title = {{SecureBlox: Customizable Secure Distributed Data Processing}},
  author = {William R. Marczak and Shan Shan Huang and Martin Bravenboer and
  Micah Sherr and Boon Thau Loo and Molham Aref},
  year = {2010},
  booktitle = {ACM SIGMOD International Conference on Management of Data
  month = {June},
  abstract = {We present SecureBlox, a declarative system that unifies a
  distributed query processor with a security policy framework.  In SecureBlox,
  programmers compose existing mechanisms to compactly specify and reconfigure
  security policies.  Our implementation of SecureBlox is a series of
  extensions to LogicBlox, an emerging commercial Datalog-based platform for
  enterprise software systems, with enhancements to enable distribution,
  integrity constraints and static meta-programmability.  SecureBlox allows
  meta-programmability via BloxGenerics---a language extension for compile-time
  code generation based on the security requirements and trust policies of the
  deployed environment. We present and evaluated detailed use-cases where
  SecureBlox enables applications such as an authenticated declarative routing
  protocol with encrypted advertisements and an authenticated and encrypted
  parallel hash join operation.  Our results demonstrateSecureBlox's ability to
  specify and implement a wide range of differentsecurity constructs for
  distributed systems, and enable tradeoffs between performance and security.}

  title = {{A3: An Extensible Platform for Application-Aware Anonymity}},
  author = {Micah Sherr and Andrew Mao and William R. Marczak and Wenchao Zhou
  and Boon Thau Loo and Matt Blaze},
  year = {2010},
  booktitle = {Network and Distributed System Security Symposium (NDSS)},
  month = {February},
  abstract = {This paper presents the design and implementation of
  Application-Aware Anonymity (A3), an extensible platform for applications to
  deploy anonymity-based services on the Internet. A3 allows applications to
  tailor their anonymity properties and performance characteristics according
  to their specific communication requirements.  For example, A3 permits an
  anonymous voice-over-IP application to produce anonymous paths with low
  latency and jitter, while providing anonymous file transfer applications with
  high bandwidth (but not necessarily low latency or jitter) routes.

  To support flexible path construction, A3 exposes a declarative language
  (A3Log) that enables applications to compactly specify path selection and
  instantiation policies which are then executed using a declarative networking
  engine.  We demonstrate that our declarative language is sufficiently
  versatile to represent novel multi-metric performance constraints as well as
  existing relay selection algorithms used by Tor and other anonymity systems,
  using only a few lines of concise code.  In addition to specifying relay
  selection strategies, senders are able to use our declarative techniques to
  construct anonymous tunnels according to their specifications (for example,
  via Onion Routing or Crowds).  We experimentally evaluate the A3 system using
  a combination of trace-driven simulations and deployment on PlanetLab. Our
  experimental results demonstrate that the A3 system can flexibly support a
  wide range of path selection and instantiation strategies at low performance

  title = {{Dedalus: Datalog in Time and Space}},
  author = {Peter Alvaro and William R. Marczak and Neil Conway and Joseph M.
  Hellerstein and David Maier and Russell C. Sears},
  institution = {EECS Department, University of California, Berkeley},
  number = {UCB/EECS-2009-173},
  year = {2009},
  month = {December},
  url = {http://www.eecs.berkeley.edu/Pubs/TechRpts/2009/EECS-2009-173.html},
  abstract = {Recent research has explored using Datalog-based languages to
  express a distributed system as a set of logical invariants. Two properties
  of distributed systems proved difficult to model in Datalog. First, the state
  of any such system evolves with its execution. Second, deductions in these
  systems may be arbitrarily delayed, dropped, or reordered by the unreliable
  network links they must traverse. Previous efforts addressed the former by
  extending Datalog to include updates, key constraints, persistence and
  events, and the latter by assuming ordered and reliable delivery while
  ignoring delay. These details have a semantics outside Datalog, which
  increases the complexity of the language or its interpretation, and forces
  programmers to think operationally. We argue that the missing component from
  these previous languages is a notion of time.

  In this paper we present Dedalus, a foundation language for programming and
  reasoning about distributed systems. Dedalus reduces to a subset of Datalog
  with negation, aggregate functions, successor and choice, and admits an
  explicit representation of time into the logic language. We show that Dedalus
  provides a declarative foundation for the two signature features of
  distributed systems: mutable state, and asynchronous processing and
  communication. Given these two features, we address three important
  properties of programs in a domain-specific manner: a notion of safety
  appropriate to non-terminating computations, stratified monotonic reasoning
  with negation over time, and efficient evaluation over time via a simple
  execution strategy. We also provide conservative syntactic checks for our
  temporal notions of safety and stratification. Our experience implementing
  full-featured systems in variants of Datalog suggests that Dedalus is
  well-suited to the specification of rich distributed services and protocols,
  and provides both cleaner semantics and richer tests of correctness.}

  title = {{Declarative Reconfigurable Trust Management}},
  author = {William R. Marczak and David Zook and Wenchao Zhou and Molham Aref
  and Boon Thau Loo},
  year = {2009},
  booktitle = {Conference on Innovative Data Systems Research (CIDR)},
  month = {January},
  abstract = {In recent years, there has been a proliferation of declarative
  logic-based trust management languages and systems proposed to ease the
  description, configuration, and enforcement of security policies. These
  systems have different tradeoffs in expressiveness and complexity, depending
  on the security constructs (e.g. authentication, delegation, secrecy, etc.)
  that are supported, and the assumed trust level and scale of the execution
  environment. In this paper, we present LBTrust, a unified declarative system
  for reconfigurable trust management, where various security constructs can be
  customized and composed in a declarative fashion. We present an initial
  proof-of-concept implementation of LBTrust using LogicBlox, an emerging
  commercial Datalog-based platform for enterprise software systems. The
  LogicBlox language enhances Datalog in a variety of ways, including
  constraints and meta-programming, as well as support for programmer-defined
  constraints on the meta-model itself -- meta-constraints -- which act to
  restrict the set of allowable programs. LBTrust utilizes LogicBlox's
  meta-programming and meta-constraints to enable customizable cryptographic,
  partitioning and distribution strategies based on the execution environment.
  We present use cases of LBTrust based on three trust management systems
  (Binder, D1LP, and Secure Network Datalog), and provide a preliminary
  evaluation of a Binder-based trust management system.}