Using a loadtime metaobject protocol to enforce access control policies upon user-level compiled code

This thesis evaluates the use of a loadtime metaobject protocol as a practical mechanism for enforcing access control policies upon applications distributed as user-level compiled code. Enforcing access control policies upon user-level compiled code is necessary because there are many situations where users are vulnerable to security breaches because they download and run potentially untrustworthy applications provided in the form of user-level compiled code. These applications might be distributed applications so access control for both local and distributed resources is required. Examples of potentially untrustworthy applications are Browser plug-ins, software patches, new applications, or Internet computing applications such as SETI@home. Even applications from trusted sources might be malicious or simply contain bugs that can be exploited by attackers so access control policies must be imposed to prevent the misuse of resources. Additionally, system administrators might wish to enforce access control policies upon these applications to ensure that users use them in accordance with local security requirements. Unfortunately, applications developed externally may not include the necessary enforcement code to allow the specification of organisation-specific access control policies. Operating system security mechanisms are too coarse-grained to enforce security policies on applications implemented as user-level code. Mechanisms that control access to both user-level and operating system-level resources are required for access control policies but operating system mechanisms only focus on controlling access to system-level objects. Conventional object-oriented software engineering can be used to use existing security architectures to enforce access control on user-level resources as well as system-resources. Common techniques are to insert enforcement within libraries or applications, use inheritance and proxies. However, these all provide a poor separation of concerns and cannot be used with compiled code. In-lined reference monitors provide a good separation of concerns and meet criteria for good security engineering. They use object code rewriting to control access to both userlevel and system-level objects by in-lining reference monitor code into user-level compiled code. However, their focus is upon replacing existing security architectures and current implementations do not address distributed access control policies. Another approach that does provide a good separation of concerns and allows reuse of existing security architectures are metaobject protocols. These allow constrained changes to be made to the semantics of code and therefore can be used to implement access control policies for both local and distributed resources. Loadtime metaobject protocols allow metaobject protocols to be used with compiled code because they rewrite base level classes and insert meta-level interceptions. However, these have not been demonstrated to meet requirements for good security engineering such as complete mediation. Also current implementations do not provide distributed access control. This thesis implements a loadtime metaobject protocol for the Java programming language. The design of the metaobject protocol specifically addresses separation of concerns, least privilege, complete mediation and economy of mechanism. The implementation of the metaobject protocol, called Kava, has been evaluated by implementing diverse security policies in two case studies involving third-party standalone and distributed applications. These case studies are used as the basis of inferences about general suitability of using loadtime reflection for enforcing access control policies upon user-level compiled code.EThOS - Electronic Theses Online ServiceGBUnited Kingdo

CORBA: A Quantitative and Qualitative Comparison of Industrial Strength, Commercial CORBA ORBs for the JAVA Platform

In distributed systems design, middleware is a key component. Middleware establishes the communication between a client and server in a multi-tiered architecture. One approach to middleware is implementing the OMG\u27s CORBA standard, through the use of ORBs. Three of the more popular commercially available ORBs are Sun\u27s Java 2 ORB, Borland\u27s VisiBroker for Java, and IONA\u27s Orbix 2000 for Java. The purpose of this graduate project was to compare the three ORBs both quantitatively and qualitatively. The project compares the ORBs quantitatively by measuring the performance of each ORB, in terms of response time. The comparison was done qualitatively by looking at the services each ORB provides, the level of ease of implementing a simple, client-server application in each ORBs\u27 syntax, the time taken to develop each application, difficulties encountered, and the stability of each ORB when tested. The results of the project should prove to be useful for distributed systems designers, and for researchers studying middleware products. In addition, each of the applications created for the project can be re-used for any future performance or load testing of the ORBs one might want to conduct

Agent Based Modeling in Land-Use and Land-Cover Change Studies

Agent based models (ABM) for land use and cover change (LUCC) holds the promise to provide new insight into the processes and patterns of the human and biophysical interactions in ways that have never been explored. Advances in computer technology make it possible to run almost infinite numbers of simulations with multiple heterogeneously shaped actors that reciprocally interact via vertical and horizontal power lines on various levels. Based upon an extensive literature review the basic components for such exercises are explored and discussed. This resulted in a systematic representation of these components consisting of: (1) Spatial static input data, (2) Actor and Actor-group static input data, (3) Spatial dynamic input, (4) Actor and Actor-group dynamic input data, (5) the model with the rules describing the rules, (6) Spatial static output, (7) Actor and Actor-group static output, (8) Dynamic output of Actor behaviour changes, (9) Dynamic output of actor-group behavioural changes, (10) Dynamic output of spatial patterns, (11) Dynamic output of temporal patterns. This representation proves to be epistemologically useful in the analysis of the relationships between the ABM LUCC components. In this paper, this representation is also used to enumerate the strengths and limitations of agent based modelling in LUCC

