Explicit Representation of Exception Handling in the Development of Dependable Component-Based Systems

Exception handling is a structuring technique that facilitates the design of systems by encapsulating the process of error recovery. In this paper, we present a systematic approach for incorporating exceptional behaviour in the development of component-based software. The premise of our approach is that components alone do not provide the appropriate means to deal with exceptional behaviour in an effective manner. Hence the need to consider the notion of collaborations for capturing the interactive behaviour between components, when error recovery involves more than one component. The feasibility of the approach is demonstrated in terms of the case study of the mining control system

Using a loadtime metaobject protocol to enforce access control policies upon user-level compiled code

This thesis evaluates the use of a loadtime metaobject protocol as a practical mechanism for enforcing access control policies upon applications distributed as user-level compiled code. Enforcing access control policies upon user-level compiled code is necessary because there are many situations where users are vulnerable to security breaches because they download and run potentially untrustworthy applications provided in the form of user-level compiled code. These applications might be distributed applications so access control for both local and distributed resources is required. Examples of potentially untrustworthy applications are Browser plug-ins, software patches, new applications, or Internet computing applications such as SETI@home. Even applications from trusted sources might be malicious or simply contain bugs that can be exploited by attackers so access control policies must be imposed to prevent the misuse of resources. Additionally, system administrators might wish to enforce access control policies upon these applications to ensure that users use them in accordance with local security requirements. Unfortunately, applications developed externally may not include the necessary enforcement code to allow the specification of organisation-specific access control policies. Operating system security mechanisms are too coarse-grained to enforce security policies on applications implemented as user-level code. Mechanisms that control access to both user-level and operating system-level resources are required for access control policies but operating system mechanisms only focus on controlling access to system-level objects. Conventional object-oriented software engineering can be used to use existing security architectures to enforce access control on user-level resources as well as system-resources. Common techniques are to insert enforcement within libraries or applications, use inheritance and proxies. However, these all provide a poor separation of concerns and cannot be used with compiled code. In-lined reference monitors provide a good separation of concerns and meet criteria for good security engineering. They use object code rewriting to control access to both userlevel and system-level objects by in-lining reference monitor code into user-level compiled code. However, their focus is upon replacing existing security architectures and current implementations do not address distributed access control policies. Another approach that does provide a good separation of concerns and allows reuse of existing security architectures are metaobject protocols. These allow constrained changes to be made to the semantics of code and therefore can be used to implement access control policies for both local and distributed resources. Loadtime metaobject protocols allow metaobject protocols to be used with compiled code because they rewrite base level classes and insert meta-level interceptions. However, these have not been demonstrated to meet requirements for good security engineering such as complete mediation. Also current implementations do not provide distributed access control. This thesis implements a loadtime metaobject protocol for the Java programming language. The design of the metaobject protocol specifically addresses separation of concerns, least privilege, complete mediation and economy of mechanism. The implementation of the metaobject protocol, called Kava, has been evaluated by implementing diverse security policies in two case studies involving third-party standalone and distributed applications. These case studies are used as the basis of inferences about general suitability of using loadtime reflection for enforcing access control policies upon user-level compiled code.EThOS - Electronic Theses Online ServiceGBUnited Kingdo

Adaptation en ligne de mécanismes de tolérance aux fautes par une approche à composants ouverts

L'adaptation en-ligne du logiciel de tolérance aux fautes permet de renforce la sûreté de fonctionnement du système et prenant en compte son environnement. L’adaptation nécessite de nouvelles techniques de conception. Ces travaux visent à comprendre et maîtriser l'impact des modifications du logiciel de tolérance aux fautes en opération sur les fonctionnalités du système, pour en maîtriser les effets de bords. L’approche proposée introduit une architecture réflexive à composants et une modélisation du logiciel. Un modèle structurel du logiciel permet de calculer et appliquer les modifications du contenu du logiciel. Un modèle comportemental décrit les observations attendues en fonctionnement. Il permet de déterminer les états permettant d’appliquer les modifications, d’amener et de maintenir le système dans ces états. Ces travaux montrent que, grâce aux capacités de manipulation et de contrôle en ligne du logiciel, la modification des mécanismes de tolérance aux fautes peut être réalisée en ligne de manière maîtrisée. ABSTRACT : On-line fault tolerance adaptation aims at enforcing system dependability by taking into account operational conditions and environment. Adapting the system requires new design techniques. This work aims at understanding and mastering the impact of such software modification in operation, especially regarding side effects on functionalities and dependability properties. Our approach relies on a reflective architecture based on components and models of the software that reflects on the one hand the content of the software in terms of state and algorithms (architectural model) and on the other hand the expected correct behaviour (behavioural model). The first one is used to determine the modifications and apply them at runtime, and the second one is used to drive the system in a state in which modifications can be done consistently, and maintain the system in such a state. We show that; thanks to manipulation capabilities and execution control, we can master the modification of fault tolerance software and ensure correctness properties

From Resilience-Building to Resilience-Scaling Technologies: Directions -- ReSIST NoE Deliverable D13

This document is the second product of workpackage WP2, "Resilience-building and -scaling technologies", in the programme of jointly executed research (JER) of the ReSIST Network of Excellence. The problem that ReSIST addresses is achieving sufficient resilience in the immense systems of ever evolving networks of computers and mobile devices, tightly integrated with human organisations and other technology, that are increasingly becoming a critical part of the information infrastructure of our society. This second deliverable D13 provides a detailed list of research gaps identified by experts from the four working groups related to assessability, evolvability, usability and diversit

Systemunterstützung für den Abgleich von Geschäftsobjekten zwischen Anwendungsservern über WebServices: Systemunterstützung für den Abgleich von Geschäftsobjekten zwischen Anwendungsservern über WebServices

Geschäftsanwendungen wie Supply Chain Management (SCM) oder Customer Relationship Management (CRM) werden repliziert, um eine hohe Skalierbarkeit und schnellen lokalen Zugriff zu erreichen. Die Geschäftsobjekte als Datencontainer der Anwendungen müssen infolge von Änderungen synchronisiert werden. Diese Arbeit leistet einen Beitrag zur Effizienzsteigerung des Synchronisationsprozesses durch die Reduzierung der Anzahl der Synchronisationsnachrichten sowie der zu übertragenden Datenmenge - auch unter Berücksichtigung des entstehenden Mehraufwands durch zusätzliche Verarbeitungsprozesse.Business applications such as supply chain management (SCM) or customer relationship management (CRM) are replicated in order to reach high scalability and fast local access. The business objects representing the data containers have to be synchronized to stay consistent across the application servers. This thesis provides a contribution to reach more efficiency during the synchronization process by reducing the amount of synchronization messages and the amount of data to be transmitted. The additional effort due to further processing steps is taken into account via a proper cost model