DACA: arquitetura para implementação de mecanismos dinâmicos de controlo de acesso em camadas de negócio

Doutoramento em Ciências da ComputaçãoAccess control is a software engineering challenge in database applications. Currently, there is no satisfactory solution to dynamically implement evolving fine-grained access control mechanisms (FGACM) on business tiers of relational database applications. To tackle this access control gap, we propose an architecture, herein referred to as Dynamic Access Control Architecture (DACA). DACA allows FGACM to be dynamically built and updated at runtime in accordance with the established fine-grained access control policies (FGACP). DACA explores and makes use of Call Level Interfaces (CLI) features to implement FGACM on business tiers. Among the features, we emphasize their performance and their multiple access modes to data residing on relational databases. The different access modes of CLI are wrapped by typed objects driven by FGACM, which are built and updated at runtime. Programmers prescind of traditional access modes of CLI and start using the ones dynamically implemented and updated. DACA comprises three main components: Policy Server (repository of metadata for FGACM), Dynamic Access Control Component (DACC) (business tier component responsible for implementing FGACM) and Policy Manager (broker between DACC and Policy Server). Unlike current approaches, DACA is not dependent on any particular access control model or on any access control policy, this way promoting its applicability to a wide range of different situations. In order to validate DACA, a solution based on Java, Java Database Connectivity (JDBC) and SQL Server was devised and implemented. Two evaluations were carried out. The first one evaluates DACA capability to implement and update FGACM dynamically, at runtime, and, the second one assesses DACA performance against a standard use of JDBC without any FGACM. The collected results show that DACA is an effective approach for implementing evolving FGACM on business tiers based on Call Level Interfaces, in this case JDBC.Controlo de acesso é um desafio para a engenharia de software nas aplicações de bases de dados. Atualmente, não há uma solução satisfatória para a implementação dinâmica de mecanismos finos e evolutivos de controlo de acesso (FGACM) ao nível das camadas de negócio de aplicações de bases de dados relacionais. Para solucionar esta lacuna, propomos uma arquitetura, aqui referida como Arquitetura Dinâmica de Controlo de Acesso (DACA). DACA permite que FGACM sejam dinamicamente construídos e atualizados em tempo de execução de acordo com as políticas finas de controlo de acesso (FGACP) estabelecidas. DACA explora e utiliza as características das Call Level Interfaces (CLI) para implementar FGACM ao nível das camadas de negócio. De entre as características das CLI, destacamos o seu desempenho e os diversos modos para acesso a dados armazenados em bases de dados relacionais. Na DACA, os diversos modos de acesso das CLI são envolvidos por objetos tipados derivados de FGACM, que são construídos e atualizados em tempo de execução. Os programadores prescindem dos modos tradicionais de acesso das CLI e passam a utilizar os dinamicamente construídos e atualizados. DACA compreende três componentes principais: Policy Server (repositório de meta-data dos FGACM), Dynamic Access Control Component (componente da camada de negócio que é responsável pela implementação dos FGACM) e Policy Manager (broker entre DACC e Policy Server). Ao contrário das soluções atuais, DACA não é dependente de qualquer modelo de controlo de acesso ou de qualquer política de controlo de acesso, promovendo assim a sua aplicabilidade a muitas e diversificadas situações. Com o intuito de validar DACA, foi concebida e desenvolvida uma solução baseada em Java, Java Database Connectivity (JDBC) e SQL Server. Foram efetuadas duas avaliações. A primeira avalia DACA quanto à sua capacidade para dinamicamente, em tempo de execução, implementar e atualizar FGACM e, a segunda, avalia o desempenho de DACA contra uma solução sem FGACM que utiliza o JDBC normalizado. Os resultados recolhidos mostram que DACA é uma solução válida para implementar FGACM evolutivos em camadas de negócio baseadas em CLI

abcNet: alfabetização na NET

A dissertação apresenta o desenvolvimento de uma plataforma informática baseada na Webvocacionada para a alfabetização. Apesar de a alfabetização ser o objectivo último de abcNet, a estratégia seguida para a arquitectura interna de abcNet merece especial relevo. abcNet apresenta uma arquitectura que deposita no professor a responsabilidade da criação dos conteúdos necessários à alfabetização. É o professor, por configuração de modelos, que em cada instante e em cada caso tem o poder de decidir qual a metodologia e quais os conteúdos que melhor se aplicam. Neste contexto, apesar de o princípio pedagógico não ser novidade, a implementação realizada através de abcNet é concerteza um avanço significativo nas TIC. ABSTRACT: The dissertation presents the development of a computer science platform based on the Web which aims at teaching how to read and write. Although the teaching how to read and write is the aim goal of abcNet, the strategy followed for the internal architecture of abcNet deserves special relief. abcNet presents an architecture that deposits in the professor the responsibility of the creation of the necessary contents to the teaching process. It is the teacher, by the configuration process of models, that in each instant and in each case has the power to decide which the methodology and which the contents are better to beapplied. In this context, although the pedagogical principle not to be newness, the implementation carried through abcNet is surely a significant advance in the CIT

