Departmental Papers (CIS)

Date of this Version


Document Type

Conference Paper


Marczak, W., Huang, S., Bravenboer, M., SHerr, M., Loo, B., & Aref, M., SecureBlox: Customizable Secure Distributed Data Processing, ACM SIGMOD International Conference on Management of Data, June 2010, doi: 10.1145/1807167.1807246

© 1994, 1995, 1998, 2002, 2009 by ACM, Inc. Permission to copy and distribute this document is hereby granted provided that this notice is retained on all copies, that copies are not altered, and that ACM is credited when the material is used to form other copyright policies.


We present SecureBlox, a declarative system that unifies a distributed query processor with a security policy framework. SecureBlox decouples security concerns from system specification, allowing easy reconfiguration of a system’s security properties to suit a given execution environment. Our implementation of SecureBlox is a series of extensions to LogicBlox, an emerging commercial Datalog-based platform for enterprise software systems. SecureBlox enhances LogicBlox to enable distribution and static meta-programmability, and makes novel use of existing LogicBlox features such as integrity constraints. SecureBlox allows meta-programmability via BloxGenerics–a language extension for compile-time code generation based on the security requirements and trust policies of the deployed environment. We present and evaluate detailed use-cases in which SecureBlox enables diverse applications, including an authenticated declarative routing protocol with encrypted advertisements and an authenticated and encrypted parallel hash join operation. Our results demonstrate SecureBlox’s abilities to specify and implement a wide range of different security constructs for distributed systems as well as to enable tradeoffs between performance and security.



Date Posted: 26 July 2012