@conference {34, title = {PrivateFlow: Decentralised Information Flow Control in Event Based Middleware (Demo)}, booktitle = {3rd ACM International Conference on Distributed Event-Based Systems (DEBS)}, year = {2009}, month = {07/2009}, publisher = {ACM}, organization = {ACM}, address = {Nashville, TN, USA}, abstract = {Complex middleware frameworks are made out of interacting components which may include bugs. These frameworks are often extended to provide additional features by third-party extensions that may not be completely trusted and, as a result, compromise the security of the whole platform. Aiming to minimize these problems, we propose a demonstration of PrivateFlow, a publish/subscribe prototype supported by Decentralized Information Flow Control (DIFC). DIFC is a taint-tracking mechanism that can prevent components from leaking information. We will showcase a simple deployment of PrivateFlow that incorporates third-party untrusted components. In our demonstration, one of these components will try to leak sensitive information about the system{\textquoteright}s operation and it will fail once DIFC is activated.}, keywords = {smartflow}, url = {http://www.doc.ic.ac.uk/~prp/doc/debs09-privateflow-demo.pdf}, author = {Ioannis Papagiannis and Jean Bacon and David Eyers and Matteo Migliavacca and Peter Pietzuch and Brian Shand} }