Context storage using NoSQL

With the ubiquity and pervasiveness of mobile computing, together with the increasing number of social networks, end-users have learned to live and share all kinds of information about themselves. As an example, Facebook reports that it has currently 500 million active users, 200 million of which access its services on mobile systems; moreover, users that access Facebook through mobile applications are twice as active as non-mobile users, and it is used by 200 mobile operators in 60 countries [1]. More specific mobile platforms such as Foursquare, which unlike Facebook only collects location information, reports 6.5 million users worldwide, and also has a mobile presence (both with a web application and iPhone / Android applications) [2]. Context- aware architectures intend to explore this increasing number of context information sources and provide richer, targeted services to end-users, while also taking into account arising privacy issues. While multiple context management platform architectures have been devised [3], this paper focuses primarily on Context- Broker-based architectures, such as the ones proposed in the projects Mobilife [4] and C-Cast [5]. More specifically, it focuses on the context management platform XCoA [6]. This platform uses XMPP for its main communication protocol, and publishes context information in a Context-Broker. This context information is provided by Context-Agents, such as mobile terminals, sensor networks and social networks. Due to the nature of the XMPP protocol, the context information is provided in XML form. This paper proposes the usage of a NoSQL storage system for the purpose of context information storage and retrieval in an XMPP broker-based context platform such as XCoA, together with a full-text searching engine. Through a comparison made through prototypes, the paper clearly demonstrates the advantages of NoSQL storage systems applied to the area of Context Management

CRUD-DOM: a model for bridging the gap between the object-oriented and the relational paradigms : an enhanced performance assessment based on a case study

The development of database applications comprises three different tiers: application tier, database tier and finally the middle tier also known as the data access layer. The development of each tier per-se entails many challenges. Very often the most difficult challenges to be addressed derive from non-functional requirements, as productivity, usability, performance, reliability, high-availability and transparency. This paper is focused on defining and presenting a model for the data access layer aimed to integrate object-oriented application tiers and relational database tiers. The model addresses situations on which users need to explicitly write down complex static CRUD expressions and simultaneously get advantages regarding some non-functional requirements. The model, known as CRUD Data Object Model (CRUD-DOM), tackles the following non-functional requirements: performance, usability and productivity. The main contributions of this paper are threefold: 1) to present an extended model of CRUD-DOM; 2) to carry out an extended performance assessment based on a case study; 3) to present a tool, called CRUD Manager (CRUD-M), which provides automatic code generation with complementary support for software test and maintenance. The main outcome from this paper is the evidences that the pair CRUD-DOM and CRUD-M effectively addresses productivity, performance and usability requirements in the aforementioned context

ACADA: Access Control-driven Architecture with Dynamic Adaptation

Programmers of relational database applications use software solutions (Hibernate, JDBC, LINQ, ADO.NET) to ease the development process of business tiers. These software solutions were not devised to address access control policies, much less for evolving access control policies, in spite of their unavoidable relevance. Currently, access control policies, whenever implemented, are enforced by independent components leading to a separation between policies and their enforcement. This paper proposes a new approach based on an architectural model referred to here as the Access Controldriven Architecture with Dynamic Adaptation (ACADA). Solutions based on ACADA are automatically built to statically enforce access control policies based on schemas of Create, Read, Update and Delete (CRUD) expressions. Then, CRUD expressions are dynamically deployed at runtime driven by established access control policies. Any update in the policies is followed by an adaptation process to keep access control mechanisms aligned with the policies to be enforced. A proof of concept based on Java and Java Database Connectivity (JDBC) is also presented

abcNet: literacy tool based on entities

In the 21st century the demanding for reading and writing capabilities will increase not only in the children but also in the adult generation. For adults, their level of literacy will determine the job they may get, the way they will behave as citizens, the way they will grow up their own children, etc. Literacy is the basic key tool for a successful future. Information requires literacy information is being redirected to the internet, requiring not only additional investments but also additional skills. The skills to deal with new technologies is the new challenge for the 21st century. abcNet is a web based application which aims at teaching how to read and write

Object oriented platform to RDBMS stored procedures

Object-oriented programming (OOP) is the most successful paradigm used in programming environments. Some difficulties arise when it is necessary to deal with data stored in a relational database because relational databases do not provide an object-oriented interface to their entities. The most common solution consists in developing a specific interface that guarantees some specific requirements. Here, we explain a methodology to implement an application-side object-oriented platform in order to access stored procedures in relational databases

Methodology for Dynamic WEB Pages Assembly

Structure, presentation and content are the 3 main blocks in web pages. Although HTML is the main technology for web pages development, it doesn’t provide mechanisms for a clear separation of these 3 blocks, which would be a great step towards the construction of flexible web pages. If one could define on the fly, which structure, presentation and content to use, web pages would reach their maximum flexibility. With this flexibility, each web page could reach specific goals in terms of users needs, namely, user disabilities (visual, hearing, motor, cognitive), user learning profile, etc. Here, it is presented a methodology to achieve the above mentioned goals

ABC-NET: Literacy Tool for Paulo Freire's Method

Paulo Reglus Neves Freire was born in Recife in 1921, the capital of Brazil’s northeast province. Through all his life, he developed the fundamentals of a teaching process with special characteristics. The fundamentals of his ‘system’ point to an educational process that focuses on the student environment. abcNet is a web-based application which seeks the goals of learning how to read and to write, following Paulo Freire’s methodology

Enhancing Calll-Level Interfaces with Thread-Safe Local Memory Structures

Database applications are being increasingly under pressure to respond effectively to ever more demanding performance requirements. Software architects can resort to several well-known architectural tactics to minimize the possibility of coming across with any performance bottleneck. The usage of call-level interfaces (CLIs) is a strategy aimed at reducing the overhead of business components. CLIs are low-level APIs that provide a high-performance environment to execute standard SQL statements on relational and also on some NoSQL database (DB) servers. In spite of these valuable features, CLIs are not thread-safe when distinct threads need to share datasets retrieved through Select statements from databases. Thus, even in situations where two or more threads could share a dataset, there is no other possibility than providing each thread with its own dataset, this way leading to an increased need of computational resources. To overcome this drawback, in this paper we propose a new natively thread-safe architecture. The implementation herein presented is based on a thread-safe updatable local memory structure (LMS) where the data retrieved from databases is kept. A proof of concept based on Java Database Connectivity type 4 (JDBC) for SQL Server 2008 is presented and also a performance assessment