Declarative secure distributed information systems

We present a unified declarative platform for specifying, implementing, and analyzing secure networked information systems. Our work builds upon techniques from logic-based trust management systems and declarative networking. We make the following contributions. First, we propose the Secure Network Datalog (SeNDlog) language that unifies Binder, a logic-based language for access control in distributed systems, and Network Datalog, a distributed recursive query language for declarative networks. SeNDlog enables network routing, information systems, and their security policies to be specified and implemented within a common declarative framework. Second, we extend existing distributed recursive query processing techniques to execute SeNDlogprograms that incorporate secure communication via authentication and encryption among untrusted nodes. Third, we demonstrate the use of user-defined cryptographic functions for customizing the authentication and encryption mechanisms used for securing protocols. Finally, using a local cluster and the PlanetLab testbed, we perform a detailed performance study of a variety of secure networked systems implemented using our platform.

► Unified declarative framework for distributed systems and their security policies.
► Secure distributed query processing that enables authentication and encryption.
► Customizable security constructs based on user-defined cryptographic functions.
► Prototype implementation and evaluation on a variety of distributed systems.