A Uniform Approach to Programming the World Wide Web

We propose a uniform model for programming distributed Web applications. The model is based on the concept of Web computation places and provides mechanisms to coordinate distributed computations at these places, including peer-to-peer communication between places and a uniform mechanism to initiate computation in remote places. Computations can interact with the flow of HTTP requests and responses, typically as clients, proxies or servers in the Web architecture. We have implemented the model using the global pointers and remote service requests provided by the Nexus communication library. We present the model and its rationale, with some illustrative examples, and we describe the implementation

The Price of Safety in an Active Network

Security is a major challenge for "Active Networking," accessible programmability creates numerous opportunities for mischief. The point at which programmability is exposed, e.g., through the loading and execution of code in network elements, must therefore be carefully crafted to ensure security. The SwitchWare active networking research project has studied the architectural implications of various tradeoffs between performance and security. Namespace protection and type safety were achieved with a module loader for active networks, ALIEN, which carefully delineated boundaries for privilege and dynamic updates. ALIEN supports two extensions, the Secure Active Network Environment (SANE), and the Resource Controlled Active Network Environment (RCANE). SANE extends ALIEN's node protection model into a distributed setting, and uses a secure bootstrap to guarantee integrity of the namespace protection system. RCANE provides resource isolation between active network node users, including separate heaps and robust time-division multiplexing of the node. The SANE and RCANE systems show that convincing active network security can be achieved. This paper contributes a measurement-based analysis of the costs of such security with an analysis of each system based on both execution traces and end-to-end behavior

Active networking : one view of the past, present, and future

All distributed computing systems face the architectural question of the location (and nature) of programmability in the telecommunications networks, computers, and other peripheral devices comprising them. The perspective of this paper is that network elements should be as programmable as possible, to enable the most flexible distributed computing systems. There has been a persistent confluence among operating systems, programming languages, networking and distributed systems. We demonstrate how these interactions led to what is called active networking , and in the spirit of vox audita perit, littera scripta manet (the spoken word perishes, but the written word remains), include an account of how it was made to happen. Lessons are drawn both from the broader research agenda, and the specific goals pursued in the SwitchWare project. We speculate on likely futures for active networking

Policy-Directed Certificate Retrieval

Any large scale security architecture that uses certificates to provide security in a distributed system will need some automated support for moving certificates around in the network. We believe that for efficiency, this automated support should be tied closely to the consumer of the certificates: the policy verifier. As a proof of concept, we have built QCM, a prototype policy language and verifier that can direct a retrieval mechanism to obtain certificates from the network. Like previous verifiers, QCM takes a policy and certificates supplied by a requester and determines whether the policy is satisfied. Unlike previous verifiers, QCM can take further action if the policy is not satisfied: QCM can examine the policy to decide what certificates might help satisfy it and obtain them from remote servers on behalf of the requester. This takes place automatically, without intervention by the requester; there is no additional burden placed on the requester or the policy writer for the retrieval service we provide. We present examples that show how our technique greatly simplifies certificate-based secure applications ranging from key distribution to ratings systems, and that QCM policies are simple to write. We describe our implementation, and illustrate the operation of the prototype

A Web navigator with applets in Caml

This paper reports on the implementation of applets in Caml Special Light, a strongly typed functional language. The experiment shows the major contributions of strong typing and powerful module systems for supporting secure execution of mobile code. Security checks are almost entirely performed once at compile-time, and authentication proves that checks have actually been done. Keywords: mobile code, strong typing, authentication 1 Introduction A hot topic in Web-related research and development is mobile code, an approach where programs are considered as documents, and should therefore be accessible, transmitted and displayed (i.e. evaluated) as any other document. Mobile code is integrated in the Web, and in particular in HTML documents, through applets, a form of hypertext links refering to invocation of functions implemented in a mobile program. This paper reports on the implementation of Caml Special Light applets in the mmm browser. Caml Special Light is a strongly typed funct..

Interactive HTML

As the World Wide Web continues to grow, people clearly want to do much more with it than just publish static pages of text and graphics. While such increased interactivity has traditionally been accomplished through the use of server-side CGI scripts, much recent research on Web browsers has been on extending their capabilities through the addition of various types of client-side services. The most popular of these extensions take the form of plug-ins, applets, and "document scripts" such as Java Script. However, because these extensions have been created in a haphazard way by a variety of independent groups, they suffer greatly in terms of flexibility, uniformity, and interoperability. Interactive HTML is a system that addresses these problems by combining plug-ins, applets, and document scripts into one uniform and cohesive architecture. It is implemented as an external C library that can be used by a browser programmer to add client-side services to the browser. The IHTML services are implemented as dynamically loaded "language modules," allowing new plug-ins and language interpreters to be added to an iHTML browser without recompiling the browser itself. The system is currently integrated with NCSA's X Mosaic browser and includes language modules for a text viewer plug-in and Python language interpreter. This thesis examines the iHTML architecture in the context of the historical development of Web client-side services and presents an example of iHTML's use to collect usage information about Web documents