Declarative Security
|
Abstract:
In this paper, we introduce the novel concept of a secure interface definition compiler (a "security " compiler, for short). We show how interface designers can declare an application's security requirements as part of the interface definition process, and how a security compiler can automatically generate code that implements security requirements in client stubs and server skeletons. We propose extending interface definition languages to support security requirement declarations, and we argue that security requirement declarations inherently "belong " in interface definitions. Just as declarative languages such as SQL have provided application developers a simplified way to retrieve data from databases, we believe that SIDLs (Secure Interface Definition Languages) will give application developers a simplified way to incorporate security into their applications. Finally, we propose several keywords as extensions to CORBA's interface definition language (IDL) that allow interface designers to declare security requirements of interfaces, and we discuss how support for these keywords can be implemented in existing CORBA systems. Keywords: distributed systems, security, declarative languages, interface definition language, CORBA,
Citations
| 271 | CORBA: Integrating diverse applications within distributed heterogeneous environments – Vinoski - 1997 |
| 248 | Kerberos: An authentication service for computer networks – Neuman, Ts’o - 1994 |
