Security for middleware extensions

Subscribe (Full Service)


	Search: The ACM Digital Library The Guide

	Feedback

Security for middleware extensions: event meta-data for enforcing security policy

Full text

Pdf (268 KB)

Source

Middleware Conference archive
Proceedings of the 2008 workshop on Middleware security table of contents

Leuven, Belgium

Pages 31-33

Year of Publication: 2008

ISBN:978-1-60558-363-1

Authors

Brian Shand	Unit C - Magog Court, Shelford Bottom, Cambridge
Jem Rashbass	Unit C - Magog Court, Shelford Bottom, Cambridge

Publisher

ACM New York, NY, USA

Bibliometrics

Downloads (6 Weeks): 1, Downloads (12 Months): 67, Citation Count: 0

Additional Information:

abstract references index terms collaborative colleagues

Tools and Actions:	Review this Article Save this Article to a Binder Display Formats: BibTeX EndNote ACM Ref

DOI Bookmark:	Use this link to bookmark this Article: http://doi.acm.org/10.1145/1463342.1463348 What is a DOI?

ABSTRACT

As messaging middleware technology matures, users demand increasingly many features, leading to modular middleware architectures. However, extra complexity increases the risk of a security breach, arising from a vulnerability in one module or misconfiguration of the module linkages. This position paper presents a framework for enforcing security policies between middleware modules, which simultaneously facilitates co-design of application and middleware security.

For example, a healthcare application might require (1) all clinical data to be encrypted in transit, (2) a log of all messages sent and delivered (revealing no disclosive patient information), and (3) parameterised role based access control on message delivery. In our framework, we can satisfy all of these requirements, even when each feature is implemented as a separate extension module: extensions tag events with meta-data, and this meta-data guides the enforcement of the security policy. Exposing this meta-data to applications can help to unite application and middleware security policy.

REFERENCES

Note: OCR errors may be found in this Reference List extracted from the full text article. ACM has opted to expose the complete List rather than only correct and linked references.

	1	Gianpaolo Cugola , Matteo Migliavacca , Alessandro Monguzzi, On adding replies to publish-subscribe, Proceedings of the 2007 inaugural international conference on Distributed event-based systems, June 20-22, 2007, Toronto, Ontario, Canada [doi>10.1145/1266894.1266918]
	2	M. Fleury and F. Reverbel. The JBoss extensible server. In Middleware 2003, volume 2672 of Lecture Notes in Computer Science, pages 344--373. Springer, 2003.
	3	Object Management Group. The Common Object Request Broker Architecture: Core Spec., Revision 3.0, Dec. 2002.
	4	Peter Pietzuch , David Eyers , Samuel Kounev , Brian Shand, Towards a common API for publish/subscribe, Proceedings of the 2007 inaugural international conference on Distributed event-based systems, June 20-22, 2007, Toronto, Ontario, Canada [doi>10.1145/1266894.1266924]
	5	P. R. Pietzuch, B. Shand, and J. Bacon. Composite Event Detection as a Generic Middleware Extension. IEEE Network Mag., 18(1):44--55, Jan/Feb 2004.
	6	B. Shand and J. Rashbass. Traceability and timeliness in messaging middleware. In OTM Workshops (2), volume 4278 of LNCS, pages 1551--1554. Springer, 2006.
	7	Sun. Java#8482; Message Service, 2001. Available online: http://java.sun.com/products/jms/.
	8	The Caldicott Committee. Report on the Review of Patient-Identifiable Information. UK Dept. of Health, Dec. 1997.
	9	A. Wun and H.-A. Jacobsen. A policy management framework for content-based publish/subscribe middleware. In Middleware, volume 4834 of LNCS, pages 368--388, 2007.