• Distributed Computing and Systems • Previous Articles     Next Articles

An Access Control Framework for Reflective Middleware

Gang Huang and Lian-Shan Sun   

  1. Key Laboratory of High Confidence Software Technologies, Ministry of Education, Beijing 100871, China School of Electronics Engineering and Computer Science, Peking University, Beijing 100871, China
  • Received:2007-07-05 Revised:2008-07-17 Online:2008-11-10 Published:2008-11-10

Reflective middleware opens up the implementation details of middleware platform and applications at runtime for improving the adaptability of middleware-based systems. However, such openness brings new challenges to access control of the middleware-based systems. Some users can access the system via reflective entities, which sometimes cannot be protected by access control mechanisms of traditional middleware. To deliver high adaptability securely, reflective middleware should be equipped with proper access control mechanisms for potential access control holes induced by reflection. One reason of integrating these mechanisms in reflective middleware is that one goal of reflective middleware is to equip applications with reflection capabilities as transparent as possible. This paper studies how to design a reflective J2EE middleware --- PKUAS with access control in mind. At first, a computation model of reflective system is built to identify all possible access control points induced by reflection. Then a set of access control mechanisms, including the wrapper of MBeans and a hierarchy of Java class loaders, are equipped for controlling the identified access control points. These mechanisms together with J2EE access control mechanism form the access control framework for PKUAS. The paper evaluates the security and the performance overheads of the framework in quality and quantity.

[1] Agha G (ed.). Special Issue on Adaptive Middleware. \it Communications of ACM, \rm 2002, 45(6): 30--64.
[2]} Blair G S, Coulson G \it et al. \rm The design and implementation of open ORB 2. \it IEEE Distributed Systems Online, \rm 2001, 2(6): 1--40.
[3]} Mei H, Huang G. PKUAS: An architecture-based reflective component operating platform (invited paper). In \it Proc. the 10th IEEE Int. Workshop on Future Trends of Distributed Computing Systems, \rm Kawada S (ed.), Suzhou, IEEE Computer Society, 2004, pp.163--169.
[4]} Smith B C. Procedural reflection in programming languages [Dissertation]. MIT, 1982.
[5]} Yokote Y. The apertos reflective operating system: The concept and its implementation. In \it Proc. Conference on Object-Oriented Programming Systems Languages and Applications $($OOPSLA'92$)$, \rm Vancouver, Canada, {\it ACM SIGPLAN Notices}, ACM Press, 1992, 27(10): 414--434.
[6]} McAffer J. The CodA MOP. In \it Proc. Workshop on Object-Oriented Reflection and Metalevel Architectures, \rm Washington DC, USA, 1993. ACM.
[7]} Ledoux T. OpenCorba: A reflective open broker. In \it Proc. the 2nd International Conference on Reflection, \rm Saint-Malo, France, \it LNCS \rm 1616, Heidelberg: Springer-Verlag, 1999, pp.197--214.
[8]} Maes P. Concepts and experiments in computational reflection. In \it Proc. ACM Conference on Object-Oriented Programming, Systems, Languages and Applications $($OOPSLA'87$)$, \rm Orlando, FL, USA, October 1987, pp.147--155.
[9]} Vimercatil S, Paraboschi S, Samaratil P. Access control: Principles and solutions. \it Software Practice and Experience, \rm 2003, 33(5): 397--421.
[10]} Java 2 Platform Enterprise Edition Specification. Version 1.3, SUN Microsystems, 2001.
[11]} Enterprise JavaBeans Specification. Version 2.0, SUN Microsystems, 2001.
[12]} Java 2 Platform, Enterprise Edition Management Specification. Sun Microsystems, 2002.
[13]} Huang G, Liu T C, Mei H, Zheng Z Z, Liu Z, Fan G. Towards autonomic computing middleware via reflection. In \it Proc. COMPSAC \rm 2004, Hong Kong, China, pp.122--127.
[14]} Java$^{\rm TM}$ Management Extensions Instrumentation and Agent Specification. v1.4, Sun Microsystems, 2006.
[15]} Caromel D, Vayssiere J. A security framework for reflective Java applications. \it Software Practice and Experience, \rm 2003, 33(9): 821--846.
[16]} Gosling J, Joy B, Steele G, Bracha G. The Java Language Specification. Second Edition, SUN, 2000.
[17]} Huang G, Mei H, Yang F Q. Runtime recovery and manipulation of software architecture of component-based systems. \it International Journal of Automated Software Engineering, \rm Springer, 2006, 13(2): 257--281.
[18]} Lan L, Huang G, Ma L, Wang M, Mei H, Zhang L, Chen Y. Architecture based deployment of large-scale component based systems: The tool and principles. In \it Proc. 8th International SIGSOFT Symposium on Component-Based Software Engineering $($CBSE$)$, \rm St. Louis, USA, 2005, \it LNCS \rm 3489, Springer, pp.123--138.
[19]} Ibrahim M H (ed.). Report of the First Workshop on Reflection and Metalevel Architectures in Object-Oriented Programming. OOPSLA/ECOOP, Ottawa, Canada, 1990.
[20]} Kon F, Roman M, Liu P, Mao J, Yamane T, Magalhaes L C, Campbell R H. Monitoring, security, and dynamic configuration with the dynamicTAO reflective ORB. In \it Proc. IFIP/ACM International Conference on Distributed Systems Platforms and Open Distributed Processing, \rm New York, USA, \it LNCS \rm 1795, Sventek J, Coulson G (eds.), Springer-Verlag, 2000, pp.121--143.
[21]} Hayton R, Team A. FlexiNet architecture. Citrix Systems (Cambridge) Limited, Architecture raport, Technical Report, 1999.
[22]}Cazzola W. Communication-oriented reflection: A way to open up the RMI mechanism [Dissertation]. Universit \`adegli Studi di Milano, Milano, Italy, 2001.
[23]} Fleury M, Reverbel F. The JBoss extensible server. In \it Proc. IFIP/ACM Middleware'03, \rm Rio de Janeiro, Brazil, \it LNCS \rm 2672, Endler M, Schmidt D C (eds.), Springer-Verlag, 2003, pp.344--373.
[24]}Oliva A, Buzato L E. The design and implementation of Guaran\'a. In \it Proc. the 5th Conference on USENIX Conference on Object-Oriented Technologies $\&$ Systems, \rm Volume 5, San Diego, California, USA, 1999, pp.121--143.
[25]} Welch I. Using load-time metaobject protocol to enforce access control policies upon user-level compiled code [Dissertation]. Univ. of Newcastle-Upon-Tyne, 2004.
[26]} Sun L, Huang G, Sun Y \it et al. \rm An approach for generation of J2EE access control configurations from requirements specification. In \it Proc. the 8th International Conference on Quality Software, Oxford, \rm UK, August 12--13, 2008, pp.87--96.
[27]} Sun L, Huang G, Mei H. Validating access control configurations in J2EE applications. In \it Proc. the 11th International Symposium on Component Based Software Engineering $($CBSE-2008$)$, \rm Karlsruhe, Germany, October 14--17, 2008.
No related articles found!
Full text



