An Access Control Framework for Reflective Middleware

Reflective middleware opens up the implementationdetails of middleware platform and applications at runtime for improvingthe adaptability of middleware-based systems. However, such opennessbrings new challenges to access control of the middleware-basedsystems. Some users can access the system via reflective entities,which sometimes cannot be protected by access control mechanisms oftraditional middleware. To deliver high adaptability securely,reflective middleware should be equipped with proper access controlmechanisms for potential access control holes induced by reflection.One reason of integrating these mechanisms in reflective middleware isthat one goal of reflective middleware is to equip applications withreflection capabilities as transparent as possible. This paper studieshow to design a reflective J2EE middleware --- PKUAS with access control inmind. At first, a computation model of reflective system is built toidentify all possible access control points induced by reflection. Thena set of access control mechanisms, including the wrapper of MBeans anda hierarchy of Java class loaders, are equipped for controlling theidentified access control points. These mechanisms together with J2EEaccess control mechanism form the access control framework for PKUAS.The paper evaluates the security and the performance overheads of theframework in quality and quantity.