Skip to main content
SpringerLink
Log in

An Access Control Framework for Reflective Middleware

  • Regular Paper
  • Published:
Journal of Computer Science and Technology Aims and scope Submit manuscript

Abstract

Reflective middleware opens up the implementation details of middleware platform and applications at runtime for improving the adaptability of middleware-based systems. However, such openness brings new challenges to access control of the middleware-based systems. Some users can access the system via reflective entities, which sometimes cannot be protected by access control mechanisms of traditional middleware. To deliver high adaptability securely, reflective middleware should be equipped with proper access control mechanisms for potential access control holes induced by reflection. One reason of integrating these mechanisms in reflective middleware is that one goal of reflective middleware is to equip applications with reflection capabilities as transparent as possible. This paper studies how to design a reflective J2EE middleware — PKUAS with access control in mind. At first, a computation model of reflective system is built to identify all possible access control points induced by reflection. Then a set of access control mechanisms, including the wrapper of MBeans and a hierarchy of Java class loaders, are equipped for controlling the identified access control points. These mechanisms together with J2EE access control mechanism form the access control framework for PKUAS. The paper evaluates the security and the performance overheads of the framework in quality and quantity.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Similar content being viewed by others

References

  1. Agha G (ed.). Special Issue on Adaptive Middleware. Communications of ACM, 2002, 45(6): 30–64.

  2. Blair G S, Coulson G et al. The design and implementation of open ORB 2. IEEE Distributed Systems Online, 2001, 2(6): 1–40.

    Google Scholar 

  3. Mei H, Huang G. PKUAS: An architecture-based reflective component operating platform (invited paper). In Proc. the 10th IEEE Int. Workshop on Future Trends of Distributed Computing Systems, Kawada S (ed.), Suzhou, IEEE Computer Society, 2004, pp.163–169.

  4. Smith B C. Procedural reflection in programming languages [Dissertation]. MIT, 1982.

  5. Yokote Y. The apertos reflective operating system: The concept and its implementation. In Proc. Conference on Object-Oriented Programming Systems Languages and Applications (OOPSLA’92), Vancouver, Canada, ACM SIGPLAN Notices, ACM Press, 1992, 27(10): 414–434.

  6. McAffer J. The CodA MOP. In Proc. Workshop on Object-Oriented Reflection and Metalevel Architectures, Washington DC, USA, 1993. ACM.

  7. Ledoux T. OpenCorba: A reflective open broker. In Proc. the 2nd International Conference on Reflection, Saint-Malo, France, LNCS 1616, Heidelberg: Springer-Verlag, 1999, pp.197–214.

    Google Scholar 

  8. Maes P. Concepts and experiments in computational reflection. In Proc. ACM Conference on Object-Oriented Programming, Systems, Languages and Applications (OOPSLA’87), Orlando, FL, USA, October 1987, pp.147–155.

  9. Vimercatil S, Paraboschi S, Samaratil P. Access control: Principles and solutions. Software Practice and Experience, 2003, 33(5): 397–421.

    Article  Google Scholar 

  10. Java 2 Platform Enterprise Edition Specification. Version 1.3, SUN Microsystems, 2001.

  11. Enterprise JavaBeans Specification. Version 2.0, SUN Microsystems, 2001.

  12. Java 2 Platform, Enterprise Edition Management Specification. Sun Microsystems, 2002.

  13. Huang G, Liu T C, Mei H, Zheng Z Z, Liu Z, Fan G. Towards autonomic computing middleware via reflection. In Proc. COMPSAC 2004, Hong Kong, China, pp.122–127.

  14. Java™ Management Extensions Instrumentation and Agent Specification. v1.4, Sun Microsystems, 2006.

  15. Caromel D, Vayssiere J. A security framework for reflective Java applications. Software Practice and Experience, 2003, 33(9): 821–846.

