Security for middleware extensions: Event meta-data for enforcing security policy

Brian Shand, Jem Rashbass

Research output: Chapter in Book/Report/Conference proceedingConference contributionpeer-review

4 Citations (Scopus)

Abstract

As messaging middleware technology matures, users demand increasingly many features, leading to modular middleware architectures. However, extra complexity increases the risk of a security breach, arising from a vulnerability in one module or misconfiguration of the module linkages. This position paper presents a framework for enforcing security policies between middleware modules, which simultaneously facilitates co-design of application and middleware security. For example, a healthcare application might require (1) all clinical data to be encrypted in transit, (2) a log of all messages sent and delivered (revealing no disclosive patient information), and (3) parameterised role based access control on message delivery. In our framework, we can satisfy all of these requirements, even when each feature is implemented as a separate extension module: extensions tag events with meta-data, and this meta-data guides the enforcement of the security policy. Exposing this meta-data to applications can help to unite application and middleware security policy.

Original languageEnglish
Title of host publicationProceedings of the 2008 Workshop on Middleware Security, MidSec 2008
PublisherAssociation for Computing Machinery, Inc
Pages31-33
Number of pages3
ISBN (Electronic)9781605583631
DOIs
Publication statusPublished - 2 Dec 2008
Externally publishedYes
Event1st Workshop on Middleware Security, MidSec 2008 - Leuven, Belgium
Duration: 2 Dec 2008 → …

Publication series

NameProceedings of the 2008 Workshop on Middleware Security, MidSec 2008

Conference

Conference1st Workshop on Middleware Security, MidSec 2008
Country/TerritoryBelgium
CityLeuven
Period2/12/08 → …

Bibliographical note

Publisher Copyright:
Copyright 2008 ACM.

Keywords

  • Extensions
  • Middleware
  • Policy specification

Fingerprint

Dive into the research topics of 'Security for middleware extensions: Event meta-data for enforcing security policy'. Together they form a unique fingerprint.

Cite this