Security in Multi-domain Event-based SystemsSicherheit in ereignis-basierten Mehrdomänensystemen

Bacon, Jean; Eyers, David; Singh, Jatinder; Shand, Brian; Migliavacca, Matteo; Pietzuch, Peter

doi:10.1524/itit.2009.0552

Cited by 6 publications

(1 citation statement)

References 17 publications

(19 reference statements)

Supporting

Mentioning

Contrasting

Order By: Relevance

“…When health records are exchanged, long-term data security is critical-for a lifetime or more. We have adapted distributed event-based systems to this challenge, by tightly integrating RBAC with publish/subscribe messaging [13,23] along the lines suggested in section 3. Organisational security policy dictates which data flows are allowed; we assume that each domain has at least one trusted event broker node for secure exchange of events, and uses point-to-point communication between domains.…”

Section: Application Case Studies: Progress To Datementioning

confidence: 99%

Enforcing End-to-End Application Security in the Cloud

et al. 2010

Self Cite

View full text Add to dashboard Cite

Security engineering must be integrated with all stages of application specification and development to be effective. Doing this properly is increasingly critical as organisations rush to offload their software services to cloud providers. Service-level agreements (SLAs) with these providers currently focus on performance-oriented parameters, which runs the risk of exacerbating an impedance mismatch with the security middleware. Not only do we want cloud providers to isolate each of their clients from others, we also want to have means to isolate components and users within each client's application. We propose a principled approach to designing and deploying end-toend secure, distributed software by means of thorough, relentless tagging of the security meaning of data, analogous to what is already done for data types. The aim is to guarantee that-above a small trusted code base-data cannot be leaked by buggy or malicious software components. This is crucial for cloud infrastructures, in which the stored data and hosted services all have different owners whose interests are not aligned (and may even be in competition). We have developed data tagging schemes and enforcement techniques that can help form the aforementioned trusted code base. Our big idea-cloud-hosted services that have end-to-end information flow control-preempts worries about security and privacy violations retarding the evolution of large-scale cloud computing.

show abstract

Section: Application Case Studies: Progress To Datementioning

confidence: 99%