More Web Proxy on the site http://driver.im/

research-article

SecureBlox: customizable secure distributed data processing

Authors:

William R. Marczak,

Shan Shan Huang,

Martin Bravenboer,

Molham ArefAuthors Info & Claims

SIGMOD '10: Proceedings of the 2010 ACM SIGMOD International Conference on Management of data

Pages 723 - 734

https://doi.org/10.1145/1807167.1807246

Published: 06 June 2010 Publication History

Abstract

We present SecureBlox, a declarative system that unifies a distributed query processor with a security policy framework. SecureBlox decouples security concerns from system specification, allowing easy reconfiguration of a system's security properties to suit a given execution environment. Our implementation of SecureBlox is a series of extensions to LogicBlox, an emerging commercial Datalog-based platform for enterprise software systems. SecureBlox enhances LogicBlox to enable distribution and static meta-programmability, and makes novel use of existing LogicBlox features such as integrity constraints. SecureBlox allows meta-programmability via BloxGenerics - a language extension for compile-time code generation based on the security requirements and trust policies of the deployed environment. We present and evaluate detailed use-cases in which SecureBlox enables diverse applications, including an authenticated declarative routing protocol with encrypted advertisements and an authenticated and encrypted parallel hash join operation. Our results demonstrate SecureBlox's abilities to specify and implement a wide range of different security constructs for distributed systems as well as to enable tradeoffs between performance and security.

References

[1]

Cassandra: Distributed Access Control Policies with Tunable Expressiveness. In Proceedings of the Fifth IEEE International Workshop on Policies for Distributed Systems and Networks (POLICY), page 159. IEEE Computer Society, 2004.

Digital Library

[2]

M. Abadi. On Access Control, Data Integration, and Their Languages. In Computer Systems: Theory, Technology and Applications, A Tribute to Roger Needham, pages 9--14. Springer-Verlag, 2004.

[3]

M. Abadi and B. T. Loo. Towards a Declarative Language and System for Secure Networking. In Proceedings of the Third USENIX International Workshop on Networking Meets Databases (NetDB), pages 1--6. USENIX Association, 2007.

Digital Library

[4]

P. Alvaro, T. Condie, N. Conway, K. Elmeleegy, J. M. Hellerstein, and R. C. Sears. BOOM Analytics: Exploring Data-Centric, Declarative Programming for the Cloud. In EuroSys, 2010.

Digital Library

[5]

P. Alvaro, T. Condie, N. Conway, J. M. Hellerstein, and R. C. Sears. I Do Declare: Consensus in a Logic Language. In Proceedings of the Fifth International Workshop on Networking Meets Databases (NetDB), 2009.

[6]

M. Blaze, J. Feigenbaum, and J. Lacy. Decentralized Trust Management. In Proceedings of the 1996 IEEE Symposium on Security and Privacy (SP), page 164. IEEE Society, 1996.

Digital Library

[7]

M. Bravenboer and Y. Smaragdakis. Exception Analysis and Points-To Analysis: Better Together. In Proceedings of the Eighteenth International Symposium on Software Testing and Analysis (ISSTA), pages 1--12. ACM, 2009.

Digital Library

[8]

M. Bravenboer and Y. Smaragdakis. Strictly Declarative Specification of Sophisticated Points-To Analyses. In Proceeding of the Twenty-Fourth ACM SIGPLAN Conference on Object Oriented Programming Systems Languages and Applications (OOPSLA), pages 243--262. ACM, 2009.

Digital Library

[9]

W. F. Clocksin and C. S. Melish. Programming in Prolog. Springer-Verlag, 1987.

Digital Library

[10]

T. Condie, D. Chu, J. M. Hellerstein, and P. Maniatis. Evita Raced: Metacompilation for Declarative Networks. Proceedings of the VLDB Endowment (PVLDB), 1(1):1153--1165, 2008.

Digital Library

[11]

J. DeTreville. Binder, a Logic-Based Security Language. In Proceedings of the 2002 IEEE Symposium on Security and Privacy (SP), page 105. IEEE Computer Society, 2002.

Digital Library

[12]

A. Deutsch, A. Nash, and J. Remmel. The Chase Revisited. In Proceedings of the Twenty-Seventh ACM SIGMOD-SIGACT-SIGART Symposium on Principles of Database Systems (PODS), pages 149--158. ACM, 2008.

