Gang Huang,Lian-Shan Sun

DOI: https://doi.org/10.1007/s11390-008-9188-x

2008-01-01

Abstract:Reflective middleware opens up the implementation details of middleware platform and applications at runtime for improving the adaptability of middleware-based systems. However, such openness brings new challenges to access control of the middleware-based systems. Some users can access the system via reflective entities, which sometimes cannot be protected by access control mechanisms of traditional middleware. To deliver high adaptability securely, reflective middleware should be equipped with proper access control mechanisms for potential access control holes induced by reflection. One reason of integrating these mechanisms in reflective middleware is that one goal of reflective middleware is to equip applications with reflection capabilities as transparent as possible. This paper studies how to design a reflective J2EE middleware - PKUAS with access control in mind. At first, a computation model of reflective system is built to identify all possible access control points induced by reflection. Then a set of access control mechanisms, including the wrapper of MBeans and a hierarchy of Java class loaders, are equipped for controlling the identified access control points. These mechanisms together with J2EE access control mechanism form the access control framework for PKUAS. The paper evaluates the security and the performance overheads of the framework in quality and quantity.

Meng Li,Xiaohu Yang

DOI: https://doi.org/10.1109/ICCET.2010.5486114

2010-01-01

Abstract:Nowadays, more and more J2EE applications are deployed in distributed environment. Existing session management models are no longer competent in this context. In order to satisfy the demand on performance, scalability and reliability of session maintenance, this paper presents an improved HTTP session management model in distributed environment with a simplified heterogeneous front-end and a distributed cache based back-end. Theoretical analysis based on graph theory and probability theory is applied to both existing model and the improved model, which proves that the latter is much better in many aspects. A prototype session manager based on this model is implemented. The result of a performance benchmark upon a standard J2EE application shows its improvement.

TIAN Yu-hong,WANG Ze-bing,FENG Yan

DOI: https://doi.org/10.3969/j.issn.1000-7024.2006.24.029

2006-01-01

Abstract:The Java virtual machine(JVM)is used more frequently as the basic engine behind dynamic web services.With the proliferation of network attacks on these network resources,much work are done to provide security for the network environment.Little effort has been placed on securing a Java web server where the attacker has a valid login to the host machine.After describing the vulnerabilities in Java's security mechanisms,an extended security system based on Java 2 security architecture is introduced.It also explains the runtime status of system.The increased assurance of correct system operation and the integrity of Java application server are provided.

Hai-Yang HU,Xiao-Xing MA,Xian-Ping TAO,Jian LU

DOI: https://doi.org/10.3321/j.issn:0254-4164.2005.09.001

2005-01-01

Abstract:BackgroundReflective middleware is a noteworthy new direction of middleware research. It eliminates the deficiency of traditional object-oriented middleware systems by opening their “black-box” structure and providing inspection and adaptation capabilities for developers with computational reflection techniques. Reflective middleware supports the customization for different application domains and the adaptation of distributed applications to dynamically evolving environments and user requirements. Its strength has already been shown in the areas such as mobile computing, multimedia applications, etc. In this paper, after a brief introduction on computational reflection and reflective system, the kernel concepts and principles of reflective middleware are firstly introduced and a general reflective middleware structure is presented. Then authors propose a classification and comparison framework which …

Xiyuan Chen,Yang OUYang,Miaoliang Zhu,Yan He

DOI: https://doi.org/10.1109/ICYCS.2008.407

2008-01-01

Abstract:The emerging grid infrastructure presents many challenging security issues that demand new access approach due to its inherent heterogeneity, multidomain characteristic and highly dynamic nature. In order to protect the secure sharing and coordinated use of diverse resources in distributed "virtual organizations", fine-grained access control in grid computing is therefore very necessary and important. In this paper, a semantic-aware access conrtol(SAAC) extending the RBAC with the semantic specification is proposed. Supplying semantic specification by the implementation of semantic inference engine (SIE), the administration for the applicability of users' role memberships to particular permissions is much more easy and precise. The enforcement of the SAAC model for grid application is presented. An experimental evaluation of its overheads is also described.

hong mei,gang huang

DOI: https://doi.org/10.1109/FTDCS.2004.1316609

2004-01-01

Abstract:Reflective middleware is the major approach toimproving the adaptability of middleware and itsapplications. Current researches and practices pay littleattention on the usability of reflective middleware. Therealso lacks a systematic way to adapt runtime system viareflective middleware. This paper presents the design andimplementation of PKUAS, an architecture-basedreflective component operating platform compliant withJava 2 Platform Enterprise Edition. PKUAS constructsand represents its platform and applications from theperspective of software architecture so as to provide anunderstandable, user-friendly and systematic way to usereflective middleware.

