Large-scale distributed systems require new middleware paradigms that do not suffer from the limitations of traditional request/reply middleware. These limitations include tight coupling between components, a lack of information filtering capabilities, and support for one-to-one communication semantics only. We argue that event-based middleware is a… (More)
Motivation and idea. Distributed applications in use today, such as monitoring systems (e.g. Ganglia), data-parallel processing frameworks (e.g. Hadoop) and replicated databases (e.g. MySQL), were originally developed for use in clusters. Cluster applications often assume that the network is well-provisioned and its usage is effectively free, as long as it… (More)
OASIS is a distributed RBAC implementation with many extensions. Sound policy design will permit OASIS to protect the distributed resources whose access privileges it controls. However, through operating in a distributed environment, the underlying OASIS infrastructure is open to a number of potential attacks. This paper identifies three main classes of… (More)
The publish/subscribe (pub/sub) communications paradigm is suitable for building large-scale, widely distributed applications. Distributed pub/sub middleware scales well because it decouples communicating clients. However, complete decoupling of clients make it more challenging to design distributed applications using pub/sub middleware: often clients want… (More)
Information Flow Control (IFC) extends conventional access control beyond application boundaries, and allows control of data flows after a point of authorised data disclosure. In a deployment of IFC within a cloud operating system (OS), the IFC implementation can be trusted by applications running over the same OS instance. In an IFC deployment within a… (More)
Computing is becoming increasingly ubiquitous. To fully re-alise the potential of emerging distributed systems, it must be possible to manage and bring together (coordinate) system components in various ways—perhaps for purposes and in circumstances not contemplated by their designers. Therefore , we believe that the application logic embodied in components… (More)
—Security concerns are widely seen as an obstacle to the adoption of cloud computing solutions. Information Flow Control (IFC) is a well understood Mandatory Access Control methodology. The earliest IFC models targeted security in a centralised environment, but decentralised forms of IFC have been designed and implemented, often within academic research… (More)
storage of legal precedents using a minimal deontic ontology, for computer assisted legal document querying. A model of OASIS role-based access control and its support for active security.