Yleiskäyttöinen muunnos tiedonvälitysolioiden ja entiteettien välillä

Layered architecture in Java EE web applications is one example of a situation where parallel, non-matching class hierarchies need to be maintained. The mapping of Data Transfer Objects (DTO) and entities causes manual overhead, more code to maintain and the lack of automated solution may lead to architectural anti patterns. To avoid these problems and to streamline the coding process, this mapping process can be supported and partially automated. To access the problem, the solutions and related techniques to the mapping process are analyzed. For further analysis, a runtime mapping component approach is chosen. There are multiple techniques for mapping the class hierarchies, such as XML, annotations, APIs or Domain-Specific Languages. Mapping components use reflection for mapping but for actual copying of the values, dynamic code generation and caches can be used for better performance. In this thesis, a comprehensive Business Process Readiness (BRR) analysis was performed. Analyzed categories included features, usability, quality, performance, scalability, support and documentation. The requirements for a generic purpose mapping component were derived from the needs of Dicode Ltd. Out of the eleven found implementations, six were chosen for the complete analysis based on feature category. Finally, a rating in range from 1 to 5 was assigned to each of the components as a weighted average of the results in each category. There are notable differences related to usability, measured as the amount configuration needed, between the implementations. Additionally, components using dynamic code generation perform better compared to others but no scalability concerns were noted for a real application. Overall, based on the analysis, we found that there exist very good solutions to support the mapping process for Dicode Ltd. that can be recommended to be used in future projects.Rinnakkaisia, toisistaan rakenteeltaan poikkeavia luokkahierarkioita tarvitaan muun muassa kerrosarkkitehtuurilla toteutetuissa Java EE -pohjaisissa websovelluksissa. Tiedonvälitysolioiden (engl. Data Transfer Object) ja entiteettien välinen muunnos aiheuttaa manuaalista työtä ohjelmoijalle, lisää ylläpidettävää koodia ja toisaalta automatisoidun ratkaisun puuttuminen voi johtaa arkkitehtuurin kannalta haitallisiin piirteisiin. Näiden haasteiden välttämiseksi tämä muunnosprosessi on osittain automatisoitavissa. Tekniset ratkaisut ongelman ratkaisemiseksi analysoitiin ja tarkempaan käsittelyyn valittiin lähestymistapa, jossa muunnos suoritetaan ajonaikaisesti. Luokkahierarkioiden rakenteen kohdentamiseen voidaan käyttää useita eri tekniikoita, kuten XML:ää, annotaatioita, ohjelmointirajapintoja tai toimialueeseen sidonnaisia kieliä (engl. Domain-Specific Language). Kohdentamisessa käytetään Javan reflektointia mutta varsinaiseen arvojen kopiointiin voidaan saavutettujen tehokkuusetujen vuoksi hyödyntää ajon aikana tuotettua ohjelmakoodia sekä välimuisteja. Toteutusten vertailuun käytetään Business Process Readiness -arviointia, josta on käytössä toiminnallisuuden, käytettävyyden, laadun, tehokkuuden, skaalautuvuuden, tuen ja dokumentaation osa-alueet. Toiminnalliset vaatimukset on johdettu Dicode Oy:n tarpeista. Näiden pohjalta yhteensä yhdestätoista arvioidusta toteutuksesta kuusi valittiin kattavamman arvioinnin vaiheeseen, jossa kokonaisarvio muodostui kaikkien arvioitujen osa-alueiden painotetusta keskiarvosta välille 1-5. Käytettävyyttä mitattiin vaaditun konfiguraation määrällä, ja tällä osa-alueella toteutusten välillä havaittiin merkittäviä eroja. Ajon aikana ohjelmakoodia tuottavat toteutukset erottuivat tehokkuusmittauksista, mutta todellisen sovelluksen tapauksessa mitattavissa olevia skaalautuvuuseroja ei havaittu. Vertailun pohjalta voidaan todeta, että Dicode Oy:n tarpeisiin on olemassa erittäin hyviä toteutuksia ja niiden käyttöä voidaan suositella tulevissa projekteissa

Network architecture for collaborative distributed services

Thesis (S.M.)--Massachusetts Institute of Technology, School of Architecture and Planning, Program in Media Arts and Sciences, 2005.Includes bibliographical references (p. 85-89).This thesis proposes a network architecture, called SMPL, for the design and development of collaboration-oriented, distributed applications over the Internet. The goal of SMPL is to enable the development of applications that easily integrate the capabilities of different types of computing resources, software platforms, and data repositories across the Internet transcending the level of a single device. SMPL proposes a new abstraction of the Internet as a network composed of services, resources, and capabilities instead of just machines. The SMPL architecture distributes resources through a peer-to-peer network of service providers. The design of SMPL encourages developers to add value to the system by facilitating the creation of new functionalities based upon compositions of the existing ones.Carlos A. Rocha.S.M