Abstract

Policy enforcement, or making sure that software behaves in line with a set of rules, is a problem of interest for developers and users alike. In a single machine environment, the reference monitor has been a well-researched model for enforcing policies. However, applying the same reference model in distributed applications is complicated by the presence of multiple users and concerns, and by the dynamism of the system and policies. This thesis deals with building, assessing and configuring a tool for distributed policy enforcement that acts at application runtime. In a service-oriented architecture setting, the thesis proposes a set of adaptive middleware controls able to enact policies across applications. A core contribution of this thesis is the first message-level enforcing mechanism for access and usage control policies across services. In line with the idea that no security mechanism can be perfect from the beginning, the thesis also proposes a method to assess and amend how correctly a security mechanism acts across a distributed system. Another contribution is the first method to configure an authorisation system to satisfy conflicting security and performance requirements. This approach is based on the observation that policy violations can be caused by inappropriately fitting the enforcing mechanisms onto a target system. Putting these three contributions together gives a set of middleware tools to enforce cross-service policies in a dynamic environment. These tools make the user in control over continuous and improvable security policy enforcement.