We present a new architecture (virtual services) and accompanying
implementation for dynamically adapting and reconfiguring the behavior
of network services. Virtual services are a compositional middleware
system that transparently interposes itself between a service and a
client, overlaying new functionality with configurations of modules
organized into processing chains. Virtual services allow programmers
and system administrators to extend, modify, and reconfigure
dynamically the behavior of existing services for which source code,
object code, and administrative control are not available.
Virtual service module processing chains are instantiated on
a per connection or invocation basis, thereby enabling the
reconfiguration of individual connections to a service without
affecting other connections to the same service.
To validate our architecture, we have implemented a virtual services
software development toolkit and middleware server. Our experiments
demonstrate that virtual services can modularize concerns that cut
across network services. We show that we can reconfigure and enhance
the security properties of services implemented as either TCP
client-server systems, such as an HTTP server, or as remotely
invocable objects, such as a Web service. We demonstrate that virtual
services can reconfigure the following security properties and
abilities: authentication, access control, secrecy/encryption,
connection monitoring, security breach detection, adaptive response to
security breaches, concurrent and dynamically mutable implementation
of multiple security policies for different clients