Digital Library

[13]

R. Dingledine, N. Mathewson, and P. Syverson. Tor: The Second-Generation Onion Router. In Proceedings of the Thirteenth conference on USENIX Security Symposium (SSYM), pages 21--21. USENIX Association, 2004.

Digital Library

[14]

R. Geambasu, S. Gribble, and H. M. Levy. CloudViews: Communal Data Sharing in Public Clouds. In Workshop on Hot Topics in Cloud Computing (HotCloud), 2009.

Digital Library

[15]

A. Gupta, I. S. Mumick, and V. S. Subrahmanian. Maintaining Views Incrementally. In Proceedings of the 1993 ACM SIGMOD International Conference on Management of Data (SIGMOD), pages 157--166. ACM, 1993.

Digital Library

[16]

R. Huebsch, J. M. Hellerstein, N. Lanham, B. T. Loo, S. Shenker, and I. Stoica. Querying the Internet with PIER. In Proceedings of the Twenty-Ninth International Conference on Very Large Data Bases (VLDB), pages 321--332. VLDB Endowment, 2003.

Digital Library

[17]

T. Jim. SD3: A Trust Management System with Certified Evaluation. In Proceedings of the 2001 IEEE Symposium on Security and Privacy (SP), page 106. IEEE Computer Society, 2001.

Digital Library

[18]

B. Lampson, M. Abadi, M. Burrows, and E. Wobber. Authentication in Distributed Systems: Theory and Practice. ACM Transactions on Computer Systems (TOCS), 10(4):265--310, 1992.

Digital Library

[19]

N. Li, B. N. Grosof, and J. Feigenbaum. Delegation Logic: A Logic-Based Approach to Distributed Authorization. ACM Transactions on Information and System Security, 6(1):128--171, 2003.

Digital Library

[20]

LogicBlox Inc. http://www.logicblox.com/.

[21]

B. T. Loo, T. Condie, M. Garofalakis, D. E. Gay, J. M. Hellerstein, P. Maniatis, R. Ramakrishnan, T. Roscoe, and I. Stoica. Declarative Networking: Language, Execution and Optimization. In Proceedings of the 2006 ACM SIGMOD International Conference on Management of Data (SIGMOD), pages 97--108. ACM, 2006.

Digital Library

[22]

B. T. Loo, T. Condie, J. M. Hellerstein, P. Maniatis, T. Roscoe, and I. Stoica. Implementing Declarative Overlays. In Proceedings of the Twentieth ACM Symposium on Operating Systems Principles (SOSP), pages 75--90. ACM, 2005.

Digital Library

[23]

B. T. Loo, J. M. Hellerstein, I. Stoica, and R. Ramakrishnan. Declarative Routing: Extensible Routing with Declarative Queries. In Proceedings of the 2005 Conference on Applications, Technologies, Architectures, and Protocols for Computer Communications (SIGCOMM), pages 289--300. ACM, 2005.

Digital Library

[24]

W. R. Marczak, D. Zook, W. Zhou, M. Aref, and B. T. Loo. Declarative Reconfigurable Trust Management. In Fourth Biennial Conference on Innovative Data Systems Research (CIDR), 2009.

[25]

M. Meier, M. Schmidt, and G. Lausen. On Chase Termination Beyond Stratification. Proceedings of the VLDB Endowment (PVLDB), 2(1):970--981, 2009.

Digital Library

[26]

Predictix. http://www.predictix.com/.

[27]

Semmle. http://semmle.com/.

[28]

Who uses Tor? https://www.torproject.org/torusers.html.en.

[29]

W. Zhou, Y. Mao, B. T. Loo, and M. Abadi. Unified Declarative Platform for Secure Networked Information Systems. In Proceedings of the 2009 IEEE International Conference on Data Engineering (ICDE), pages 150--161. IEEE Computer Society, 2009.

Digital Library

Cited By

Greco SMolinaro C(2022)Datalog and Logic DatabasesundefinedOnline publication date: 25-Feb-2022
Nappa PZhao DSubotić PScholz B(2019)Fast Parallel Equivalence Relations in a Datalog CompilerProceedings of the International Conference on Parallel Architectures and Compilation Techniques10.1109/PACT.2019.00015(82-96)Online publication date: 23-Sep-2019
Greco SMolinaro C(2015)Datalog and Logic DatabasesSynthesis Lectures on Data Management10.2200/S00648ED1V01Y201505DTM0417:2(1-169)Online publication date: 5-Nov-2015
Show More Cited By

