Security Policies as Membranes in Systems for Global Computing

TL;DR

This paper introduces a framework for global computing that uses membranes as security filters to control code migration and enforce security policies across distributed sites.

Contribution

It presents a novel membrane-based approach to express and enforce security policies in distributed systems, including sophisticated policies considering action counts and order.

Findings

Membranes effectively regulate access and interactions between sites.

The theory can enforce complex security policies involving action sequences.

Framework supports dynamic and trust-based security management.

Abstract

We propose a simple global computing framework, whose main concern is code migration. Systems are structured in sites, and each site is divided into two parts: a computing body, and a membrane, which regulates the interactions between the computing body and the external environment. More precisely, membranes are filters which control access to the associated site, and they also rely on the well-established notion of trust between sites. We develop a basic theory to express and enforce security policies via membranes. Initially, these only control the actions incoming agents intend to perform locally. We then adapt the basic theory to encompass more sophisticated policies, where the number of actions an agent wants to perform, and also their order, are considered.