Gang Huang,Tiancheng Liu,Hong Mei,Zizhan Zheng,Zhao Liu,Gang Fan

DOI: https://doi.org/10.1109/CMPSAC.2004.1342817

2004-01-01

Abstract:Autonomic computing middleware is a promising way to enable middleware based systems to cope with the rapid and continuous changes in the era of Internet. Technically, there have three fundamental and challenging capabilities to an autonomic computing middleware, including how to monitor, reason and control middleware platform and applications. This position paper presents a reflection-based approach to autonomic computing middleware, which shows the philosophy that autonomic computing should focus on how to reason while reflective computing supports how to monitor and control. In this approach, the states and behaviors of middleware-based systems can be observed and changed through reflective mechanisms embedded in middleware platform at runtime. On the basis of reflection, some autonomic computing facilities could be constructed to reason and decide when and what to change. The approach is demonstrated on a reflective J2EE application server, which can automatically optimize itself in the standard J2EE benchmark testing.

yang sizhong,liu jinde,luo zhigang

DOI: https://doi.org/10.1109/ICII.2001.983080

2001-01-01

Abstract:Current middleware is limited in its flexibility and adaptability in face of environment varying and different user requirements. Applying the reflection technology to the middleware design has become a new research field. First, the concepts of reflection and reflective middleware are introduced, and what benefits from reflect,c middleware are pointed out. This paper compares fie processing of middleware and the reflection mechanism, and then the reflective view of middleware is yielded. Based on this, the idea of employing binding-reification reflective model in middleware design is proposed and used in the design of a reflective middleware prototype named RECOM. Whereafter, this paper details the implementation of RECOM about its binding factories, reflective structure, and configurable reflective layers. Finally, some related work is discussed, and some concluding remarks and topics for further study are presented.

陈阳,佘堃,周明天

DOI: https://doi.org/10.3969/j.issn.1001-3695.2005.01.038

2005-01-01

Abstract:Here gives a design of expending security of J2EE architecture, which applied role-based access control to Web application on Internet. Web resources are considered as entitys identifiered by URI. An additional tire is applied to Web container to adapt 3th security products. The security issue considered in development phase can be moved to deployment.

ZJ He,T Phan,TD Nguyen

DOI: https://doi.org/10.1109/reldis.2005.17

2006-01-01

Journal of Computers

Abstract:We propose and evaluate a novel framework for enforcing global coordination and control policies over interacting software components in enterprise computing environments. This framework combines a per-node reference monitor with two existing coordination and control systems to enforce policies that, among other properties, are stateful and communal. Each reference monitor filters messages exchanged between the interacting software components similar to a firewall, passing only messages that are allowed by the policies in effect. This filtering approach decouples coordination and control from application implementation, allowing the coordination and control mechanism and application implementations to evolve independently of each other. We demonstrate the power of our framework by using it to specify and enforce an RBAC policy with delegation, revocation, and separation-of-duty over accesses to a cluster of NFS and SMB file servers without changing any client or server implementations. Measurements show that our framework imposes acceptable overheads when enforcing this policy.

Zhu Donglai,Han Weili

DOI: https://doi.org/10.3321/j.issn:1002-8331.2006.05.061

2006-01-01

Abstract:Usually there are many application systems in an enterprise.These applications mostly need an access control module to control access to sensitive information in the enterprise.But it is complicated and fallible for the security administrator(or system security officer) to manage all security policies in different applications.This paper introduces an access control service for multi enterprise applications which is based on J2EE(Java 2 platform,Enterprise Edition).The paper discusses three methods to invoke reference monitor of the access control service,embedded invoking,asynchronized embedded invoking using JMS and asynchronized distributed invoking using JMS.These methods can meet the different requirements of enterprise applications.finally,the paper discusses some guidelines and technologies which optimize the efficiency of reference monitor.

Yong QI,Ji-Zhong ZHAO,Di HOU,Jun-yi SHEN,Bing-Yi ZENG

2001-01-01

Journal of Computer Research and Development

Abstract:After introducing the techniques of application server, component and framework, explanations are given as to how to build up a high-performance, scalable, and robust infrastructure of Web-based distributed application server by combining the open, cross-platform, and cross-language capabilities of CORBA with the transactional business logic of Enterprise JavaBeans(EJB) technology. A system is made of component container, management console, transaction service, external resource management, naming service etc. It possesses the characteristic such as easy to develop, easy to manage and easy to load services etc. Introduced in this paper are the theory background, system architecture, key technology and application domain framework on it etc.

