Method-Specific Access Control in Java via Proxy Objects using Annotations

Zarnett, Jeffrey

January 2010

Partially restricting access to objects enables system designers to finely control the security of their systems. We propose a novel approach that allows granting partial access at method granularity on arbitrary objects to remote clients, using proxy objects. Our initial approach considers methods to be either safe (may be invoked by anyone) or unsafe (may be invoked only by trusted users). We next generalize this approach by supporting Role-Based Access Control (RBAC) for methods in objects. In our approach, a policy implementer annotates methods, interfaces, and classes with roles. Our system automatically creates proxy objects for each role, which contain only methods to which that role is authorized. This thesis explains the method annotation process, the semantics of annotations, how we derive proxy objects based on annotations, and how clients invoke methods via proxy objects. We present the advantages to our approach, and distinguish it from existing approaches to method-granularity access control. We provide detailed semantics of our system, in First Order Logic, to describe its operation. We have implemented our system in the Java programming language and evaluated its performance and usability. Proxy objects have minimal overhead: creation of a proxy object takes an order of magnitude less time than retrieving a reference to a remote object. Deriving the interface---a one-time cost---is on the same order as retrieval. We present empirical evidence of the effectiveness of our approach by discussing its application to software projects that range from thousands to hundreds of thousands of lines of code; even large software projects can be annotated in less than a day.

Access Control

Java

Proxy Object

Annotation

Security

Electrical and Computer Engineering

Object Histories in Java

Nair, Aakarsh

21 April 2010

Developers are often faced with the task of implementing new features or diagnosing problems in large software systems. Convoluted control and data flows in large object-oriented software systems, however, make even simple tasks extremely difficult, time-consuming, and frustrating. Specifically, Java programs manipulate objects by adding and removing them from collections and by putting and getting them from other objects' fields. Complex object histories hinder program understanding by forcing software maintainers to track the provenance of objects through their past histories when diagnosing software faults. In this thesis, we present a novel approach which answers queries about the evolution of objects throughout their lifetime in a program. On-demand answers to object history queries aids the maintenance of large software systems by allowing developers to pinpoint relevant details quickly. We describe an event-based, flow-insensitive, interprocedural program analysis technique for computing object histories and answering history queries. Our analysis technique identifies all relevant events affecting an object and uses pointer analysis to filter out irrelevant events. It uses prior knowledge of the meanings of methods in the Java collection classes to improve the quality of the histories. We present the details of our technique and experimental results that highlight the utility of object histories in common programming tasks.

Object histories

Java

Program understanding

static analysis

Electrical and Computer Engineering

Wireless Sensor Network Setup : Wireless sensor motes embedded programing

Iqbal, Javed, Moughal, Farhan

January 2010

Exploitation of wireless sensor networks (WSNs) in ubiquitous computing environments is continuously increasing for gathering data. Contemporary distributed software systems on WSNs for pragmatic business applications have become extremely adaptive, dynamic, heterogeneous and large scaled. Management of such system is not trivial to fulfil these features, leading to more and more complex management and configuration. Along with encompassing state of art and novel techniques for such diversely dynamic system, in this thesis two alternative techniques namely “task initiation by command” and “run-time task deployment and processing” are compared, for such system’s setup and configuration. Both techniques have their own pros and cons which makes them suitable according to the requirements and contextual situations. A lot of effort has been put to make WSNs more and more efficient in terms of computations and power consumption. Hence comparative analysis of both techniques used in this report to setup and configure WSN can be a benchmark to lead towards most appropriate solution to compensate the need of efficient energy and resource consumption.Both alternative schemes are implemented to setup WSN on Sun Microsystems sunSPOT (Small Programmable Object Technology) sensor nodes which are embedded microcontrollers and programmed them in java (j2me). It performs radio communication between wireless sensors and host via sink node also called base station, along with over the air run-time management of sensors. SunSPOTs built in libraries and KSN libraries are used to implement these alternatives and compare the memory footprint, communication pattern and energy consumption.Exploitation of wireless sensor networks (WSNs) in ubiquitous computing environments is continuously increasing for gathering data. Contemporary distributed software systems on WSNs for pragmatic business applications have become extremely adaptive, dynamic, heterogeneous and large scaled. Management of such system is not trivial to fulfil these features, leading to more and more complex management and configuration. Along with encompassing state of art and novel techniques for such diversely dynamic system, in this thesis two alternative techniques namely “task initiation by command” and “run-time task deployment and processing” are compared, for such system’s setup and configuration. Both techniques have their own pros and cons which makes them suitable according to the requirements and contextual situations. A lot of effort has been put to make WSNs more and more efficient in terms of computations and power consumption. Hence comparative analysis of both techniques used in this report to setup and configure WSN can be a benchmark to lead towards most appropriate solution to compensate the need of efficient energy and resource consumption.Both alternative schemes are implemented to setup WSN on Sun Microsystems sunSPOT (Small Programmable Object Technology) sensor nodes which are embedded microcontrollers and programmed them in java (j2me). It performs radio communication between wireless sensors and host via sink node also called base station, along with over the air run-time management of sensors. SunSPOTs built in libraries and KSN libraries are used to implement these alternatives and compare the memory footprint, communication pattern and energy consumption.

