Grid Community Characteristics and their Relation to Grid Security

The size, dynamics, composition and similar characteristics of Grid Communities constitute important data for Grid security requirements gathering and analysis. Collaborative Grid Communities are especially important as they constitute an important part of grid usage modes and demonstrate the need for more advanced Grid security solutions very clearly. This document reports the results of a survey conducted in the Fall of 2002 among members of the Grid community as to understand the needs of grid user and grid application developer communities today, provide information on and typical modes-of-use, and elicit requirements for future grid security systems

Device-Based Isolation for Securing Cryptographic Keys

In this work, we describe an eective device-based isolation approach for achieving data security. Device-based isolation leverages the proliferation of personal computing devices to provide strong run-time guarantees for the condentiality of secrets. To demonstrate our isolation approach, we show its use in protecting the secrecy of highly sensitive data that is crucial to security operations, such as cryptographic keys used for decrypting ciphertext or signing digital signatures. Private key is usually encrypted when not used, however, when being used, the plaintext key is loaded into the memory of the host for access. In our threat model, the host may be compromised by attackers, and thus the condentiality of the host memory cannot be preserved. We present a novel and practical solution and its prototype called DataGuard to protect the secrecy of the highly sensitive data through the storage isolation and secure tunneling enabled by a mobile handheld device. DataGuard can be deployed for the key protection of individuals or organizations

The Virginia Tech Computational Grid: A Research Agenda

An important goal of grid computing is to apply the rapidly expanding power of distributed computing resources to large-scale multidisciplinary scientic problem solving. Developing a usable computational grid for Virginia Tech is desirable from many perspectives. It leverages distinctive strengths of the university, can help meet the research computing needs of users with the highest demands, and will generate many challenging computer science research questions. By deploying a campus-wide grid and demonstrating its effectiveness for real applications, the Grid Computing Research Group hopes to gain valuable experience and contribute to the grid computing community. This report describes the needs and advantages which characterize the Virginia Tech context with respect to grid computing, and summarizes several current research projects which will meet those needs

Adapting Protocols to Massively Interconnected Systems

This paper describes ongoing research focused on two critical problems posed by the interconnection of a massive number of computer systems. The interconnection may be achieved through wide area or local area networks. The two problems considered in this research are as follows: (1) performance analysis of the protocols used in an internetwork connecting thousands to millions of nodes, and (2) application development in a massively distributed, heterogeneous environment where components implemented in different programming languages must be integrated and/or reused. The performance analysis problem is addressed by employing large-scale parallel simulation, extended finite state machines and objected-oriented simulation techniques. The approach to solving the application development problem is based on an environment which exploits the synergism between object-oriented programming and layered communication protocols (specifically, OSI)

The Design and Implementation of Concurrent Input/Output Facilities in ACT++ 2.0

ACT++ 2.0 is the most recent version of a class library for concurrent programming in C++. Programs in ACT++ consist of a collection of active objects called actors. Actors execute concurrently and cooperate by sending request and reply messages. An agent, termed the behavior of an actor, is responsible for processing a single request message and for specifying a replacement behavior which processes the next available request message. One of the salient features of ACT++ is its realization of I/O as an actor operation. A special type of actor, called an interface actor, provides a high level interface for a file. Interface actors are sent request messages whenever I/O is necessary and can also transparently perform asynchronous I/O. ACT++ has been implemented on the Sequent Symmetry multiprocessor using the PRESTO threads package

Applying Structure and Code Metrics to Three Large-Scale Systems

This work extends the area of research termed software metrics by applying measures of system structure and measures of system code to three realistic software products. Previous research in this area has typically been limited to the application of code metrics such as : lines of code, McCabe's Cyclomatic number, and Halstead's software science variables. However, this research also investigates the relationship of four structure metrics: Henry's Information Flow measure, Woodfield's Syntactic Interconnection Model, Yau and Collofello's Stability measure and McClure's Invocation complexity, to various observed measures of complexity such as, ERRORS, CHANGES and CODING TIME. These metrics are referred to as structure measures since they measure control flow and data flow interfaces between system components. Correlating the metrics to observed measures of complexity indicated that the Information Flow metric and the Invocation Measure typically performed as well as the three code metrics when project factors and subsystem factors were taken into consideration. However, it was generally true that no single metric was able to satisfactorily identify the variations in the data

Using Group and Subsystem Level Analysis to Validate Software Metrics on Commercial Software Systems

This paper reports the results of a study which examined the relationship between a collection of software metrics and the development data (such as errors and coding time) of three commercially produced software systems. The software metrics include both measures of system interconnectivity and measures of system code. This study revealed strong relationships between the metrics and the development data when individual components were aggregated by structure (into subsystems) or by similarity (into groups). The subsystem and group results imply that research and application of metrics should be focused above the component level. The group results also imply that metrics can guide the effective application of project resources by identifying those groups which, for example, will contain a disproportionately large fraction of errors. Finally, the study showed the overall utility of two interconnectivity metrics: Henry and Kafura's information flow metric and McClure's invocation metric. This result is significant because interconnectivity metrics can be applied early in the life cycle

Distributed Garbage Collection of Active Objects

This paper shows how to perform distributed automatic garbage collection of objects possessing their own thread of control. The relevance of garbage collection and concurrent objects used in the paper is explained. The collector is comprised of a collection of independent local collectors, one per node, loosely coupled to a distributed global collector. The mutator (application), the local collectors and the global collector run concurrently. The synchronization necessary to achieve correct and efficient concurrent operation between the collectors and the mutator is presented in detail. An interesting aspect of the distributed collector is the termination algorithm: the collector algorithm running on one node, which considers itself to be "done," may become "undone" by the action of a collector algorithm on another node

Specifying and Inheriting Concurrent Behavior in an Actor-BasedObject-Oriented Language

Using CCS behavior equations to specify and reason about the observable behavior of concurrent objects, we demonstrate that a language mechanism called a behavior set can be used to capture the behavior of actor-like objects. Using behavior equations as a formal representation of concurrent object behavior results in the explication of a mapping from the domain of objects to a domain of behavior sets. We call this mapping the behavior function. By expressing relevant object states, behavior sets and the behavior function as first-class, inheritable, and mutable entities in a concurrent object-oriented language, we have defined the conditions which must be met in order to inherit concurrent behavior free of known anomalies

ACT++: Building a Concurrent C++ with Actors

ACT++ (Actors in C++) is a concurrent object-oriented language being designed for distributed real-time applications. The language is a hybrid of the actor kernel language and the object-oriented language C++. The concurrency abstraction of ACT++ is derived from the actor model as defined by Agha. This paper discusses our experience in building a concurrent extension of C++ with the concurrency abstraction of the actor model. The current design of ACT++ and its implementation are described. Some problems found in the Agha's actor model are discussed in the context of distributed real-time applications. The use of ACT++ disclosed the difficulty of combining the actor model of concurrency with class inheritance in an object-oriented language