范同祥,宋斌恒

2006-01-01

Abstract:On study of GFAC(Generalized Framework for Access Control),this paper proposes a J2EE-based GFAX(JGFAC) and details its implementation using Java technology.To achieve the coexistence of multi-policy,it introduces a proxy mechanism.It also proposes a unified method to protect system resource and manage permissions,by enforcing access control on URL request.

Bo Du,Dong Wang,Songyan Ju

DOI: https://doi.org/10.1109/iccit.2009.80

2009-01-01

Abstract:Radio Frequency Identification (RFID) is one of the core technologies which can open the new era of ubiquitous computing history. With the prevalence of RFID technology, RFID middleware become the pivot of RFID application system. However, one major stumbling block of using RFID technology in ubiquitous environment is the lack of security enforcement. In this paper, we put forward a common layer for design of reconfigurable RFID middleware based on Open Service Gateway Initiative (OSGi) platform and propose the implementation of access control in security service layer for OSGi-based reconfigurable RFID middleware. At the end part of this paper, we provide a case study to evaluate the performance.

Lianshan Sun,Gang Huang,Yanchun Sun,Hui Song,Hong Mei

DOI: https://doi.org/10.1109/qsic.2008.4

2008-01-01

Abstract:Access control of sensitive resources is a widely used means to achieve information security. When building large-scale systems based on popular commercial component middleware, such as J2EE, a usual way to enforce access control is to define access control configurations for components in a declarative manner. These configurations can be interpreted by the J2EE security service to grant or deny access requests to components. However, it is difficult for the developers to define correct access control configurations according to complex and sometimes ambiguous real-world access control requirements. The difficulties come from mainly the complexity of configuring voluminous component methods in large-scale component based systems and some quality constraints on the configurations, for example, the completeness, consistency and performance overhead of configurations. In this paper, we propose a requirements model driven approach for automatic generation of J2EE access control configurations and demonstrate the approach in a J2EE blueprint application.

Tian-cheng LIU,Ming-hui ZHOU,Lei ZHU,Hong MEI

DOI: https://doi.org/10.3321/j.issn:0469-5097.2005.z1.034

2005-01-01

Tien Tzu Hsueh Pao/Acta Electronica Sinica

Abstract:Introducing the concepts of trust management into middleware helps resolving the problem of permission delegation and authorization in distributed environments. But it also takes notable performance overhead. After analyzing and improve the search algorithm of delegation chains, this paper proposes a method to trading off between system security and performance, which adapts trust level valve to decrease the request latency. Based on reflective middleware, a permission management framework of trading off is presented. This paper also presents the framework implementation on PKUAS, a J2EE-compliant middleware product and the experimental validation.

Jingshu Chen,Hong Wu,Qingyang Wang,Qingguan Wang

DOI: https://doi.org/10.1109/GCC.2006.15

2006-01-01

Abstract:A fundamental concern in building a secure grid computing environment is authentication of local and remote entities in the environment. The existing authentication technologies in the grid computing environments can effectively guarantee the valid authentication, but they cannot meet the demands of new security challenges in dynamic grid environment, such as flexibility, lightweight, and extensibility. In order to satisfy the security needs of the computational grid, we propose a reflective authentication framework which aims to improve the customizing ability of platform and adaptive ability in the open and dynamic grid environment

YANG CHUN,DENG FEIQI

DOI: https://doi.org/10.3969/j.issn.1008-0570.2007.30.027

2007-01-01

Abstract:The interface of middleware platform provides the stable application environment for high level applications.This paper in-troduced a message-oriented middleware which uses security middleware to handle the complexity of its security services.This paper discussed the research and implement of the network layer security connections,the transport layer data management and the API layer data management of the message-oriented middleware in details.

Xu Guangwei,Yin Jianwei,CHEN Gang,Dong Jinxiang

DOI: https://doi.org/10.3969/j.issn.1000-3428.2005.09.026

2005-01-01

Abstract:Current RBAC models have gained general recognition, but the realization of traditional RBAC is divorced from the organizational structure of enterprises, and the tight coincidence of authentication modules and applications causes troubles to maintenance and realization of the system. A principal-based authentication , authorization model and algorithm are introduced and they are based on the realized RBAC models, as well as a J2EE-based realization is presented.

B Xie,XL Gui,YN Li,DP Qian

DOI: https://doi.org/10.1007/978-3-540-30208-7_124

2004-01-01

Abstract:In this paper, a new Grid security framework based on dynamic access control is introduced to address some security problem in Grid. Based on the dynamic evaluating results about trusts among resources and users, users secure access levels are changed dynamically. The track of users behaviors using resources is criterion for assigning secure levels to different users and for allocating the resources to users in the next application execution. Here, the dynamic access controls are realized by mapping users secure levels to access rights. In our experiment Grid, the evaluation mechanism of users behaviors is applied to support the dynamic access control to Grid resources.