Declarative Security
نویسندگان
چکیده
In this paper, we introduce the novel concept of a secure interface deenition compiler (a \se-curity" compiler, for short). We show how interface designers can declare an application's security requirements as part of the interface deenition process, and how a security compiler can automatically generate code that implements security requirements in client stubs and server skeletons. We propose extending interface deenition languages to support security requirement declarations, and we argue that security requirement declarations inherently \belong" in interface deenitions. Just as declarative languages such as SQL have provided application developers a simpliied way to retrieve data from databases, we believe that SIDLs (Secure Interface Deenition Languages) will give application developers a simpliied way to incorporate security into their applications. Finally, we propose several keywords as extensions to CORBA's interface deenition language (IDL) that allow interface designers to declare security requirements of interfaces, and we discuss how support for these keywords can be implemented in existing CORBA systems.
منابع مشابه
The Conundrum of Declarative Security HTTP Response Headers: Lessons Learned
The stringency of attacks has grown simultaneously with the development of the web. To combat some of the new attacks, declarative security has been proposed in the form of HTTP response headers from the server side. The declarative model provides an extensible set of security parameters in form of HTTP responses. In this, browsers can respond with a requested security mechanism. This paper exp...
متن کاملECS 240 Project Report Applying Declarative Networking in Grid Computing
Declarative Networking. Design and implementation of network protocols often give rise to some hard tradeoffs — between extensibility and flexibility on one hand, and robustness and efficiency on the other. Today’s Internet level routing and network management protocols, though robust and extensible, are not easily changeable to meet the demands of new types of applications. In the area of netw...
متن کاملIdeas for Security Assurance in Security Critical Software using Modelica
Due to the increasing number of vulnerabilities in software systems and customers’ need to trust the producers’ development process, third party security evaluations, such as Common Criteria (CC), are today commonly used to provide assurance of security critical software. Modelica is a modern, strongly typed, declarative, and object-oriented language for modeling and simulation of complex syste...
متن کاملA Declarative Approach for Easy Specification and Automated Enforcement of Security Policy
A security policy presents a critical component of the overall security architecture and an essential basis on which an effective and comprehensive security program can be developed. Although, this necessity and this criticality, little progress has been made to improve tools of specification and enforcement of security policy. Too often, existent approaches have been restrictive in many ways. ...
متن کاملStructured Systems Economics for Security Management
We develop an ontological account of information security architectures that is inspired by economic models of trade-offs between confidentiality, integrity, and availability. Our approach clarifies the nature of the trade-offs by making a clear distinction between declarative and operational concepts in security. We integrate this approach with a semantically justified mathematical systems mod...
متن کاملUnified Declarative Platform for Secure Networked Information Systems
We present a unified declarative platform for specifying, implementing, and analyzing secure networked information systems. Our work builds upon techniques from logic-based trust management systems, declarative networking, and data analysis via provenance. We make the following contributions. First, we propose the secure network datalog (SeNDlog) language that unifies Binder, a logic-based lang...
متن کامل