Subversion Statistics Tool

Lindblad, Niclas

January 2008

På Linköpings universitet använder man sig sällan av versionshanteringssystem i kurser. Istället sparas till exempel programmeringslabbar på enskilda personers UNIX konton. Detta leder till problem både när man programmerar i grupp men också om någonting skulle gå snett. Labhandledaren har också mycket sämre vetskap om hur specifika gruppers arbeten framskrider och många grupper kan få hjälp för sent på grund av detta. Troligtvis kommer versionshanteringssystem användas mycket mer i framtiden. Att läsa versionsloggar för att följa upp grupper är ett osmidigt och tidskrävande jobb och ger dålig överblick. Detta examensarbete beskriver ett verktyg till hjälp för labhandledaren i kurser där versionshanteringssystem används. Tillvägagångssättet och designen men även vilka problem som uppstod är fokus i rapporten. Resultatet av examensarbetet är en webapplikation som visar statistik för alla labgrupper i en specifik kurs, både textuellt och grafiskt. Webapplikationen strävar efter att bete sig som en vanlig och lättanvänd skrivbordsapplikation. Detta verktyg ger labhandledaren bättre överblick över individernas arbete samtidigt som fusk kan komma att uppmärksammas.

versionshanteringssystem

webapplikation

webprogrammering i Java

statistikverktyg

dynamisk webdesign

Utveckling och utvärdering av Java-applikationer : Två praktiska exempel genom systemutvecklingsprocessen

Olsson, Maria

January 2006

Uppsatsen behandlar systemutvecklingsprocessen med fokusering på utvecklingsarbete och utvärdering. Syftet med uppsatsen har varit att genomföra ett systemutvecklingsarbete. För att uppnå det har två förstaversioner av en Java-applikation utvecklats. De två applikationerna jämförs och utvärderas sedan för att ge ett svar på vilken som bäst lämpar sig för vidareutveckling. Ett annat syfte med arbetet har varit att utveckla mig själv och av den anledningen har jag valt att göra två applikationer på olika sätt. Då applikationerna hanterar sökning av böcker skrivna av Astrid Lindgren har ett delsyfte inneburit att sprida information om författarens böcker och göra det enklare att få information om dem. Uppsatsen kan användas som ett praktiskt exempel på hur ett systemutvecklingsarbete kan gå till. Arbetet beskrivs främst utifrån rollen som utvecklare och utvärderare men jag har även varit beställare då jag gett uppdraget till mig själv. Av de två applikationerna som utvecklats körs klientapplikationen lokalt på datorn medan serverapplikationen ligger på en server där användaren kommer åt den genom en webbläsare. Efter utvecklingen genomfördes en utvärdering som bestod av tre delar. Jag kontrollerade hur väl de krav som ställts upp innan utvecklingen tillgodosetts. Därtill genomfördes en egen testning och även acceptanstester med tänkta användare. Resultatet påvisade att applikationerna blev väldigt lika och hade ungefär samma förutsättningar för en vidareutveckling. Skillnaden ligger i hur användaren kommer åt applikationen. Min bedömning är att serverapplikationen är bäst lämpad för vidareutveckling då fler användare kommer åt den på ett enkelt sätt.

Systemutveckling

utveckling

utvärdering

applikation

Java

Informatics and systems science

Informatik och systemvetenskap

An implementation of a rational, reactive agent

Engberg, Mattias

January 2003

We are working on the development and design of an approach to agents that can reason, react to the environment and are able to update their own knowledge as a result of new incoming information. In the resulting framework, rational, reactive agents can dynamically change their own knowledge bases as well as their own goals. An agent can make observations, learn new facts and new rules from the environment, and then update its knowledge accordingly. The knowledge base of an agent and its updating mechanism has been implemented in Logic Programming. The agent’s framework is implemented in Java. This aim of this thesis is to design and implement an architecture of a reactive, rational agent in both Java and Prolog and to test the interaction between the rational part and the reactive part of the agent. The agent architecture is called RR-agent and consists of six more or less components, four implemented in Java and the other two are implemented in XSB Prolog. The result of this thesis is the ground for the paper “An architecture of a rational, reactive agent” by P. DellAcqua, M. Engberg, L.M. Pereira that has been submitted.

