Declarative secure distributed information systems

We present a unified declarative platform for specifying, implementing, and analyzing secure networked information systems. Our work builds upon techniques from logic-based trust management systems and declarative networking. We make the following contributions. First, we propose the Secure Network Datalog (SeNDlog) language that unifies Binder, a logic-based language for access control in distributed systems, and Network Datalog, a distributed recursive query language for declarative networks. SeNDlog enables network routing, information systems, and their security policies to be specified and implemented within a common declarative framework. Second, we extend existing distributed recursive query processing techniques to execute SeNDlog-programs that incorporate secure communication via authentication and encryption among untrusted nodes. Third, we demonstrate the use of user-defined cryptographic functions for customizing the authentication and encryption mechanisms used for securing protocols. Finally, using a local cluster and the PlanetLab testbed, we perform a detailed performance study of a variety of secure networked systems implemented using our platform. (c) 2012 Elsevier Ltd. All rights reserved.