Software Engineering for Distributed systems Security: A practical approach based on problem-oriented language paradigm

Abstract

Securing distributed systems remains a significant challenge for several reasons. First, the security features required in an application may depend on the environment in which the application is operating, the type of data exchanged, and the capability of the end-points of communication. Second, the security mechanisms deployed could apply to both communication and application layers in the system, making it difficult to understand and manage overall system security. This paper presents a policy-based approach to meeting these needs. We propose a framework based on a Domain-Specific Language for the specification, verification and implementation of security policies for distributed systems. Based on a set of abstractions, this framework allows to develop modular security policies and independent of the underlying system. Thus, security policies can be developed by a developer who is not necessarily computer security expert.

 Keywords: DSL, Security policy, compilation, specification, verification, implementation