CliSeAu: Decentralized Coordinated Runtime Enforcement of Security in Distributed Systems

Distributed Runtime Enforcement Illustration

CliSeAu is a tool for dynamic enforcement of system-wide security requirements in distributed Java programs. CliSeAu enables one to enforce security requirements in a decentralized yet coordinated fashion. CliSeAu implements the concept of Service Automata developed in the MAIS group. Details about CliSeAu can be found in the key publication about CliSeAu at ICISS 2014, "CliSeAu: Securing Distributed Java Programs by Cooperative Dynamic Enforcement".


System-wide security
CliSeAu enables users to specify policies for enforcing system-wide security properties. We call a property system-wide if it cannot be decomposed into independent properties of the individual agents of a distributed system. An example of a system-wide security property is the Chinese Wall property we consider in our ICISS'14 paper. This property expresses that no user must be able download conflicting files from a distributed storage. The property is system-wide because the absence of conflicting downloads from each individual storage server does not imply the absence of conflicting downloads in the overall distributed storage.
Coordinated decentralized enforcement
CliSeAu supports coordinated decentralized enforcement. When applied to a distributed system, CliSeAu essentially generates one enforcement mechanism for each agent of the distributed system. The mechanisms are capable of coordinating the enforcement among each other. This feature allows them to enforce system-wide security properties. Technically, CliSeAu realizes the cooperation by means of network sockets. The cooperation between the enforcement mechanisms can even be decentralized. That is, there is no need for a central enforcement mechanism (and potential bottleneck) that determines how a property is enforced. We provide an example of decentralized enforcement in the case study contained in our ICISS'14 paper.
Instrumentation of Java programs
CliSeAu deploys enforcement mechanisms to Java programs by means of program instrumentation, i.e., by modification of the program's code. More precisely, CliSeAu performs the instrumentation at the bytecode level. That is, for applying CliSeAu to a given Java program, the source code of the program need not be available - a JAR file comprising the program's bytecode suffices.


CliSeAu combines two architectures. Firstly, there is the architecture of the tool itself. A coarse-grained illustration of this architecture is provided below. The architecture shows that CliSeAu expects as input the JAR files of the distributed target program (the bytecode of the agents) as well as an instantiation of the enforcement capsules (more below). The output of CliSeAu is an instrumented target program, in which each agent (i.e., each non-distributed component of the program) is encapsulated by an enforcement mechanism.

The second architecture behind CliSeAu is the runtime architecture of enforcement capsules. An enforcement capsule is a non-distributed component of a distributed enforcement mechanism generated by CliSeAu. Each such enforcement capsule is applied to an agent of the distributed target program.

More details about CliSeAu can be found in the paper linked above.


The source code of CliSeAu is available under the MIT license and can be downloaded here. This download contains the following parts:

  • CliSeAu itself: The download contains the complete source code of CliSeAu!
  • Example instances: The download provides two instantiations of CliSeAu for enforcing a Chinese Wall security policy on a distributed file storage. In each of the examples, a Java FTP server is used for the file storage (the servers are not included but instructions for downloading them are included).
  • All required Java libraries, except for AspectJ: AspectJ is not included to keep the download size lower.

CliSeAuDroid, the variant of CliSeAu for enforcing local or distributed security properties in Android applications, is available here. The source code of CliSeAuDroid is also available under the MIT license.

Prerequisites and Installation

CliSeAu was developed and tested under Linux with Java 7/8 and AspectJ 1.7.4/1.8.10. Details about further libraries can be found in the README file contained in the root directory of the download.

Instructions for compiling CliSeAu from the source code and for running CliSeAu on the example instances can be found in the contained README file.


A A A | Print | Imprint | Sitemap | Contact
zum Seitenanfang