A DSL Framework for Policy-Based Security of Distributed Systems

Author

Hamdi, Hédi ; Mosbah, Mohamed

Author_Institution

LaBRI 351, Univ. de Bordeaux, Talence, France

fYear

2009

fDate

8-10 July 2009

Firstpage

150

Lastpage

158

Abstract

Securing distributed systems remains a significant challenge for several reasons. First, the security features required in an application may depend on the environment in which the application is operating, the type of data exchanged, and the capability of the end-points of communication. Second, the security mechanisms deployed could apply to both communication and application layers in the system, making it difficult to understand and manage overall system security. This paper presents a policy-based approach to meeting these needs. We propose a framework based on a domain-specific language for the specification, verification and implementation of security policies for distributed systems. Based on a set of abstractions, this framework allows to develop modular security policies and independent of the underlying system. Thus, security policies can be developed by a developer who is not necessarily computer security expert.

Keywords

formal specification; program verification; programming languages; security of data; data exchange; distributed systems; domain-specific language; policy-based security; specification; system security; verification; Authorization; Communication system security; Computer security; Context-aware services; Costs; DSL; Data security; Distributed computing; Domain specific languages; Peer to peer computing; DSL; Security policy; compilation; implementation; specification; verification;

fLanguage

English

Publisher

ieee

Conference_Titel

Secure Software Integration and Reliability Improvement, 2009. SSIRI 2009. Third IEEE International Conference on

Conference_Location

Shanghai

Print_ISBN

978-0-7695-3758-0

Type

conf

DOI

10.1109/SSIRI.2009.43

Filename

5325382