SecureBlox

William R. Marczak, Shan Shan Huang, Martin Bravenboer, Micah Sherr, Boon Thau Loo, Molham Aref
2010 Proceedings of the 2010 international conference on Management of data - SIGMOD '10  
We present SecureBlox, a declarative system that unifies a distributed query processor with a security policy framework. Se-cureBlox decouples security concerns from system specification, allowing easy reconfiguration of a system's security properties to suit a given execution environment. Our implementation of Se-cureBlox is a series of extensions to LogicBlox, an emerging commercial Datalog-based platform for enterprise software systems. SecureBlox enhances LogicBlox to enable distribution
more » ... static meta-programmability, and makes novel use of existing LogicBlox features such as integrity constraints. SecureBlox allows meta-programmability via BloxGenerics-a language extension for compile-time code generation based on the security requirements and trust policies of the deployed environment. We present and evaluate detailed use-cases in which SecureBlox enables diverse applications, including an authenticated declarative routing protocol with encrypted advertisements and an authenticated and encrypted parallel hash join operation. Our results demonstrate Se-cureBlox's abilities to specify and implement a wide range of different security constructs for distributed systems as well as to enable tradeoffs between performance and security.
doi:10.1145/1807167.1807246 dblp:conf/sigmod/MarczakHBSLA10 fatcat:f6jy4fn4onayxmznp5mib44hnu