Distributed middleware enforcement of event flow security policy

Matteo Migliavacca*, Ioannis Papagiannis, David M. Eyers, Brian Shand, Jean Bacon, Peter Pietzuch

*Corresponding author for this work

Research output: Chapter in Book/Report/Conference proceedingConference contributionpeer-review

9 Citations (Scopus)


Distributed, event-driven applications that process sensitive user data and involve multiple organisational domains must comply with complex security requirements. Ideally, developers want to express security policy for such applications in data-centric terms, controlling the flow of information throughout the system. Current middleware does not support the specification of such end-to-end security policy and lacks uniform mechanisms for enforcement. We describe DEFCON-POLICY, a middleware that enforces security policy in multi-domain, event-driven applications. Event flow policy is expressed in a high-level language that specifies permitted flows between distributed software components. The middleware limits the interaction of components based on the policy and the data that components have observed. It achieves this by labelling data and assigning privileges to components. We evaluate DEFCON-POLICY in a realistic medical scenario and demonstrate that it can provide global security guarantees without burdening application developers.

Original languageEnglish
Title of host publicationMiddleware 2010 - ACM/IFIP/USENIX 11th International Middleware Conference, Proceedings
Number of pages21
Publication statusPublished - 2010
Externally publishedYes
EventACM/IFIP/USENIX 11th International Middleware Conference, Middleware 2010 - Bangalore, India
Duration: 29 Nov 20103 Dec 2010

Publication series

NameLecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume6452 LNCS
ISSN (Print)0302-9743
ISSN (Electronic)1611-3349


ConferenceACM/IFIP/USENIX 11th International Middleware Conference, Middleware 2010


  • Event-based middleware
  • Information flow control
  • Multi-domain distributed applications
  • Security policy


Dive into the research topics of 'Distributed middleware enforcement of event flow security policy'. Together they form a unique fingerprint.

Cite this