NDLI: Security for middleware extensions: event meta-data for enforcing security policy

Please wait, while we are loading the content...

Security for middleware extensions: event meta-data for enforcing security policy

Content Provider	ACM Digital Library
Author	Rashbass, Jem Shand, Brian
Abstract	As messaging middleware technology matures, users demand increasingly many features, leading to modular middleware architectures. However, extra complexity increases the risk of a security breach, arising from a vulnerability in one module or misconfiguration of the module linkages. This position paper presents a framework for enforcing security policies between middleware modules, which simultaneously facilitates co-design of application and middleware security. For example, a healthcare application might require (1) all clinical data to be encrypted in transit, (2) a log of all messages sent and delivered (revealing no disclosive patient information), and (3) parameterised role based access control on message delivery. In our framework, we can satisfy all of these requirements, even when each feature is implemented as a separate extension module: extensions tag events with meta-data, and this meta-data guides the enforcement of the security policy. Exposing this meta-data to applications can help to unite application and middleware security policy.
Starting Page	31
Ending Page	33
Page Count	3
File Format	PDF
ISBN	9781605583631
DOI	10.1145/1463342.1463348
Language	English
Publisher	Association for Computing Machinery (ACM)
Publisher Date	2008-12-02
Publisher Place	New York
Access Restriction	Subscribed
Subject Keyword	Policy specification Extensions Middleware
Content Type	Text
Resource Type	Article

Sl.	Authority	Responsibilities	Communication Details
1	Ministry of Education (GoI), Department of Higher Education	Sanctioning Authority	https://www.education.gov.in/ict-initiatives
2	Indian Institute of Technology Kharagpur	Host Institute of the Project: The host institute of the project is responsible for providing infrastructure support and hosting the project	https://www.iitkgp.ac.in
3	National Digital Library of India Office, Indian Institute of Technology Kharagpur	The administrative and infrastructural headquarters of the project	Dr. B. Sutradhar bsutra@ndl.gov.in
4	Project PI / Joint PI	Principal Investigator and Joint Principal Investigators of the project	Dr. B. Sutradhar bsutra@ndl.gov.in Prof. Saswat Chakrabarti will be added soon
5	Website/Portal (Helpdesk)	Queries regarding NDLI and its services	support@ndl.gov.in
6	Contents and Copyright Issues	Queries related to content curation and copyright issues	content@ndl.gov.in
7	National Digital Library of India Club (NDLI Club)	Queries related to NDLI Club formation, support, user awareness program, seminar/symposium, collaboration, social media, promotion, and outreach	clubsupport@ndl.gov.in
8	Digital Preservation Centre (DPC)	Assistance with digitizing and archiving copyright-free printed books	dpc@ndl.gov.in
9	IDR Setup or Support	Queries related to establishment and support of Institutional Digital Repository (IDR) and IDR workshops	idr@ndl.gov.in