skip to main content
10.1145/1463342.1463348acmotherconferencesArticle/Chapter ViewAbstractPublication PagesmiddlewareConference Proceedingsconference-collections
research-article

Security for middleware extensions: event meta-data for enforcing security policy

Published: 02 December 2008 Publication History

Abstract

As messaging middleware technology matures, users demand increasingly many features, leading to modular middleware architectures. However, extra complexity increases the risk of a security breach, arising from a vulnerability in one module or misconfiguration of the module linkages. This position paper presents a framework for enforcing security policies between middleware modules, which simultaneously facilitates co-design of application and middleware security.
For example, a healthcare application might require (1) all clinical data to be encrypted in transit, (2) a log of all messages sent and delivered (revealing no disclosive patient information), and (3) parameterised role based access control on message delivery. In our framework, we can satisfy all of these requirements, even when each feature is implemented as a separate extension module: extensions tag events with meta-data, and this meta-data guides the enforcement of the security policy. Exposing this meta-data to applications can help to unite application and middleware security policy.

References

[1]
G. Cugola, M. Migliavacca, and A. Monguzzi. On adding replies to publish-subscribe. In Int'l Conf. on Distributed Event-Based Systems, DEBS 2007, pages 128--138, 2007.
[2]
M. Fleury and F. Reverbel. The JBoss extensible server. In Middleware 2003, volume 2672 of Lecture Notes in Computer Science, pages 344--373. Springer, 2003.
[3]
Object Management Group. The Common Object Request Broker Architecture: Core Spec., Revision 3.0, Dec. 2002.
[4]
P. R. Pietzuch, D. M. Eyers, S. Kounev, and B. Shand. Towards a common api for publish/subscribe. In DEBS 2007, pages 152--157, 2007.
[5]
P. R. Pietzuch, B. Shand, and J. Bacon. Composite Event Detection as a Generic Middleware Extension. IEEE Network Mag., 18(1):44--55, Jan/Feb 2004.
[6]
B. Shand and J. Rashbass. Traceability and timeliness in messaging middleware. In OTM Workshops (2), volume 4278 of LNCS, pages 1551--1554. Springer, 2006.
[7]
Sun. Java#8482; Message Service, 2001. Available online: http://java.sun.com/products/jms/.
[8]
The Caldicott Committee. Report on the Review of Patient-Identifiable Information. UK Dept. of Health, Dec. 1997.
[9]
A. Wun and H.-A. Jacobsen. A policy management framework for content-based publish/subscribe middleware. In Middleware, volume 4834 of LNCS, pages 368--388, 2007.

Cited By

View all
  • (2024)MiSIS: An HL7 FHIR Middleware for Healthcare Information SystemsComputational Science and Its Applications – ICCSA 202410.1007/978-3-031-64608-9_16(243-260)Online publication date: 2-Jul-2024
  • (2021)Middleware for Healthcare Systems: A Systematic MappingComputational Science and Its Applications – ICCSA 202110.1007/978-3-030-87013-3_30(394-409)Online publication date: 10-Sep-2021
  • (2019)Achilles’ heel of plug-and-Play software architectures: a grounded theory based approachProceedings of the 2019 27th ACM Joint Meeting on European Software Engineering Conference and Symposium on the Foundations of Software Engineering10.1145/3338906.3338969(671-682)Online publication date: 12-Aug-2019
  • Show More Cited By

Recommendations

Comments

Information & Contributors

Information

Published In

cover image ACM Other conferences
MidSec '08: Proceedings of the 2008 workshop on Middleware security
December 2008
48 pages
ISBN:9781605583631
DOI:10.1145/1463342
Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 02 December 2008

Permissions

Request permissions for this article.

Check for updates

Author Tags

  1. extensions
  2. middleware
  3. policy specification

Qualifiers

  • Research-article

Conference

Middleware '08

Contributors

Other Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

  • Downloads (Last 12 months)1
  • Downloads (Last 6 weeks)0
Reflects downloads up to 10 Feb 2025

Other Metrics

Citations

Cited By

View all
  • (2024)MiSIS: An HL7 FHIR Middleware for Healthcare Information SystemsComputational Science and Its Applications – ICCSA 202410.1007/978-3-031-64608-9_16(243-260)Online publication date: 2-Jul-2024
  • (2021)Middleware for Healthcare Systems: A Systematic MappingComputational Science and Its Applications – ICCSA 202110.1007/978-3-030-87013-3_30(394-409)Online publication date: 10-Sep-2021
  • (2019)Achilles’ heel of plug-and-Play software architectures: a grounded theory based approachProceedings of the 2019 27th ACM Joint Meeting on European Software Engineering Conference and Symposium on the Foundations of Software Engineering10.1145/3338906.3338969(671-682)Online publication date: 12-Aug-2019
  • (2009)On securing publish-subscribe systems with security groups2009 IEEE Symposium on Computers and Communications10.1109/ISCC.2009.5202278(532-537)Online publication date: Jul-2009

View Options

Login options

View options

PDF

View or Download as a PDF file.

PDF

eReader

View online with eReader.

eReader

Figures

Tables

Media

Share

Share

Share this Publication link

Share on social media