Declarative Secure Distributed Systems
Boon Thau Loo, UPenn
In this talk, I present our recent work on using declarative languages to specify, implement, and analyze secure distributed systems. In the first half of the talk, I first describe Secure Network Datalog (SeNDlog), a declarative language that unifies declarative networking and logic-based access control languages. SeNDlog enables network routing, distributed systems, and their security policies to be specified and implemented within a common declarative framework. Next, I will describe two use cases of SeNDlog: (1) an extensible platform for Application-Aware Anonymity (A3), and (2) a secure distributed data processing system developed jointly with LogicBlox, a startup company that has developed a Datalog-based platform for enterprise software systems. In the second half of the talk, I introduce the notion of network provenance naturally captured within our declarative framework, and demonstrate its applicability in the areas of network debugging, analysis and trust management. I further discuss ongoing work at optimizing distributed query processors in order to process and maintain network provenance efficiently and securely. Details of this project and our research group are available at http://netdb.cis.upenn.edu/.