Automating information flow control in component-based distributed systems

Abstract

Automating the construction of secure distributed systems becomes necessary. Indeed, developing security code requires a deep expertise and verifying that the developed code respects the specified policy is a tedious task. In this paper, we define a toolkit called CIF (Component Information Flow) that automates the development of secure distributed systems. The developer defines the security properties through a policy configuration file. When this configuration is validated, that is no security leak is detected, the system security code is generated. A performance evaluation of an implemented use case shows the effectiveness of the approach.