monitoring, security, and dynamic configuration with the dynamictao reflective orb fabio kon, manuel...

Monitoring, Security, and Dynamic Configuration with the dynamicTAO

Reflective ORB

Fabio Kon, Manuel Roman, Ping Liu, Jina Mao, Tomonori Yamane, Luiz C. Magalhaes, and Roy H. Campbell

{f-kon,roy}@cs.uiuc.edu

Department of Computer ScienceUniversity of Illinois at Urbana-Champaign

http://choices.cs.uiuc.edu/2K/dynamicTAO

IFIP/ACM Middleware’2000 2

Introduction

Network Operating System:

Facilitate management in modern computing environments

Heterogeneity: embedded sys., PDAs, laptops, workstations

Dynamism: rapid software evolution, mobile users & computers

Users must maintain different accounts in each platform

GOAL: Facilitate management by building a middleware-level

operating system on top of this heterogeneous world


Requirements

Run on multiple hardware platforms

Run on top of different OSes

Support different programming languages

Support dynamism, late binding,

components

Solution: OMG IDL CORBA ORBs Standard CORBA Services


But There’s A Problem!

Conventional ORBs are static: Fixed threading model Fixed transport protocol: IIOP (over TCP/IP) Fixed security strategy (typically no security) Fixed scheduling

Inadequate for a wide range of applications: Multimedia Mobile Computing Adaptive Applications


Proposed Solution:Reflective ORB

Reflective Systems [Smith 84]

Meta-Object Protocol [Kiczales 91]

Reflective ORBs [Singhai and Campbell 97]

The ORB maintains a representation of its own internal structure and allows: Inspection Dynamic Reconfiguration


dynamicTAO

Built as an extension of the TAO ORB [Schmidt et al]

Written in C++ Modular design based on

object-oriented design patterns TAO already supported startup configuration,

configuration file specifies strategies for concurrency (threading model) request demultiplexing scheduling connection management


Adding Support for Dynamic Configuration

dynamicTAO exports an interface called DynamicConfigurator, supporting

1. Transfer of components across the distributed system

2. Loading and unloading components

3. Inspecting and modifying the configuration of the ORB (and of applications running on top it)


Reifying the ORB Structure

ComponentConfigurator framework

Stores inter-component dependencies

Allows browsing, inspection, and reconfiguration

Can be customized through inheritance


dynamicTAO Structure


DynamicConfiguratorIDL Interface

interface DynamicConfigurator

{

stringList list_categories ();

stringList list_implementations (in string categoryName);

stringList list_loaded_implementations ()

stringList list_hooks (in string componentName);

string get_hooked_comp (in string componentName,

in string hookName);

string get_comp_info (in string componentName);

. . .


Manage Component Implementations loaded in

memory

long load_implementation (in string categoryName,

in string impName,

in string params, ...);

void hook_implementation (in string loadedImpName,

in string componentName,

in string hookName);

void suspend_implementation (in string loadedImpName);

void resume_implementation (in string loadedImpName);

void remove_implementation (in string loadedImpName);

void configure_implementation (in string loadedImpName,

in string message);


Manage the ORB Persistent Component Repository

void upload_implementation (in string categoryName,

in string impName,

in implCode binCode);

void download_implementation (in string categoryName,

inout string impName,

out implCode binCode);

void delete_implementation (in string categoryName,

in string impName);

};


Example of Dynamic Configuration

1. myRemoteOrb->upload_implementation (“Security”, “superSAFE”, superSAFE_impl);

2. newSecurityStrategy = myRemoteOrb->load_implementation (“Security”, “superSAFE”);

3. oldSecurityStrategy = myRemoteOrb->get_hooked_comp (“dynamicTAO”, “Security_Strategy”);

4. myRemoteOrb->hook_implementation (newSecurityStrategy, “dynamicTAO”, “Security_Strategy”);

5. myRemoteOrb->remove_implementation (oldSecurityStrategy);


Consistency

Dynamic reconfiguration may break the consistency of the internal ORB engine.

Consistency must be ensured by the ORB developer and by the component developer.

Achieved by creating customized subclasses of the ComponentConfigurator class: TAOConfigurator Servant1Configurator MonitoringStrategyConfigurator ...


Example of ConsistentDynamic Reconfiguration

Concurrency strategies1. Reactive (single-threaded)2. Thread-per-Connection3. Thread-Pool

Switching from 1 or 2 to any other: OK Switching from Thread-Pool:

problematic


Implementing Reconfigurable ORB Components

Two major things to consider:1. Transferring the state from the old

component to the new component2. Making sure that no dangling references to

the old component remain

Must customize TAOConfigurator or strategy configurator (e.g.

ThreadPoolConfigurator)


Accessing the ORB Reconfiguration Interface

1. Local or remote code through IDL

2. Telnet

3. Java GUI

4. Reconfiguration Agents


DOCTORDynamic ORB Configuration Tool


Reconfiguration with Mobile Agents

Suitable for Large-Scale Systems

Agents may carry graph reconfiguration script state results


Applications of Reflective ORBs

Completed Prototypes: Flexible Object Monitoring Service Dynamic Security Service

Ongoing work: Multimedia applications CORBA File System


Monitoring Distributed Object Interactions

dynamicTAO shows how to adapt Applications also need to know when to

adapt

Monitoring Service: Can be dynamically loaded and unloaded No modifications in the applications Totally transparent to applications Uses the CORBA request-level interceptor [OMG98a]


Monitoring Service Architecture


Monitoring Service Overhead

String getHello (); Overhead:

when monitoring getHello: 10.1% with Monitoring Service on, but without

monitoring getHello: 2.0%

Ultra-2 Ultra-60

Client ServerFast Ethernet


Dynamic Security Service Prototype

Can be dynamically loaded and unloaded Uses

CORBA request-level interceps. for access control

Cherubim Security Framework [Campbell & Qian 98]

Java Active Capabilities flexible dynamic policies

implemented: DAC, MAC working on: RBAC, ABAC (?)


Related Work

Lancaster University [Blair et al 98] Python implementation of a Reflective ORB

AspectIX [Hauck et al 98] Configurable ORB using Aspect-Oriented

Programming

COMERA [Wang and Lee 98] Configurable COM middleware


Future and Ongoing Work

LegORB: a component-based reflective ORB select only the ORB functionality you need minimal configuration for client: 6KB

Implement a framework to support consistency in dynamic configuration: state transfer inter-component dependency management


Conclusions

dynamicTAO is a powerful mechanism for implementing non-functional ORB services

security monitoring communication mechanisms

clean separation of concerns, transparency

dynamic reconfiguration

adaptive applications


How to contact us

e-mail:

[email protected]

2K Web site:

http://choices.cs.uiuc.edu/2K


The 2K Architecture


Security Architecture

Java Active Capabilities

Flexible Security Policies

Caching of Authorization Decisions

Auditing


SwitchingThread-Pool Thread-per-Connection

(Example)

Problem 1: queued incoming connections waiting for a thread to execute them. Solution: encapsulated the queue in an object

and pass as an argument to the new strategy.

Problem2 : strategy code cannot be unloaded because threads return to it. Solution: ThreadPoolConfigurator that keeps

track of the threads handling client connections.


Future and Ongoing Work

Improve Security Service how to provide security for millions of

distributed objects efficiently?

Monitoring Service tools: Specify what should be monitored Visualize monitored data graphically


dynamicTAO Architecture

monitoring, security, and dynamic configuration with the dynamictao reflective orb fabio kon, manuel...

Documents

string componentname

string hookname string

string params

string impname

string hookname void

void hook

categories stringlist

configuration file