NGNI-Small: Declarative Secure Networked Information Systems
University Of Pennsylvania, Philadelphia PA
Investigators
Abstract
The goal of this project is to develop a declarative language and system for specifying, implementing, analyzing and auditing large-scale secure information systems. The project unifies three bodies of work: logic-based trust management languages, database query languages for declarative networks, and database techniques for analyzing data computations via the concept of provenance or lineage. The first part of the project investigates the design of the Secure Network Datalog (SeNDlog) language that unifies the declarative networking and logic-based access control languages. A declarative networking system with security extensions is developed to execute SeNDlog programs to implement a variety of secure networked information systems. The second part of the project applies the use of data provenance in networks for performing real-time network diagnostics and forensics. This project studies optimization techniques for computing network provenance efficiently, and analyzes opportunities presented in the unified framework across network protocols, security policies, and distributed information systems. The broader impact of this work is a unified extensible platform for developing and analyzing next-generation secure information-centric networks, including authenticated Internet-scale routing infrastructures, scalable content-based networks, and secure distributed data management systems. A graduate course titled Networking-meets-Databases is created to explore synergistic topics at the intersection of these two areas, drawing practical experiences and use cases from the project. Publications, technical reports, software and experimental data from this research are disseminated via the project web site (http://www.cis.upenn.edu/~boonloo/decsec/).
View original record on NSF Award Search →