Monitoring, Security, and Dynamic Configuration with the dynamicTAO Reflective ORB Fabio Kon, Manuel...
-
Upload
melinda-higgins -
Category
Documents
-
view
216 -
download
0
Transcript of Monitoring, Security, and Dynamic Configuration with the dynamicTAO Reflective ORB Fabio Kon, Manuel...
Monitoring, Security, and Dynamic Configuration with the dynamicTAO
Reflective ORB
Fabio Kon, Manuel Roman, Ping Liu, Jina Mao, Tomonori Yamane, Luiz C. Magalhaes, and Roy H. Campbell
{f-kon,roy}@cs.uiuc.edu
Department of Computer ScienceUniversity of Illinois at Urbana-Champaign
http://choices.cs.uiuc.edu/2K/dynamicTAO
IFIP/ACM Middleware’2000 2
Introduction
Network Operating System:
Facilitate management in modern computing environments
Heterogeneity: embedded sys., PDAs, laptops, workstations
Dynamism: rapid software evolution, mobile users & computers
Users must maintain different accounts in each platform
GOAL: Facilitate management by building a middleware-level
operating system on top of this heterogeneous world
IFIP/ACM Middleware’2000 3
Requirements
Run on multiple hardware platforms
Run on top of different OSes
Support different programming languages
Support dynamism, late binding,
components
Solution: OMG IDL CORBA ORBs Standard CORBA Services
IFIP/ACM Middleware’2000 4
But There’s A Problem!
Conventional ORBs are static: Fixed threading model Fixed transport protocol: IIOP (over TCP/IP) Fixed security strategy (typically no security) Fixed scheduling
Inadequate for a wide range of applications: Multimedia Mobile Computing Adaptive Applications
IFIP/ACM Middleware’2000 5
Proposed Solution:Reflective ORB
Reflective Systems [Smith 84]
Meta-Object Protocol [Kiczales 91]
Reflective ORBs [Singhai and Campbell 97]
The ORB maintains a representation of its own internal structure and allows: Inspection Dynamic Reconfiguration
IFIP/ACM Middleware’2000 6
dynamicTAO
Built as an extension of the TAO ORB [Schmidt et al]
Written in C++ Modular design based on
object-oriented design patterns TAO already supported startup configuration,
configuration file specifies strategies for concurrency (threading model) request demultiplexing scheduling connection management
IFIP/ACM Middleware’2000 7
Adding Support for Dynamic Configuration
dynamicTAO exports an interface called DynamicConfigurator, supporting
1. Transfer of components across the distributed system
2. Loading and unloading components
3. Inspecting and modifying the configuration of the ORB (and of applications running on top it)
IFIP/ACM Middleware’2000 8
Reifying the ORB Structure
ComponentConfigurator framework
Stores inter-component dependencies
Allows browsing, inspection, and reconfiguration
Can be customized through inheritance
IFIP/ACM Middleware’2000 9
dynamicTAO Structure
IFIP/ACM Middleware’2000 10
DynamicConfiguratorIDL Interface
interface DynamicConfigurator
{
stringList list_categories ();
stringList list_implementations (in string categoryName);
stringList list_loaded_implementations ()
stringList list_hooks (in string componentName);
string get_hooked_comp (in string componentName,
in string hookName);
string get_comp_info (in string componentName);
. . .
IFIP/ACM Middleware’2000 11
Manage Component Implementations loaded in
memory
long load_implementation (in string categoryName,
in string impName,
in string params, ...);
void hook_implementation (in string loadedImpName,
in string componentName,
in string hookName);
void suspend_implementation (in string loadedImpName);
void resume_implementation (in string loadedImpName);
void remove_implementation (in string loadedImpName);
void configure_implementation (in string loadedImpName,
in string message);
IFIP/ACM Middleware’2000 12
Manage the ORB Persistent Component Repository
void upload_implementation (in string categoryName,
in string impName,
in implCode binCode);
void download_implementation (in string categoryName,
inout string impName,
out implCode binCode);
void delete_implementation (in string categoryName,
in string impName);
};
IFIP/ACM Middleware’2000 13
Example of Dynamic Configuration
1. myRemoteOrb->upload_implementation (“Security”, “superSAFE”, superSAFE_impl);
2. newSecurityStrategy = myRemoteOrb->load_implementation (“Security”, “superSAFE”);
3. oldSecurityStrategy = myRemoteOrb->get_hooked_comp (“dynamicTAO”, “Security_Strategy”);
4. myRemoteOrb->hook_implementation (newSecurityStrategy, “dynamicTAO”, “Security_Strategy”);
5. myRemoteOrb->remove_implementation (oldSecurityStrategy);
IFIP/ACM Middleware’2000 14
Consistency
Dynamic reconfiguration may break the consistency of the internal ORB engine.
