Skip to Main Content
Distributed applications are becoming increasingly common. However, incorporating security in them remains a major challenge. There are currently few choices to express and enforce security in distributed systems. We can either use a special-purpose language which may be too limited to express security requirements, or use a general purpose language that provides the ability to make complicated security policy but makes us reimplement infrastructure code for authorization, interdiction, obligation and so on with each new security policy. In this paper, we introduce a domain-specific language approach that takes the middle road, giving a way to reuse security infrastructure for new policies while also allowing the expression of complicated security policy easily. We present our DSL approach and and apply it to a real-world scenario: specification and implementation of security policy.
Date of Conference: 25-31 Aug. 2007