Date of this Version
We present a unified declarative platform for specifying, implementing, and analyzing secure networked information systems. Our work builds upon techniques from logic-based trust management systems, declarative networking, and data analysis via provenance. We make the following contributions. First, we propose the secure network datalog (SeNDlog) language that unifies Binder, a logic-based language for access control in distributed systems, and Network Datalog, a distributed recursive query language for declarative networks. SeNDlog enables network routing, information systems, and their security policies to be specified and implemented within a common declarative framework. Second, we extend existing distributed recursive query processing techniques to execute SeNDlog programs that incorporate authenticated communication among untrusted nodes. Third, we demonstrate that distributed network provenance can be supported naturally within our declarative framework for network security analysis and diagnostics. Finally, using a local cluster and the PlanetLab testbed, we perform a detailed performance study of a variety of secure networked systems implemented using our platform.
authorisation, data analysis, distributed processing, information systems, query languages, query processing, telecommunication network routing, Binder, PlanetLab testbed, SeNDlog programs, access control, data analysis, declarative networking, distributed recursive query language, distributed systems, logic-based trust management systems, network datalog, network routing, network security analysis, secure network datalog language, secure networked information systems, unified declarative platform
Date Posted: 30 September 2009