[1] Lu Qi; Zhang Fubo; Qian Jiahua;. Program Slicing:Its Improved Algorithm and Application in Verification[J]. , 1988, 3(1): 29 -39 .
[2] Xu Jie; Li Qingnan; Huang Shize; Xu Jiangfeng;. DFTSNA:A Distributed Fault-Tolerant Shipboard System[J]. , 1990, 5(2): 109 -116 .
[3] Jia Li, Li-Yong Shen, and Xiao-Shan Gao. Proper Reparametrization of Rational Ruled Surface[J]. , 2008, 23(2): 290 -297 .
[4] Shao-Liang Peng, Member, CCF, ACM, IEEE, Shan-Shan Li, Xiang-Ke Liao, Yu-Xing Peng, and Nong Xiao, Member, CCF, ACM, IEEE. Estimation of a Population Size in Large-Scale Wireless Sensor Networks[J]. , 2009, 24(5): 987 -inside back cover .
[5] Antonio Fernández Anta, Senior Member, ACM, IEEE, Ernesto Jiménez and Michel Raynal. Eventual Leader Election with Weak Assumptions on Initial Knowledge, Communication Reliability, and Synchrony[J]. , 2010, 25(6): 1267 -1281 .
[6] Yuan Li, Xing-Chen Wang, Lin Huang, Yun-Lei Zhao. Order-Revealing Encryption: File-Injection Attack and Forward Security[J]. Journal of Computer Science and Technology, 2021, 36(4): 877 -895 .
[7] Fan Zhang, Xin Zhang, Xue-Ying Qin, Cai-Ming Zhang. Enlarging Image by Constrained Least Square Approach with Shape Preserving[J]. , 2015, 30(3): 489 -498 .
[8] Meng Chen, Xiaohui Yu, Yang Liu. Mining Object Similarity for Predicting Next Locations[J]. , 2016, 31(4): 649 -660 .
[9] Peng-Peng Chen, Hai-Long Sun, Yi-Li Fang, Jin-Peng Huai. Collusion-Proof Result Inference in Crowdsourcing[J]. , 2018, 33(2): 351 -365 .
[10] Wen-Guang Chen, Xue-Ming Si. Preface[J]. , 2018, 33(3): 531 -532 .

ISSN 1000-9000(Print)

CN 11-2296/TP

Editorial Board
Author Guidelines
Journal of Computer Science and Technology
Institute of Computing Technology, Chinese Academy of Sciences
P.O. Box 2704, Beijing 100190 P.R. China
E-mail: jcst@ict.ac.cn
  Copyright ©2015 JCST, All Rights Reserved