SecureBlox: Customizable Secure Distributed Data Processing.
William R. Marczak, Shan Shan Huang, Martin Bravenboer, Micah Sherr, Boon Thau Loo, and Molham Aref.
ACM SIGMOD International Conference on Management of Data (SIGMOD), Jun 2010.
We present SecureBlox, a declarative system that unifies a
distributed query processor with a security policy framework. In SecureBlox,
programmers compose existing mechanisms to compactly specify and reconfigure
security policies. Our implementation of SecureBlox is a series of
extensions to LogicBlox, an emerging commercial Datalog-based platform for
enterprise software systems, with enhancements to enable distribution,
integrity constraints and static meta-programmability. SecureBlox allows
meta-programmability via BloxGenerics--a language extension for compile-time
code generation based on the security requirements and trust policies of the
deployed environment. We present and evaluated detailed use-cases where
SecureBlox enables applications such as an authenticated declarative routing
protocol with encrypted advertisements and an authenticated and encrypted
parallel hash join operation. Our results demonstrateSecureBlox's ability to
specify and implement a wide range of differentsecurity constructs for
distributed systems, and enable tradeoffs between performance and security.
A3: An Extensible Platform for Application-Aware Anonymity.
Micah Sherr, Andrew Mao, William R. Marczak, Wenchao Zhou, and Boon Thau Loo.
Network and Distributed System Security Symposium (NDSS), Mar 2010.
This paper presents the design and implementation of
Application-Aware Anonymity (A3), an extensible platform for applications to
deploy anonymity-based services on the Internet. A3 allows applications to
tailor their anonymity properties and performance characteristics according
to their specific communication requirements. For example, A3 permits an
anonymous voice-over-IP application to produce anonymous paths with low
latency and jitter, while providing anonymous file transfer applications with
high bandwidth (but not necessarily low latency or jitter) routes.
To support flexible path construction, A3 exposes a declarative language
(A3Log) that enables applications to compactly specify path selection and
instantiation policies which are then executed using a declarative networking
engine. We demonstrate that our declarative language is sufficiently
versatile to represent novel multi-metric performance constraints as well as
existing relay selection algorithms used by Tor and other anonymity systems,
using only a few lines of concise code. In addition to specifying relay
selection strategies, senders are able to use our declarative techniques to
construct anonymous tunnels according to their specifications (for example,
via Onion Routing or Crowds). We experimentally evaluate the A3 system using
a combination of trace-driven simulations and deployment on PlanetLab. Our
experimental results demonstrate that the A3 system can flexibly support a
wide range of path selection and instantiation strategies at low performance
Dedalus: Datalog in Time and Space.
Peter Alvaro, William R. Marczak, Neil Conway, Joseph M. Hellerstein, David Maier, and Russell C. Sears.
Technical Report UCB/EECS-2009-173, EECS Department, University of California, Berkeley, Dec 2009.
Recent research has explored using Datalog-based languages to
express a distributed system as a set of logical invariants. Two properties
of distributed systems proved difficult to model in Datalog. First, the state
of any such system evolves with its execution. Second, deductions in these
systems may be arbitrarily delayed, dropped, or reordered by the unreliable
network links they must traverse. Previous efforts addressed the former by
extending Datalog to include updates, key constraints, persistence and
events, and the latter by assuming ordered and reliable delivery while
ignoring delay. These details have a semantics outside Datalog, which
increases the complexity of the language or its interpretation, and forces
programmers to think operationally. We argue that the missing component from
these previous languages is a notion of time.
In this paper we present Dedalus, a foundation language for programming and
reasoning about distributed systems. Dedalus reduces to a subset of Datalog
with negation, aggregate functions, successor and choice, and admits an
explicit representation of time into the logic language. We show that Dedalus
provides a declarative foundation for the two signature features of
distributed systems: mutable state, and asynchronous processing and
communication. Given these two features, we address three important
properties of programs in a domain-specific manner: a notion of safety
appropriate to non-terminating computations, stratified monotonic reasoning
with negation over time, and efficient evaluation over time via a simple
execution strategy. We also provide conservative syntactic checks for our
temporal notions of safety and stratification. Our experience implementing
full-featured systems in variants of Datalog suggests that Dedalus is
well-suited to the specification of rich distributed services and protocols,
and provides both cleaner semantics and richer tests of correctness.
Declarative Reconfigurable Trust Management.
William R. Marczak, David Zook, Wenchao Zhou, Molham Aref, and Boon Thau Loo.
Conference on Innovative Data Systems Research (CIDR), Jan 2009.
In recent years, there has been a proliferation of declarative
logic-based trust management languages and systems proposed to ease the
description, configuration, and enforcement of security policies. These
systems have different tradeoffs in expressiveness and complexity, depending
on the security constructs (e.g. authentication, delegation, secrecy, etc.)
that are supported, and the assumed trust level and scale of the execution
environment. In this paper, we present LBTrust, a unified declarative system
for reconfigurable trust management, where various security constructs can be
customized and composed in a declarative fashion. We present an initial
proof-of-concept implementation of LBTrust using LogicBlox, an emerging
commercial Datalog-based platform for enterprise software systems. The
LogicBlox language enhances Datalog in a variety of ways, including
constraints and meta-programming, as well as support for programmer-defined
constraints on the meta-model itself -- meta-constraints -- which act to
restrict the set of allowable programs. LBTrust utilizes LogicBlox's
meta-programming and meta-constraints to enable customizable cryptographic,
partitioning and distribution strategies based on the execution environment.
We present use cases of LBTrust based on three trust management systems
(Binder, D1LP, and Secure Network Datalog), and provide a preliminary
evaluation of a Binder-based trust management system.