2002 , 2003, UBIQ.

[10]  David Luckham,et al.  The power of events - an introduction to complex event processing in distributed enterprise systems , 2002, RuleML.

[11]  Eddie Kohler,et al.  Making information flow explicit in HiStar , 2006, OSDI '06.

[12]  Wenfei Fan,et al.  Keys with Upward Wildcards for XML , 2001, DEXA.

[13]  Eddie Kohler,et al.  Information flow control for standard OS abstractions , 2007, SOSP.

[14]  Jean Bacon,et al.  Enforcing User Privacy in Web Applications using Erlang , 2010 .

[15]  Andrew C. Myers,et al.  SIF: Enforcing Confidentiality and Integrity in Web Applications , 2007, USENIX Security Symposium.