Dynamically reconfigurable trust policies for untrustworthy third-party components
Authors: 
Kiev Gama, 
Didier DonsezAuthors Info & Claims
Kiev Gama, Didier DonsezAuthors Info & ClaimsPages 1204 - 1209
Abstract
Dynamic component-based platforms allow software to evolve at runtime, that is, components that can be located, loaded, and executed during runtime. Such dynamic update mechanism provides flexibility but introduces new challenges. This is especially true when dealing with third-party components, which make hard to predict the impacts (e.g., component incompatibilities at runtime, errors leading to application crashes) when integrating such thirdparty code into an application. Component quality is something hard to be evaluated and even harder when components are combined together. Third-party components whose origin or quality attributes are unknown may be considered as untrustworthy since they may potentially introduce faults to applications, although unintentionally. This paper describes the dynamic policy (i.e. changeable at runtime) behind our solution for temporarily isolating components in a sandbox, avoiding the trusted components to be disturbed in case the third-party code behaves inappropriately. By providing such mechanism we help introducing dependability attributes (namely maintainability, reliability and availability) in the component platform's architecture. In case the component presents no harm to the system, our approach provides the ability to promote a component outside the sandbox.
References
[1]
Lehman, M. M. and Belady, L. A. (Eds.). 1985. Program Evolution: Processes of Software Change. Academic Press Prof., Inc., San Diego, CA, USA.
[2]
Oreizy, P., Medvidovic, N., and Taylor, R. N. 2008. Runtime software adaptation: framework, approaches, and styles. In Companion of the 30th international conference on Software engineering (ICSE Companion '08). ACM, New York, NY, USA, 899--910.
[3]
Parnas, D. 1994. Software aging. In Proceedings of the 16th international conference on Software engineering (ICSE '94). IEEE Computer Society Press, Los Alamitos, CA, USA, 279--287.
[4]
Rodero-Merino, Luis, et al. "Building safe PaaS clouds: A survey on security in multitenant software platforms." computers & security 31.1 (2012): 96--108.
[5]
Szyperski, C., Gruntz, D., Murer, S. Component Software: Beyond Object-Oriented Programming. Addison-Wesley, second edition (2002)
[6]
OSGi Service Platform. www.osgi.org
[7]
Plasil, F., Balek, D., Janecek, R.: SOFA/DCUP: architecture for component trading and dynamic updating. In: 4th Intl. Conf. on Configurable Distributed Sys., pp. 43--51 (1998)
[8]
Kon, F. and Campbell, R. H. 2000. Dependence Management in Component-Based Distributed Systems. IEEE Concurrency 8, 1 (January 2000), 26--36.
[9]
Nagel, C., Evjen, B., Glynn, J., Watson, K., Skinner, M.: Professional C# 4 and .NET 4. Wiley Publishing (2010)
[10]
Crnkovic, I. and Larsson, M. (Editors). Building Reliable Component-Based Software Systems, Artech House Publishers, July, 2002
[11]
Armstrong, J. "Making reliable distributed systems in the presence of software errors", PhD dissertation, The Royal Institute of Technology, Stockholm, Sweden, Dec/2003
[12]
Fox, A., Patterson, D.: Guest Editors' Introduction: Approaches to Recovery-Oriented Computing. IEEE Internet Computing, vol. 9, no. 2, 14--16 (2005)
[13]
Tian, J.: Software Quality Engineering: Testing, Quality Assurance, and Quantifiable Improvement. Wiley-IEEE Computer Society Press (2005)
[14]
Avižienis, A., Laprie, J., Randell, B., and Landwehr, C. 2004. Basic Concepts and Taxonomy of Dependable and Secure Computing. IEEE Transactions on Dependable and Secure Computing 1, 1 (Jan. 2004), 11--33.
[15]
Voas, J., "Error propagation analysis for COTS systems," IEEE Comput. Control Eng. J., vol. 8, no. 6, pp. 269--272, Dec. 1997.
[16]
Fritzinger, J. S. and Mueller, M., "Java security," Tech. Rep., Sun Microsystems, Inc., Palo Alto, CA, 1996.
[17]
Dai, A., "Exploring the .NET Framework 4 Security Model", MSDN Magazine, November 2009.
[18]
Hunt, G. C. and Larus, J. R. 2007. Singularity: rethinking the software stack. SIGOPS Oper. Syst. Rev. 41, 2 (April 2007), 37--49.
Index Terms
- Dynamically reconfigurable trust policies for untrustworthy third-party components
Recommendations
Developing Product Lines with Third-Party Components
The trends toward product line development and toward adopting more third-party software are hard to combine. The reason is that product lines demand fine control over the software (e.g., for diversity management), while third-party software (almost by ...
Component-based software engineering and the issue of trust
ICSE '00: Proceedings of the 22nd international conference on Software engineeringSoftware component consumers are entitled to trusted components. This panel addresses the criteria for trusted components and presents generally accepted definitions for all terms used to describe both software components and the methods and processes ...
Detecting repackaged smartphone applications in third-party android marketplaces
CODASPY '12: Proceedings of the second ACM conference on Data and Application Security and PrivacyRecent years have witnessed incredible popularity and adoption of smartphones and mobile devices, which is accompanied by large amount and wide variety of feature-rich smartphone applications. These smartphone applications (or apps), typically organized ...
Comments
Information & Contributors
Information
Published In
Copyright © 2016 ACM.
Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]
Sponsors
Publisher
Association for Computing Machinery
New York, NY, United States
Publication History
Published: 04 April 2016
Check for updates
Author Tags
Qualifiers
- Research-article
Funding Sources
Conference
SAC 2016
Sponsor:
Acceptance Rates
SAC '16 Paper Acceptance Rate 252 of 1,047 submissions, 24%;
Overall Acceptance Rate 1,650 of 6,669 submissions, 25%
Upcoming Conference
SAC '25
- Sponsor:
- sigapp
Contributors
Other Metrics
Bibliometrics & Citations
Bibliometrics
Article Metrics
- 0Total Citations
- 75Total Downloads
- Downloads (Last 12 months)0
- Downloads (Last 6 weeks)0
Reflects downloads up to 07 Mar 2025
Other Metrics
Citations
View Options
Login options
Check if you have access through your login credentials or your institution to get full access on this article.
Sign in