    Article  Google Scholar 

  16. Gosling J, Joy B, Steele G, Bracha G. The Java Language Specification. Second Edition, SUN, 2000.

  17. Huang G, Mei H, Yang F Q. Runtime recovery and manipulation of software architecture of component-based systems. International Journal of Automated Software Engineering, Springer, 2006, 13(2): 257–281.

  18. Lan L, Huang G, Ma L, Wang M, Mei H, Zhang L, Chen Y. Architecture based deployment of large-scale component based systems: The tool and principles. In Proc. 8th International SIGSOFT Symposium on Component-Based Software Engineering (CBSE), St. Louis, USA, 2005, LNCS 3489, Springer, pp.123–138.

  19. Ibrahim M H (ed.). Report of the First Workshop on Reflection and Metalevel Architectures in Object-Oriented Programming. OOPSLA/ECOOP, Ottawa, Canada, 1990.

  20. Kon F, Roman M, Liu P, Mao J, Yamane T, Magalhaes L C, Campbell R H. Monitoring, security, and dynamic configuration with the dynamicTAO reflective ORB. In Proc. IFIP/ACM International Conference on Distributed Systems Platforms and Open Distributed Processing, New York, USA, LNCS 1795, Sventek J, Coulson G (eds.), Springer-Verlag, 2000, pp.121–143.

  21. Hayton R, Team A. FlexiNet architecture. Citrix Systems (Cambridge) Limited, Architecture raport, Technical Report, 1999.

  22. Cazzola W. Communication-oriented reflection: A way to open up the RMI mechanism [Dissertation]. Universit àdegli Studi di Milano, Milano, Italy, 2001.

  23. Fleury M, Reverbel F. The JBoss extensible server. In Proc. IFIP/ACM Middleware’03, Rio de Janeiro, Brazil, LNCS 2672, Endler M, Schmidt D C (eds.), Springer-Verlag, 2003, pp.344–373.

  24. Oliva A, Buzato L E. The design and implementation of Guaraná. In Proc. the 5th Conference on USENIX Conference on Object-Oriented Technologies & Systems, Volume 5, San Diego, California, USA, 1999, pp.121–143.

  25. Welch I. Using load-time metaobject protocol to enforce access control policies upon user-level compiled code [Dissertation]. Univ. of Newcastle-Upon-Tyne, 2004.

  26. Sun L, Huang G, Sun Y et al. An approach for generation of J2EE access control configurations from requirements specification. In Proc. the 8th International Conference on Quality Software, Oxford, UK, August 12–13, 2008, pp.87–96.

  27. Sun L, Huang G, Mei H. Validating access control configurations in J2EE applications. In Proc. the 11th International Symposium on Component Based Software Engineering (CBSE-2008), Karlsruhe, Germany, October 14–17, 2008.

Download references

Author information

Authors and Affiliations

  1. Key Laboratory of High Confidence Software Technologies, Ministry of Education, Beijing, 100871, China

    Gang Huang & Lian-Shan Sun

  2. School of Electronics Engineering and Computer Science, Peking University, Beijing, 100871, China

    Gang Huang & Lian-Shan Sun

Authors
  1. Gang Huang
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Lian-Shan Sun
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Gang Huang.

Additional information

This work is supported by the National Basic Research 973 Program of China under Grant No. 2005CB321805, the National High-Tech Research and Development 863 Program of China under Grant No. 2007AA010301, the National Natural Science Foundation of China under Grant No. 60528006 and the Fok Ying Tung Education Foundation.

Electronic supplementary material

Below is the link to the electronic supplementary material.

(PDF 66.9 kb).

Rights and permissions

Reprints and permissions

About this article

Cite this article

Huang, G., Sun, LS. An Access Control Framework for Reflective Middleware. J. Comput. Sci. Technol. 23, 895–904 (2008). https://doi.org/10.1007/s11390-008-9188-x

Download citation

  • Received:

  • Revised:

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s11390-008-9188-x

Keywords

Search

Navigation