Consistency must be ensured by the ORB developer and by the component developer.
Achieved by creating customized subclasses of the ComponentConfigurator class: TAOConfigurator Servant1Configurator MonitoringStrategyConfigurator ...
IFIP/ACM Middleware’2000 15
Example of ConsistentDynamic Reconfiguration
Concurrency strategies1. Reactive (single-threaded)2. Thread-per-Connection3. Thread-Pool
Switching from 1 or 2 to any other: OK Switching from Thread-Pool:
problematic
IFIP/ACM Middleware’2000 16
Implementing Reconfigurable ORB Components
Two major things to consider:1. Transferring the state from the old
component to the new component2. Making sure that no dangling references to
the old component remain
Must customize TAOConfigurator or strategy configurator (e.g.
ThreadPoolConfigurator)
IFIP/ACM Middleware’2000 17
Accessing the ORB Reconfiguration Interface
1. Local or remote code through IDL
2. Telnet
3. Java GUI
4. Reconfiguration Agents
IFIP/ACM Middleware’2000 18
DOCTORDynamic ORB Configuration Tool
IFIP/ACM Middleware’2000 19
Reconfiguration with Mobile Agents
Suitable for Large-Scale Systems
Agents may carry graph reconfiguration script state results
IFIP/ACM Middleware’2000 20
Applications of Reflective ORBs
Completed Prototypes: Flexible Object Monitoring Service Dynamic Security Service
Ongoing work: Multimedia applications CORBA File System
IFIP/ACM Middleware’2000 21
Monitoring Distributed Object Interactions
dynamicTAO shows how to adapt Applications also need to know when to
adapt
Monitoring Service: Can be dynamically loaded and unloaded No modifications in the applications Totally transparent to applications Uses the CORBA request-level interceptor [OMG98a]
IFIP/ACM Middleware’2000 22
Monitoring Service Architecture
IFIP/ACM Middleware’2000 23
Monitoring Service Overhead
String getHello (); Overhead:
when monitoring getHello: 10.1% with Monitoring Service on, but without
monitoring getHello: 2.0%
Ultra-2 Ultra-60
Client ServerFast Ethernet
IFIP/ACM Middleware’2000 24
Dynamic Security Service Prototype
Can be dynamically loaded and unloaded Uses
CORBA request-level interceps. for access control
Cherubim Security Framework [Campbell & Qian 98]
Java Active Capabilities flexible dynamic policies
implemented: DAC, MAC working on: RBAC, ABAC (?)
IFIP/ACM Middleware’2000 25
Related Work
Lancaster University [Blair et al 98] Python implementation of a Reflective ORB
AspectIX [Hauck et al 98] Configurable ORB using Aspect-Oriented
Programming
COMERA [Wang and Lee 98] Configurable COM middleware
IFIP/ACM Middleware’2000 26
Future and Ongoing Work
LegORB: a component-based reflective ORB select only the ORB functionality you need minimal configuration for client: 6KB
Implement a framework to support consistency in dynamic configuration: state transfer inter-component dependency management
IFIP/ACM Middleware’2000 27
Conclusions
dynamicTAO is a powerful mechanism for implementing non-functional ORB services
security monitoring communication mechanisms
clean separation of concerns, transparency
dynamic reconfiguration
adaptive applications
IFIP/ACM Middleware’2000 28
How to contact us
e-mail:
2K Web site:
http://choices.cs.uiuc.edu/2K
IFIP/ACM Middleware’2000 29
The 2K Architecture
IFIP/ACM Middleware’2000 30
Security Architecture
Java Active Capabilities
Flexible Security Policies
Caching of Authorization Decisions
Auditing
IFIP/ACM Middleware’2000 31
SwitchingThread-Pool Thread-per-Connection
(Example)
Problem 1: queued incoming connections waiting for a thread to execute them. Solution: encapsulated the queue in an object
and pass as an argument to the new strategy.
Problem2 : strategy code cannot be unloaded because threads return to it. Solution: ThreadPoolConfigurator that keeps
track of the threads handling client connections.
IFIP/ACM Middleware’2000 32
Future and Ongoing Work
Improve Security Service how to provide security for millions of
distributed objects efficiently?
Monitoring Service tools: Specify what should be monitored Visualize monitored data graphically
IFIP/ACM Middleware’2000 33
dynamicTAO Architecture