We propose and evaluate a novel framework for enforcing global coordination and control policies over message passing software components in enterprise computing environments. This framework combines the use of firewalls, both per-node software and dedicated firewalls, with an existing coordination and control system to enforce policies that, among other properties, are stateful and communal. The firewalls act as a set of distributed reference monitors that filter messages exchanged between the interacting software components. The coordination and control system coordinates the firewalls to enforce a specific set of policies, passing only messages allowed by these policies. Filtering decisions may be based on credentials presented to the coordination and control system as well as system state accumulated over time. This filtering approach decouples coordination and control from application implementation, allowing the coordination and control mechanism and application implementations t...
Tuan Phan, Zhijun He, Thu D. Nguyen