SmartFlow: Secure Event-Based Middleware

Healthcare providers world-wide are developing electronic solutions to improve patient care and reduce costs. This is a complex and challenging endeavour: such systems need to integrate many distributed and heterogeneous applications and coordinate widely distributed operations as events occur, such as the referral of a patient from a GP to a specialist clinic. All of this has to be done without compromising patient safety and privacy. Not surprisingly, healthcare IT efforts in many countries suffer from cost explosion and project overruns.

In healthcare systems, middleware software acts as the "plumbing" that interconnects the various applications. A major problem is that commercial, off-the-shelf middleware used for this task is inflexible and unable to adapt to the special requirements of the medical domain. For example, a healthcare system must audit all access to a patient's records as they flow through the network and yet the audit data must not itself compromise confidentiality. This kind of confidential audit is not supported by current middleware, yet the best place to reliably provide these guarantees is at the middleware level. Similarly, a haematology department would need to detect patterns of events: abnormal blood results sent to the electronic patient notes. Again, middleware support for this does not exist, yet would be vital for an efficient solution.

A major challenge in supporting such novel middleware functionality is that there is no single set of services that covers all application requirements. Instead, middleware functionality must evolve as new applications are added to a healthcare infrastructure.


The focus of the project is to address this challenge with research into an extendable, event-based middleware architecture, SmartFlow, which can securely integrate heterogeneous systems and provide a framework for dynamically managing middleware extensions.

Large and heterogeneous applications link independent hospital departments with varying middleware requirements, including features unique to clinical environments. Since medical applications must respond quickly to numerous simultaneous events, applications coordinate all activity by sending and receiving messages using an event-driven approach.

By pushing this functionality into an intelligent middleware layer, all applications in a medical system can use these services, thus simplifying application design and deployment and improving performance. As new departments with new applications (and requirements) join the system, units can be added dynamically to SmartFlow nodes in a secure and consistent manner. To describe a middleware and its configurations, we devise a formalism that can capture high-level middleware features, their decomposition into lower-level SmartFlow units, and the dependencies and exclusion relationships between them.

Research in the SmartFlow project has focused in three separate, but closely related areas.

DEFCon: a Secure Event Based Middleware Model

Following the original SmartFlow promise for a secure event-driven kernel, DEFCon is our model for building secure, event-based applications in Java. DEFCon introduces the Decentralised Even Flow Control (DEFC) model to track and limit the dissemination of information during event processing.

PHP Aspis: a Tool to Prevent Web Injection Attacks

Research on PHP Aspis aims to provide practical methods for securing the web elements of applications. Inspired by the same information tracking methods used in DEFCon, PHP Aspis transparently hardens existing PHP applications and prevents code injection attacks such as Cross Site Scripting or SQL Injection.

SafeWeb: a Middleware for Securing Ruby-based Web Applications

SafeWeb combines the lessons from DEFCon and PHP Aspis to built a secure and easy to maintain middleware that facilitates application development at the NHS' Eastern Cancer Registry and Information Center (ECRIC).

EPSRC (2008-2012)
Ioannis Papagiannis (Facebook)
Matteo Migliavacca (University of Kent)

Related Publications

Matteo Migliavacca, Ioannis Papagiannis, David M. Eyers, Brian Shand, Jean Bacon, and Peter Pietzuch
USENIX Annual Technical Conference (ATC), 2010
Boston, MA, USA
Matteo Migliavacca, Ioannis Papagiannis, David M. Eyers, Brian Shand, Jean Bacon, and Peter Pietzuch
ACM/IFIP/USENIX 11th International Middleware Conference (Middleware), 2010
Bangalore, India
Jean Bacon, David Evans, David M. Eyers, Matteo Migliavacca, Peter Pietzuch, and Brian Shand
ACM/IFIP/USENIX 11th International Middleware Conference (Middleware), 2010
Bangalore, India
Ioannis Papagiannis, Matteo Migliavacca, David M. Eyers, Brian Shand, Jean Bacon, and Peter Pietzuch
Web 2.0 Security and Privacy (W2SP), 2010
Oakland, CA, USA
David M. Eyers, Ben Robert, Jean Bacon, Matteo Migliavacca, Ioannis Papagiannis, Peter Pietzuch, and Brian Shand
10th International ACM/IFIP/USENIX Middleware Conference (Middleware), 2009
Urbana Champaign, Illinois, USA
Ioannis Papagiannis, Matteo Migliavacca, and Peter Pietzuch
2nd USENIX Conference on Web Application Development (WebApps), 2011
Portland, OR, USA
Ioannis Papagiannis, Jean Bacon, David Eyers, Matteo Migliavacca, Peter Pietzuch, and Brian Shand
3rd ACM International Conference on Distributed Event-Based Systems (DEBS), 2009
Nashville, TN, USA
Petr Hosek, Matteo Migliavacca, Ioannis Papagiannis, David Eyers, David Evans, Brian Shand, Jean Bacon, and Peter Pietzuch
ACM/IFIP/USENIX 12th International Middleware Conference (Middleware), 2011
Lisbon, Portugal
Matteo Migliavacca, Peter Pietzuch, Jean Bacon, David Eyers, Jatinder Sigh, and Brian Shand
Information Technology (, 2009
Volume 51, Number 5, Munich/Germany, p.277-284
Kuen Hung Tsoi, Ioannis Papagiannis, Matteo Migliavacca, Wayne Luk, and Peter Pietzuch
Many-Core and Reconfigurable Supercomputing Conference (MRSC), 2010
Rome, Italy
Jean Bacon, David Eyers, Peter Pietzuch, and Jatinder Singh
Tutorial Paper. Proceedings of the 2nd International Conference on Distributed Event-Based Systems (DEBS), 2008
Rome, Italy