Secure program partitioning has been introduced as a language-based technique to allow the distribution of data and computation across mutualy untrusted hosts, while at the same time guaranteeing the protection of confidential data. Programs that have been annotated with security types are automaticaly partitioned by the compiler. The main drawback in this setting is that both the trust hierarchy and the set of hosts are fixed once the program has been partitioned. This paper suggests an enhanced version of the partitioning framework, where the trust relation stil remains fixed, but the partitioning compiler becomes a part of the network and can recompile applications, thus alowing hosts to enter or leave the framework. We contend that this setting is superior to static partitioning, since it allows redistribution of data and computations. This is especialy beneficial if the new host alows data and computations to better fulfil the trust requirements of the users. Erasure Policies ensure that the original host of the redistributed data or computation does not store the data any longer.
|Title of host publication||Nordic Workshop in Secure IT-Systems|
|Publication status||Published - 2005|