A DSL Framework for Policy-based Security of Distributed Systems
Securing distributed systems remains a significant challenge for several reasons. First, the security features required in an application may depend on the environment in which the application is operating, the type of data exchanged, and the capability of the end-points of communication. Second, the security mechanisms deployed could apply to both communication and application layers in the system, making it difficult to understand and manage overall systeM security. This paper presents a policy-based approach to meeting these needs. We propose a framework based on a Domain-Specific Language for the specification, verification and implementation of security policies for distributed systems. Based on a set of abstractions, this framework allows to develop modular security policies and independent of the underlying system. Thus, security policies can be developed by a developer who is not necessarily computer security expert.
DSL Security policy compilation specification verification implementation
Hedi HAMDI Mohamed Mosbah
Universite de Bordeaux, LaBRI 351, cours de la Liberation F-33405 Talence cedex, France Universite de Bordeaux, LaBRI 351,cours de la Liberation F-33405 Talence cedex, France
国际会议
上海
英文
150-158
2009-07-08(万方平台首次上网日期,不代表论文的发表时间)