| Abstract | Developing distributed applications is a difficult task. It is
further complicated if system-wide security policies shall be
specified and enforced, or if both data and hosts are owned by
principals that do not fully trust each other, as is typically the case in
service-oriented or grid-based scenarios. Language-based
technologies have been suggested to support developers of those
applications---the \emph{Decentralized Label Model} and \emph{Secure
Program Partitioning} allow to annotate programs with security
specifications, and to partition the annotated program
across a set of hosts, obeying both the annotations and the trust
relation between the principals. The resulting applications
guarantee \emph{by construction} that safety and confidentiality of
both data and computations are ensured. In this work, we develop a
generalised version of the splitting framework, that is parametrised
in the trust component, and show the result of specialising it with
different trust models. We also develop a metric to measure the
quality of the result of the partitioning process. |