Unified Platform for Secure Networked Information Systems
作者: Yun Mao , Boon Thau Loo , Martín Abadi , Wenchao Zhou
DOI:
关键词:
摘要: In this paper, we present a unified declarative platform for specifying, implementing, analyzing and auditing large-scale secure information systems. Our proposed system builds upon techniques from logic-based trust management systems, networking, data analysis via provenance. First, propose the Secure Network Datalog (SeNDlog) language that unifies Binder, access control in distributed (NDlog), recursive query networks. SeNDlog enables network routing, their security policies to be specified implemented within common framework. Second, extend existing processing execute programs incorporate notion of authenticated communication among untrusted nodes. Third, demonstrate an integrated framework cross-layer use Finally, using local cluster PlanetLab testbed, perform detailed performance study variety networked systems our platform. We further evaluation provenance SeNDlog-based packet tracing service cluster. Comments University Pennsylvania Department Computer Information Science Technical Report No. MSCIS-08-05 This technical report is available at ScholarlyCommons: http://repository.upenn.edu/cis_reports/872 Unified Platform Networked Systems Wenchao Zhou∗ Yun Mao∗ Boon Thau Loo∗ Martin Abadi†‡ ∗University †UC Santa Cruz ‡Microsoft Research {wenchaoz, maoy, boonloo}@cis.upenn.edu, abadi@microsoft.com
参考文章(28)
Martín Abadi, On Access Control, Data Integration, and Their Languages Monographs in Computer Science. pp. 9- 14 ,(2004) , 10.1007/0-387-21821-1_2
Zachary G Ives, Yun Mao, Boon Thau Loo, Jonathan M Smith, MOSAIC: Multiple Overlay Selection and Intelligent Composition ,(2007)
Matt Blaze, Joan Feigenbaum, John Ioannidis, Angelos D. Keromytis, The role of trust management in distributed systems security Secure Internet programming. pp. 185- 210 ,(2001) , 10.1007/3-540-48749-2_8
Peter Buneman, Sanjeev Khanna, Tan Wang-Chiew, Why and Where: A Characterization of Data Provenance international conference on database theory. pp. 316- 330 ,(2001) , 10.1007/3-540-44503-X_20
Yehoshua Sagiv, François Bancilhon, David Maier, Jeffrey D. Ullman, Magic Sets and Other Strange Ways to Implement Logic Programs. symposium on principles of database systems. pp. 1- 15 ,(1986)
Adam Bender, Neil Spring, Dave Levin, Bobby Bhattacharjee, Accountability as a service conference on steps to reducing unwanted traffic on internet. pp. 5- ,(2007)
Barbara Carminati, Elena Ferrari, Kian Lee Tan, Specifying Access Control Policies on Data Streams Advances in Databases: Concepts, Systems and Applications. ,vol. 4443, pp. 410- 421 ,(2007) , 10.1007/978-3-540-71703-4_36
J. DeTreville, Binder, a logic-based security language ieee symposium on security and privacy. pp. 105- 113 ,(2002) , 10.1109/SECPRI.2002.1004365
Stefan Savage, David Wetherall, Anna Karlin, Tom Anderson, Practical network support for IP traceback acm special interest group on data communication. ,vol. 30, pp. 295- 306 ,(2000) , 10.1145/347057.347560
Eddie Kohler, Robert Morris, Benjie Chen, John Jannotti, M. Frans Kaashoek, The click modular router ACM Transactions on Computer Systems. ,vol. 18, pp. 263- 297 ,(2000) , 10.1145/354871.354874