Unified Declarative Platform for Secure Networked Information Systems

The authors present a unified declarative platform for specifying, implementing, and analyzing secure networked information systems. The work builds upon techniques from logic-based trust management systems, declarative networking, and data analysis via provenance. They make the following contributions. First, they propose the Secure Network Datalog (SeNDlog) language that unifies Binder, a logic-based language for access control in distributed systems, and Network Datalog, a distributed recursive query language for declarative networks. SeNDlog enables network routing, information systems, and their security policies to be specified and implemented within a common declarative framework. Second, the authors extend existing distributed recursive query processing techniques to execute SeNDlog programs that incorporate authenticated communication among untrusted nodes.