Yoad Gidron scite author profile

SUMMARYComponent mobility is an important enabling technology for the design of wide area pervasive applications, but it introduces new challenges in the critical aspect of access control. In particular, when mobility is used for dynamic relocation of distributed components, access from both remote and local mobile components needs to be uniformly controlled. The dynamic determination of execution location, possibly crossing multiple administrative authorities, requires dynamic establishment and enforcement of access control. The deployment over widely heterogeneous hosts and devices requires integration of access control with dynamic probing of resource availability so as to influence the relocation process.This paper presents a model for dynamic specification and enforcement of access control in the context of dynamically relocatable components, and an implementation in the Java-based FARGO framework. The specification follows a negotiation-based protocol that enables dynamic matching of available and required resources by providers and consumers, respectively. Enforcement is provided through a capability-based secure component reference architecture, which uniformly applies to both local and remote references, and through instance-level, as opposed to type-level (supported in Java), access control. Finally, access control is integrated into the programming model in a non-intrusive fashion, by separating the encoding of access control from the encoding of the logic of the application.

show abstract

Dynamic configuration of access control for mobile components inFarGo

Gidron

Ben-Shaul

Holder

et al. 2001

Concurrency and Computation

View full text Add to dashboard Cite

Component mobility is an important enabling technology for the design of wide area pervasive applications, but it introduces new challenges in the critical aspect of access control. In particular, when mobility is used for dynamic relocation of distributed components, access from both remote and local mobile components needs to be uniformly controlled. The dynamic determination of execution location, possibly crossing multiple administrative authorities, requires dynamic establishment and enforcement of access control. The deployment over widely heterogeneous hosts and devices requires integration of access control with dynamic probing of resource availability so as to influence the relocation process.This paper presents a model for dynamic specification and enforcement of access control in the context of dynamically relocatable components, and an implementation in the Java-based FARGO framework. The specification follows a negotiation-based protocol that enables dynamic matching of available and required resources by providers and consumers, respectively. Enforcement is provided through a capability-based secure component reference architecture, which uniformly applies to both local and remote references, and through instance-level, as opposed to type-level (supported in Java), access control. Finally, access control is integrated into the programming model in a non-intrusive fashion, by separating the encoding of access control from the encoding of the logic of the application. 6Y. GIDRON ET AL. different bandwidths, reliability and general quality of service. This large and non-uniform deployment space implies that an application developer is unlikely to know in advance how to structure the distributed application in a way that best leverages the available infrastructure. Furthermore, the dynamic nature of such a global environment implies that assumptions made early at design time regarding the underlying physical infrastructure might not hold during deployment time. Thus, static mapping of logical components onto a set of physical hosts-termed the layout of the application-is often undesirable and likely to decrease application scalability.An alternative approach is dynamic layout. Under dynamic layout, components of the application can be relocated to different hosts at runtime, without making any changes to the source code. This capability enables developers to design their application more generically and defer the mapping of components to hosts at runtime. A complementary relocation policy can be encoded, which can utilize less loaded hosts, take advantage of working locally against remote services or data sources, or even continue execution at a different host upon an anticipated failure or network disconnection.For example, consider an application that runs on a handheld device and accesses a large remote database frequently. The device is typically connected with a low-bandwidth, high-latency and highcost network connection, and thus minimizing traffic over this connection is clearly desirable. By mig...

show abstract

An RPC-based methodology for client/server application development in C++

Gidron

Kozakov

Shani

View full text Add to dashboard Cite

Remote Procedure Call (RPC) is a commonly used mechanism for clienthewer applications. RPC implements a tightly synchronized clienthewer interaction that is analogous to the well understood procedure call in regular nondistributed applications. The underlying principle common to all RPC-based tools and standards is that both client and server share a common IDL (Inter$ace Definition Language) $ 1 . Automatic tools process the IDL file and generate source Jiles that when compiled with the application, ensure clienthewer run-time compliancy.We introduce an RPC methodology for C++ clienthewer applications that follows a different pattern; sharing of C++ base classes, in place of an IDL $le. This releases the developer from the dependence on, and need to learn complex RPC tools and standards. We believe that C++ programmers will find this approach suflcient for most of their distributed-applications development needs.

show abstract

scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.

Contact Info

customersupport@researchsolutions.com

10624 S. Eastern Ave., Ste. A-614

Henderson, NV 89052, USA

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Blog Terms and Conditions API Terms Privacy Policy Contact Cookie Preferences Do Not Sell or Share My Personal Information

Made with 💙 for researchers

Part of the Research Solutions Family.

Yoad Gidron

A negotiation model for dynamic composition of distributed applications

Dynamic Configuration and Enforcement of Access Control for Mobile Components

Dynamic configuration of access control for mobile components inFarGo

An RPC-based methodology for client/server application development in C++

Contact Info

Product

Resources

About