Computational geometry: an introduction
Computational geometry: an introduction
SIGMOD '86 Proceedings of the 1986 ACM SIGMOD international conference on Management of data
Query evaluation techniques for large databases
ACM Computing Surveys (CSUR)
Secure and portable database extensibility
SIGMOD '98 Proceedings of the 1998 ACM SIGMOD international conference on Management of data
Java security
On Finding the Maxima of a Set of Vectors
Journal of the ACM (JACM)
Software security and privacy risks in mobile e-commerce
Communications of the ACM
An operating system approach to securing e-services
Communications of the ACM
Art of Software Testing
The Iris Architecture and Implementation
IEEE Transactions on Knowledge and Data Engineering
Starburst Mid-Flight: As the Dust Clears
IEEE Transactions on Knowledge and Data Engineering
Proceedings of the 17th International Conference on Data Engineering
Don't Scrap It, Wrap It! A Wrapper Architecture for Legacy Data Sources
VLDB '97 Proceedings of the 23rd International Conference on Very Large Data Bases
Verteilte Metadatenverwaltung für die Anfragebearbeitung auf Internet-Datenquellen
Datenbanksysteme in Büro, Technik und Wissenschaft (BTW), 9. GI-Fachtagung,
ObjectGlobe: Ubiquitous query processing on the Internet
The VLDB Journal — The International Journal on Very Large Data Bases
Resource Control for Database Extensions
Resource Control for Database Extensions
An Open, Flexible, and Configurable System for Service Composition
WECWIS '00 Proceedings of the Second International Workshop on Advance Issues of E-Commerce and Web-Based Information Systems (WECWIS 2000)
Independence results in computer science
ACM SIGACT News
Structured programming
Hi-index | 0.00 |
Current developments show that tomorrow's information systems and applications will no longer be based on monolithic architectures that encompass all the functionality. Rather, the emerging need for distribution and quick adaptation to new requirements stemming from, e.g., virtual enterprises, demands distributed systems that can be extended dynamically to compose new services from existing software components. However, usage of mobile code introduces specific security concerns which a security system must be aware of. We present a comprehensive security architecture for extensible, distributed systems using the example of an Internet query processing service which can be extended by user-defined operators. Before an operator is actually used in queries for the first time, our OperatorCheck server validates its semantics and analyzes its quality. This is done semi-automatically using an oracle-based approach to compare a formal specification of an operator against its implementation. Further security measures are integrated into the query processing engine: during plan distribution secure communication channels are established, authentication and authorization are performed, and overload situations are avoided by admission control. During plan execution operators are guarded using Java's security model to prevent unauthorized resource access and leakage of data. The resource consumption of operators is monitored and limited with reasonable supplementary costs to avoid resource monopolization. We show that the presented security system is capable of executing arbitrary operators without risks for the executing host and the privacy and integrity of data. In the paper we will concentrate on the OperatorCheck server, as this server can itself be viewed as an e-service that can be used by developers and independent associations.