Abstract
As messaging middleware technology matures, users demand increasingly many features, leading to modular middleware architectures. However, extra complexity increases the risk of a security breach, arising from a vulnerability in one module or misconfiguration of the module linkages. This position paper presents a framework for enforcing security policies between middleware modules, which simultaneously facilitates co-design of application and middleware security. For example, a healthcare application might require (1) all clinical data to be encrypted in transit, (2) a log of all messages sent and delivered (revealing no disclosive patient information), and (3) parameterised role based access control on message delivery. In our framework, we can satisfy all of these requirements, even when each feature is implemented as a separate extension module: extensions tag events with meta-data, and this meta-data guides the enforcement of the security policy. Exposing this meta-data to applications can help to unite application and middleware security policy.
Original language | English |
---|---|
Title of host publication | Proceedings of the 2008 Workshop on Middleware Security, MidSec 2008 |
Publisher | Association for Computing Machinery, Inc |
Pages | 31-33 |
Number of pages | 3 |
ISBN (Electronic) | 9781605583631 |
DOIs | |
Publication status | Published - 2 Dec 2008 |
Externally published | Yes |
Event | 1st Workshop on Middleware Security, MidSec 2008 - Leuven, Belgium Duration: 2 Dec 2008 → … |
Publication series
Name | Proceedings of the 2008 Workshop on Middleware Security, MidSec 2008 |
---|
Conference
Conference | 1st Workshop on Middleware Security, MidSec 2008 |
---|---|
Country/Territory | Belgium |
City | Leuven |
Period | 2/12/08 → … |
Bibliographical note
Publisher Copyright:Copyright 2008 ACM.
Keywords
- Extensions
- Middleware
- Policy specification