SecureBlox: Customizable Secure Distributed Data Processing.
William R. Marczak, Shan Shan Huang, Martin Bravenboer, Micah Sherr, Boon Thau Loo, and Molham Aref.
ACM SIGMOD International Conference on Management of Data (SIGMOD), Jun 2010.
We present SecureBlox, a declarative system that unifies a distributed query processor with a security policy framework. In SecureBlox, programmers compose existing mechanisms to compactly specify and reconfigure security policies. Our implementation of SecureBlox is a series of extensions to LogicBlox, an emerging commercial Datalog-based platform for enterprise software systems, with enhancements to enable distribution, integrity constraints and static meta-programmability. SecureBlox allows meta-programmability via BloxGenerics--a language extension for compile-time code generation based on the security requirements and trust policies of the deployed environment. We present and evaluated detailed use-cases where SecureBlox enables applications such as an authenticated declarative routing protocol with encrypted advertisements and an authenticated and encrypted parallel hash join operation. Our results demonstrateSecureBlox's ability to specify and implement a wide range of differentsecurity constructs for distributed systems, and enable tradeoffs between performance and security.

A3: An Extensible Platform for Application-Aware Anonymity.
Micah Sherr, Andrew Mao, William R. Marczak, Wenchao Zhou, and Boon Thau Loo.
Network and Distributed System Security Symposium (NDSS), Mar 2010.
This paper presents the design and implementation of Application-Aware Anonymity (A3), an extensible platform for applications to deploy anonymity-based services on the Internet. A3 allows applications to tailor their anonymity properties and performance characteristics according to their specific communication requirements. For example, A3 permits an anonymous voice-over-IP application to produce anonymous paths with low latency and jitter, while providing anonymous file transfer applications with high bandwidth (but not necessarily low latency or jitter) routes.

To support flexible path construction, A3 exposes a declarative language (A3Log) that enables applications to compactly specify path selection and instantiation policies which are then executed using a declarative networking engine. We demonstrate that our declarative language is sufficiently versatile to represent novel multi-metric performance constraints as well as existing relay selection algorithms used by Tor and other anonymity systems, using only a few lines of concise code. In addition to specifying relay selection strategies, senders are able to use our declarative techniques to construct anonymous tunnels according to their specifications (for example, via Onion Routing or Crowds). We experimentally evaluate the A3 system using a combination of trace-driven simulations and deployment on PlanetLab. Our experimental results demonstrate that the A3 system can flexibly support a wide range of path selection and instantiation strategies at low performance overhead.

Dedalus: Datalog in Time and Space.
Peter Alvaro, William R. Marczak, Neil Conway, Joseph M. Hellerstein, David Maier, and Russell C. Sears.
Technical Report UCB/EECS-2009-173, EECS Department, University of California, Berkeley, Dec 2009.
Recent research has explored using Datalog-based languages to express a distributed system as a set of logical invariants. Two properties of distributed systems proved difficult to model in Datalog. First, the state of any such system evolves with its execution. Second, deductions in these systems may be arbitrarily delayed, dropped, or reordered by the unreliable network links they must traverse. Previous efforts addressed the former by extending Datalog to include updates, key constraints, persistence and events, and the latter by assuming ordered and reliable delivery while ignoring delay. These details have a semantics outside Datalog, which increases the complexity of the language or its interpretation, and forces programmers to think operationally. We argue that the missing component from these previous languages is a notion of time.

In this paper we present Dedalus, a foundation language for programming and reasoning about distributed systems. Dedalus reduces to a subset of Datalog with negation, aggregate functions, successor and choice, and admits an explicit representation of time into the logic language. We show that Dedalus provides a declarative foundation for the two signature features of distributed systems: mutable state, and asynchronous processing and communication. Given these two features, we address three important properties of programs in a domain-specific manner: a notion of safety appropriate to non-terminating computations, stratified monotonic reasoning with negation over time, and efficient evaluation over time via a simple execution strategy. We also provide conservative syntactic checks for our temporal notions of safety and stratification. Our experience implementing full-featured systems in variants of Datalog suggests that Dedalus is well-suited to the specification of rich distributed services and protocols, and provides both cleaner semantics and richer tests of correctness.

Declarative Reconfigurable Trust Management.
William R. Marczak, David Zook, Wenchao Zhou, Molham Aref, and Boon Thau Loo.
Conference on Innovative Data Systems Research (CIDR), Jan 2009.
In recent years, there has been a proliferation of declarative logic-based trust management languages and systems proposed to ease the description, configuration, and enforcement of security policies. These systems have different tradeoffs in expressiveness and complexity, depending on the security constructs (e.g. authentication, delegation, secrecy, etc.) that are supported, and the assumed trust level and scale of the execution environment. In this paper, we present LBTrust, a unified declarative system for reconfigurable trust management, where various security constructs can be customized and composed in a declarative fashion. We present an initial proof-of-concept implementation of LBTrust using LogicBlox, an emerging commercial Datalog-based platform for enterprise software systems. The LogicBlox language enhances Datalog in a variety of ways, including constraints and meta-programming, as well as support for programmer-defined constraints on the meta-model itself -- meta-constraints -- which act to restrict the set of allowable programs. LBTrust utilizes LogicBlox's meta-programming and meta-constraints to enable customizable cryptographic, partitioning and distribution strategies based on the execution environment. We present use cases of LBTrust based on three trust management systems (Binder, D1LP, and Secure Network Datalog), and provide a preliminary evaluation of a Binder-based trust management system.