Index Terms

SecureBlox: customizable secure distributed data processing

Recommendations

Combining Joint and Semi-Join Operations for Distributed Query Processing

The application of a combination of join and semi-join operations to minimize the amount of data transmission required for distributed query processing is discussed. Specifically, two important concepts that occur with the use of join operations as ...
Decidable containment of recursive queries
Database theory

One of the most important reasoning tasks on queries is checking containment, i.e., verifying whether one query yields necessarily a subset of the result of another one. Query containment is crucial in several contexts, such as query optimization, query ...
Generating query plans for distributed query processing using genetic algorithm
ICICA'11: Proceedings of the Second international conference on Information Computing and Applications

Query Processing is a key determinant in the overall performance of distributed databases. It requires processing of data at their respective sites and transmission of the same between them. These together constitute a distributed query processing ...

Comments

Please enable JavaScript to view thecomments powered by Disqus.

Information & Contributors

Information

Published In

cover image ACM Conferences

SIGMOD '10: Proceedings of the 2010 ACM SIGMOD International Conference on Management of data

June 2010

1286 pages

ISBN:9781450300322

DOI:10.1145/1807167

General Chair:
Ahmed Elmagarmid
Purdue University, USA
,
Program Chair:
Divyakant Agrawal
University of California at Santa Barbara, USA

Copyright © 2010 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Sponsors

SIGMOD: ACM Special Interest Group on Management of Data

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 06 June 2010

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article

Conference

SIGMOD/PODS '10

Sponsor:

SIGMOD

SIGMOD/PODS '10: International Conference on Management of Data

June 6 - 10, 2010

Indiana, Indianapolis, USA

Acceptance Rates

Overall Acceptance Rate 785 of 4,003 submissions, 20%

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

10
Total Citations
View Citations
514
Total Downloads

Downloads (Last 12 months)4
Downloads (Last 6 weeks)0

Reflects downloads up to 13 Dec 2024

Other Metrics

View Author Metrics

Citations

Cited By

Greco SMolinaro C(2022)Datalog and Logic DatabasesundefinedOnline publication date: 25-Feb-2022
Nappa PZhao DSubotić PScholz B(2019)Fast Parallel Equivalence Relations in a Datalog CompilerProceedings of the International Conference on Parallel Architectures and Compilation Techniques10.1109/PACT.2019.00015(82-96)Online publication date: 23-Sep-2019
Greco SMolinaro C(2015)Datalog and Logic DatabasesSynthesis Lectures on Data Management10.2200/S00648ED1V01Y201505DTM0417:2(1-169)Online publication date: 5-Nov-2015
Wu YChen AHaeberlen AZhou WLoo Bde Oliveira JSmith JArgyraki KLevis P(2015)Automated Network Repair with Meta ProvenanceProceedings of the 14th ACM Workshop on Hot Topics in Networks10.1145/2834050.2834112(1-7)Online publication date: 16-Nov-2015
Martínez-Angeles CDutra ICosta VBuenabad-Chávez J(2014)A Datalog Engine for GPUsDeclarative Programming and Knowledge Management10.1007/978-3-319-08909-6_10(152-168)Online publication date: 12-Jul-2014
Köhler SLudäscher BSmaragdakis Y(2012)Declarative datalog debugging for mere mortalsProceedings of the Second international conference on Datalog in Academia and Industry10.1007/978-3-642-32925-8_12(111-122)Online publication date: 11-Sep-2012
Green TAref MKarvounarakis G(2012)LogicBlox, platform and languageProceedings of the Second international conference on Datalog in Academia and Industry10.1007/978-3-642-32925-8_1(1-8)Online publication date: 11-Sep-2012
Loo BGill HLiu CMao YMarczak WSherr MWang AZhou W(2012)Recent advances in declarative networkingProceedings of the 14th international conference on Practical Aspects of Declarative Languages10.1007/978-3-642-27694-1_1(1-16)Online publication date: 23-Jan-2012
Huang SGreen TLoo BSellis TMiller RKementsietsidis AVelegrakis Y(2011)Datalog and emerging applicationsProceedings of the 2011 ACM SIGMOD International Conference on Management of data10.1145/1989323.1989456(1213-1216)Online publication date: 12-Jun-2011
Zhou WSherr MMarczak WZhang ZTao TLoo BLee IMeng XChen YXu JLu J(2010)Towards a data-centric view of cloud securityProceedings of the second international workshop on Cloud data management10.1145/1871929.1871934(25-32)Online publication date: 30-Oct-2010

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Media

Figures

Other

Tables

View Table of Contents