Kiev Gama
ABSTRACT
Dynamic component-based platforms allow software to evolve at runtime, that is, components that can be located, loaded, and executed during runtime. Such dynamic update mechanism provides flexibility but introduces new challenges. This is especially true when dealing with third-party components, which make hard to predict the impacts (e.g., component incompatibilities at runtime, errors leading to application crashes) when integrating such thirdparty code into an application. Component quality is something hard to be evaluated and even harder when components are combined together. Third-party components whose origin or quality attributes are unknown may be considered as untrustworthy since they may potentially introduce faults to applications, although unintentionally. This paper describes the dynamic policy (i.e. changeable at runtime) behind our solution for temporarily isolating components in a sandbox, avoiding the trusted components to be disturbed in case the third-party code behaves inappropriately. By providing such mechanism we help introducing dependability attributes (namely maintainability, reliability and availability) in the component platform's architecture. In case the component presents no harm to the system, our approach provides the ability to promote a component outside the sandbox.
- Lehman, M. M. and Belady, L. A. (Eds.). 1985. Program Evolution: Processes of Software Change. Academic Press Prof., Inc., San Diego, CA, USA. Google Scholar
Digital Library
- Oreizy, P., Medvidovic, N., and Taylor, R. N. 2008. Runtime software adaptation: framework, approaches, and styles. In Companion of the 30th international conference on Software engineering (ICSE Companion '08). ACM, New York, NY, USA, 899--910. Google ScholarDigital Library
- Parnas, D. 1994. Software aging. In Proceedings of the 16th international conference on Software engineering (ICSE '94). IEEE Computer Society Press, Los Alamitos, CA, USA, 279--287. Google ScholarCross Ref
- Rodero-Merino, Luis, et al. "Building safe PaaS clouds: A survey on security in multitenant software platforms." computers & security 31.1 (2012): 96--108. Google ScholarDigital Library
- Szyperski, C., Gruntz, D., Murer, S. Component Software: Beyond Object-Oriented Programming. Addison-Wesley, second edition (2002) Google ScholarDigital Library
- OSGi Service Platform. www.osgi.orgGoogle Scholar
- Plasil, F., Balek, D., Janecek, R.: SOFA/DCUP: architecture for component trading and dynamic updating. In: 4th Intl. Conf. on Configurable Distributed Sys., pp. 43--51 (1998) Google ScholarDigital Library
- Kon, F. and Campbell, R. H. 2000. Dependence Management in Component-Based Distributed Systems. IEEE Concurrency 8, 1 (January 2000), 26--36. Google ScholarDigital Library
- Nagel, C., Evjen, B., Glynn, J., Watson, K., Skinner, M.: Professional C# 4 and .NET 4. Wiley Publishing (2010) Google ScholarDigital Library
- Crnkovic, I. and Larsson, M. (Editors). Building Reliable Component-Based Software Systems, Artech House Publishers, July, 2002 Google ScholarDigital Library
- Armstrong, J. "Making reliable distributed systems in the presence of software errors", PhD dissertation, The Royal Institute of Technology, Stockholm, Sweden, Dec/2003Google Scholar
- Fox, A., Patterson, D.: Guest Editors' Introduction: Approaches to Recovery-Oriented Computing. IEEE Internet Computing, vol. 9, no. 2, 14--16 (2005) Google ScholarDigital Library
- Tian, J.: Software Quality Engineering: Testing, Quality Assurance, and Quantifiable Improvement. Wiley-IEEE Computer Society Press (2005) Google ScholarDigital Library
- Avižienis, A., Laprie, J., Randell, B., and Landwehr, C. 2004. Basic Concepts and Taxonomy of Dependable and Secure Computing. IEEE Transactions on Dependable and Secure Computing 1, 1 (Jan. 2004), 11--33. Google ScholarDigital Library
- Voas, J., "Error propagation analysis for COTS systems," IEEE Comput. Control Eng. J., vol. 8, no. 6, pp. 269--272, Dec. 1997.Google Scholar
- Fritzinger, J. S. and Mueller, M., "Java security," Tech. Rep., Sun Microsystems, Inc., Palo Alto, CA, 1996.Google Scholar
- Dai, A., "Exploring the .NET Framework 4 Security Model", MSDN Magazine, November 2009.Google Scholar
- Hunt, G. C. and Larus, J. R. 2007. Singularity: rethinking the software stack. SIGOPS Oper. Syst. Rev. 41, 2 (April 2007), 37--49. Google ScholarDigital Library
Index Terms
- Dynamically reconfigurable trust policies for untrustworthy third-party components
Recommendations
Developing Product Lines with Third-Party Components
The trends toward product line development and toward adopting more third-party software are hard to combine. The reason is that product lines demand fine control over the software (e.g., for diversity management), while third-party software (almost by ...
Detecting repackaged smartphone applications in third-party android marketplaces
CODASPY '12: Proceedings of the second ACM conference on Data and Application Security and PrivacyRecent years have witnessed incredible popularity and adoption of smartphones and mobile devices, which is accompanied by large amount and wide variety of feature-rich smartphone applications. These smartphone applications (or apps), typically organized ...
Component-based software engineering and the issue of trust
ICSE '00: Proceedings of the 22nd international conference on Software engineeringSoftware component consumers are entitled to trusted components. This panel addresses the criteria for trusted components and presents generally accepted definitions for all terms used to describe both software components and the methods and processes ...
Comments