Secure Dynamic Program Repartitioning

Rene Rydhoff Hansen, Christian W. Probst

AbstractSecure program partitioning has been introduced as a language-based technique to allow the distribution of data and computation across mutualy untrusted hosts, while at the same time guaranteeing the protection of confidential data. Programs that have been annotated with security types are automaticaly partitioned by the compiler. The main drawback in this setting is that both the trust hierarchy and the set of hosts are fixed once the program has been partitioned. This paper suggests an enhanced version of the partitioning framework, where the trust relation stil remains fixed, but the
partitioning compiler becomes a part of the network and can recompile applications, thus alowing hosts to enter or leave the framework. We contend that this setting is superior to static partitioning, since it allows redistribution of data and computations. This is especialy beneficial if the new host alows data and computations to better fulfil the trust requirements of the users. Erasure Policies ensure that the original host of the redistributed data or computation does not store the data any longer.
KeywordsSecure Program Partitioning, Erasure Policies, Distributed Computation
TypeConference paper [With referee]
EditorsNordic Workshop in Secure IT-Systems
Year2005
Electronic version(s)[pdf]
BibTeX data [bibtex]
IMM Group(s)Computer Science & Engineering