Departmental Papers (CIS)

Document Type

Conference Paper

Date of this Version

6-2010

Comments

Marczak, W., Huang, S., Bravenboer, M., SHerr, M., Loo, B., & Aref, M., SecureBlox: Customizable Secure Distributed Data Processing, ACM SIGMOD International Conference on Management of Data, June 2010, doi: 10.1145/1807167.1807246

© 1994, 1995, 1998, 2002, 2009 by ACM, Inc. Permission to copy and distribute this document is hereby granted provided that this notice is retained on all copies, that copies are not altered, and that ACM is credited when the material is used to form other copyright policies.

Abstract

We present SecureBlox, a declarative system that unifies a distributed query processor with a security policy framework. SecureBlox decouples security concerns from system specification, allowing easy reconfiguration of a system’s security properties to suit a given execution environment. Our implementation of SecureBlox is a series of extensions to LogicBlox, an emerging commercial Datalog-based platform for enterprise software systems. SecureBlox enhances LogicBlox to enable distribution and static meta-programmability, and makes novel use of existing LogicBlox features such as integrity constraints. SecureBlox allows meta-programmability via BloxGenerics–a language extension for compile-time code generation based on the security requirements and trust policies of the deployed environment. We present and evaluate detailed use-cases in which SecureBlox enables diverse applications, including an authenticated declarative routing protocol with encrypted advertisements and an authenticated and encrypted parallel hash join operation. Our results demonstrate SecureBlox’s abilities to specify and implement a wide range of different security constructs for distributed systems as well as to enable tradeoffs between performance and security.

Share

COinS
 

Date Posted: 26 July 2012