Security policy and information sharing in distributed event-based systems

Brian Shand*, Peter Pietzuch, Ioannis Papagiannis, Ken Moody, Matteo Migliavacca, David M. Eyers, Jean Bacon

*Corresponding author for this work

Research output: Chapter in Book/Report/Conference proceedingChapterpeer-review

9 Citations (Scopus)


Linking security policy into event-based systems allows formal reasoning about information security. In the applications we address, highly confidential data must be shared both dynamically and for historical analysis. Principals with rights to access the data may be widely distributed, existing in a federation of independent administrative domains. Domain managers are responsible for the data held within domains and transmitted from them; security policy must be specified and enforced in order to meet these obligations. We motivate the event-driven paradigm and take healthcare as a running example, because the confidentiality of healthcare data must be guaranteed over many years. We first consider how to enforce authorisation policy at the client level through parametrised role-based access control (RBAC), taking context into account. We then discuss the additional requirements for secure information flow through the infrastructure components that contribute to communication within and between distributed domains. Finally, we show how this approach supports reasoning about event security in large-scale distributed systems.

Original languageEnglish
Title of host publicationReasoning in Event-Based Distributed Systems
Number of pages22
Publication statusPublished - 2011
Externally publishedYes

Publication series

NameStudies in Computational Intelligence
ISSN (Print)1860-949X


Dive into the research topics of 'Security policy and information sharing in distributed event-based systems'. Together they form a unique fingerprint.

Cite this