Technology

Agent

logic

ProLog

reactive

rational

Java

TEKNIKVETENSKAP

TECHNOLOGY

TEKNIKVETENSKAP

OOMatch: Pattern Matching as Dispatch in Java

Richard, Adam

January 2007

We present a new language feature, specified as an extension to Java. The feature is a form of dispatch, which includes and subsumes multimethods, but which is not as powerful as general predicate dispatch. It is, however, intended to be more practical and easier to use than the latter. The extension, dubbed OOMatch, allows method parameters to be specified as patterns, which are matched against the arguments to the method call. When matches occur, the method applies; if multiple methods apply, the method with the more specific pattern overrides the others. The pattern matching is very similar to that found in the "case" constructs of many functional languages, with an important difference: functional languages normally allow pattern matching over variant types (and other primitives such as tuples), while OOMatch allows pattern matching on Java ob jects. Indeed, the wider goal here is the study of the combination of functional and ob ject-oriented programming paradigms. Maintaining encapsulation while allowing pattern matching is of special importance. Class designers should have the control needed to prevent implementation details (such as private variables) from being exposed to clients of the class. We here present both an informal "tutorial" description of OOMatch, as well as a formal specification of the language, and a proof that the conditions specified guarantee run-time safety.

predicate dispatch

dynamic dispatch

pattern matching

multimethods

Java

Computer Science

Method-Specific Access Control in Java via Proxy Objects using Annotations

Zarnett, Jeffrey

January 2010

Partially restricting access to objects enables system designers to finely control the security of their systems. We propose a novel approach that allows granting partial access at method granularity on arbitrary objects to remote clients, using proxy objects. Our initial approach considers methods to be either safe (may be invoked by anyone) or unsafe (may be invoked only by trusted users). We next generalize this approach by supporting Role-Based Access Control (RBAC) for methods in objects. In our approach, a policy implementer annotates methods, interfaces, and classes with roles. Our system automatically creates proxy objects for each role, which contain only methods to which that role is authorized. This thesis explains the method annotation process, the semantics of annotations, how we derive proxy objects based on annotations, and how clients invoke methods via proxy objects. We present the advantages to our approach, and distinguish it from existing approaches to method-granularity access control. We provide detailed semantics of our system, in First Order Logic, to describe its operation. We have implemented our system in the Java programming language and evaluated its performance and usability. Proxy objects have minimal overhead: creation of a proxy object takes an order of magnitude less time than retrieving a reference to a remote object. Deriving the interface---a one-time cost---is on the same order as retrieval. We present empirical evidence of the effectiveness of our approach by discussing its application to software projects that range from thousands to hundreds of thousands of lines of code; even large software projects can be annotated in less than a day.

Access Control

Java

Proxy Object

Annotation

Security

Electrical and Computer Engineering

Object Histories in Java

Nair, Aakarsh

21 April 2010

Developers are often faced with the task of implementing new features or diagnosing problems in large software systems. Convoluted control and data flows in large object-oriented software systems, however, make even simple tasks extremely difficult, time-consuming, and frustrating. Specifically, Java programs manipulate objects by adding and removing them from collections and by putting and getting them from other objects' fields. Complex object histories hinder program understanding by forcing software maintainers to track the provenance of objects through their past histories when diagnosing software faults. In this thesis, we present a novel approach which answers queries about the evolution of objects throughout their lifetime in a program. On-demand answers to object history queries aids the maintenance of large software systems by allowing developers to pinpoint relevant details quickly. We describe an event-based, flow-insensitive, interprocedural program analysis technique for computing object histories and answering history queries. Our analysis technique identifies all relevant events affecting an object and uses pointer analysis to filter out irrelevant events. It uses prior knowledge of the meanings of methods in the Java collection classes to improve the quality of the histories. We present the details of our technique and experimental results that highlight the utility of object histories in common programming tasks.

Object histories

Java

Program understanding

static analysis

Electrical and Computer Engineering

Collection Disjointness Analysis in Java

Chu, Hang

January 2011

This thesis presents a collection disjointness analysis to find disjointness relations between collections in Java. We define the three types of disjointness relations between collections: must-shared, may-shared and not-may-shared. The collection- disjointness analysis is implemented following the way of a forward data-flow analysis using Soot Java bytecode analysis framework. For method calls, which are usually difficult to analyze in static analysis, our analysis provide a way of generating and reading annotations of a method to best approximate the behavior of the calling methods. Finally, this thesis presents the experimental results of the collection-disjointness analysis on several tests.

Collection Disjointness

Static Analysis

Java

Electrical and Computer Engineering