PrivateFlow: Decentralised Information Flow Control in Event Based Middleware (Demo)
Complex middleware frameworks are made out of interacting components which may include bugs. These frameworks are often extended to provide additional features by third-party extensions that may not be completely trusted and, as a result, compromise the security of the whole platform. Aiming to minimize these problems, we propose a demonstration of PrivateFlow, a publish/subscribe prototype supported by Decentralized Information Flow Control (DIFC). DIFC is a taint-tracking mechanism that can prevent components from leaking information. We will showcase a simple deployment of PrivateFlow that incorporates third-party untrusted components. In our demonstration, one of these components will try to leak sensitive information about the system’s operation and it will fail once DIFC is activated.
3rd ACM International Conference on Distributed Event-Based Systems (DEBS)
Publication Year
Related Projects