CliSeAu: Decentralized Coordinated Runtime Enforcement of Security in Distributed Systems

Distributed Runtime Enforcement Illustration

CliSeAu is a tool for dynamic enforcement of system-wide security requirements in distributed Java programs. CliSeAu enables one to enforce security requirements in a decentralized yet coordinated fashion. CliSeAu implements the concept of Service Automata developed in the MAIS group. Details about CliSeAu can be found in the key publication about CliSeAu at ICISS 2014, "CliSeAu: Securing Distributed Java Programs by Cooperative Dynamic Enforcement".

Overview

System-wide security
CliSeAu enables users to specify policies for enforcing system-wide security properties. We call a property system-wide if it cannot be decomposed into independent properties of the individual agents of a distributed system. An example of a system-wide security property is the Chinese Wall property we consider in our ICISS'14 paper. This property expresses that no user must be able download conflicting files from a distributed storage. The property is system-wide because the absence of conflicting downloads from each individual storage server does not imply the absence of conflicting downloads in the overall distributed storage.
Coordinated decentralized enforcement
CliSeAu supports coordinated decentralized enforcement. When applied to a distributed system, CliSeAu essentially generates one enforcement mechanism for each agent of the distributed system. The mechanisms are capable of coordinating the enforcement among each other. This feature allows them to enforce system-wide security properties. Technically, CliSeAu realizes the cooperation by means of network sockets. The cooperation between the enforcement mechanisms can even be decentralized. That is, there is no need for a central enforcement mechanism (and potential bottleneck) that determines how a property is enforced. We provide an example of decentralized enforcement in the case study contained in our ICISS'14 paper.
Instrumentation of Java programs
CliSeAu deploys enforcement mechanisms to Java programs by means of program instrumentation, i.e., by modification of the program's code. More precisely, CliSeAu performs the instrumentation at the bytecode level. That is, for applying CliSeAu to a given Java program, the source code of the program need not be available - a JAR file comprising the program's bytecode suffices.

Architectures

CliSeAu combines two architectures. Firstly, there is the architecture of the tool itself. A coarse-grained illustration of this architecture is provided below. The architecture shows that CliSeAu expects as input the JAR files of the distributed target program (the bytecode of the agents) as well as an instantiation of the enforcement capsules (more below). The output of CliSeAu is an instrumented target program, in which each agent (i.e., each non-distributed component of the program) is encapsulated by an enforcement mechanism.

The second architecture behind CliSeAu is the runtime architecture of enforcement capsules. An enforcement capsule is a non-distributed component of a distributed enforcement mechanism generated by CliSeAu. Each such enforcement capsule is applied to an agent of the distributed target program.

More details about CliSeAu can be found in the paper linked above.

Download

CliSeAu can be obtained by downloading CliSeAu-20141008.tar.gz (1.9MB). This download contains the following parts:

  • CliSeAu itself: The download contains the complete source code of CliSeAu!
  • Example instances: The download provides two instantiations of CliSeAu for enforcing a Chinese Wall security policy on a distributed file storage. In each of the examples, a Java FTP server is used for the file storage (the servers are not included but instructions for downloading them are included).
  • All required Java libraries, except for AspectJ: AspectJ is not included to keep the download size lower.

Prerequisites and Installation

CliSeAu was developed and tested under Linux with Java 7 and AspectJ 1.7.4. Details about further libraries can be found in the README file contained in the root directory of the download.

Instructions for compiling CliSeAu from the source code and for running CliSeAu on the example instances can be found in the contained README file.

Publications

  • Johannes Schickel. Using File-Correlation to Accelerate Decision-Making in a Decentralized Cooperative Security Enforcement. Master Thesis, TU Darmstadt, 2016.
    BibTeX entry ]
  • Moritz Tiedje. Design and Evaluation of Profiling Methods for the Distributed Enforcement Mechanism CliSeAu. Bachelor Thesis, TU Darmstadt, 2015.
    BibTeX entry ]
  • Dominic Scheurer. Enforcing Datalog Policies with Service Automata on Distributed Version Control Systems. Bachelor Thesis, TU Darmstadt, 2013.
    BibTeX entry ]
  • Richard Gay, Heiko Mantel and Barbara Sprick. Service Automata. In Post-Proceedings of the 8th International Workshop on Formal Aspects of Security and Trust (FAST 2011). LNCS 7140, pages 148-163. Springer, 2012.
    BibTeX entry | PDF | Proofs ]
  • Sogol Mazaheri. Race Conditions in Distributed Enforcement at the Example of Online Social Networks. Bachelor Thesis, TU Darmstadt, 2012.
    BibTeX entry ]
  • Florian Wendel. An Evaluation of Delegation Strategies for Coordinated Enforcement. Bachelor Thesis, TU Darmstadt, 2012.
    BibTeX entry ]
A A A | Print | Imprint | Sitemap | Contact
zum Seitenanfang