PrivateFlow: decentralised information flow control in event based middleware

14 years 6 months ago

Download www.doc.ic.ac.uk

Complex middleware frameworks are made out of interacting components which may include bugs. These frameworks are often extended to provide additional features by thirdparty extensions that may not be completely trusted and, as a result, compromise the security of the whole platform. Aiming to minimize these problems, we propose a demonstration of PrivateFlow, a publish/subscribe prototype supported by Decentralized Information Flow Control (DIFC). DIFC is a taint-tracking mechanism that can prevent components from leaking information. We will showcase a simple deployment of PrivateFlow that incorporates third-party untrusted components. In our demonstration, one of these components will try to leak sensitive information about the system’s operation and it will fail once DIFC is activated.

Ioannis Papagiannis, Matteo Migliavacca, Peter R.

Real-time Traffic

Complex Middleware Frameworks | DEBS 2009 | Distributed And Parallel Computing | Information Flow Control | Third-party Untrusted Components |

claim paper

Post Info
More Details (n/a)

Added	28 May 2010
Updated	28 May 2010
Type	Conference
Year	2009
Where	DEBS
Authors	Ioannis Papagiannis, Matteo Migliavacca, Peter R. Pietzuch, Brian Shand, David M. Eyers, Jean Bacon

Comments (0)

Sciweavers

PrivateFlow: decentralised information flow control in event based middleware

Complex Middleware Frameworks | DEBS 2009 | Distributed And Parallel Computing | Information Flow Control | Third-party Untrusted Components |

Explore & Download

Productivity Tools

Document Tools

Image Tools

Sciweavers