Discretionary Access in Remote Method Invocation

This project consist in the implementation of an object oriented middleware that allows the application developer to regulate the use of individual remote methods by means of access control lists. Such platform has been implemented as an instance of Arcademis, a framework for middleware development. The objective of this case study is twofold. Firstly, to demonstrate how frameworks and design patterns can be synergistically combined in order to facilitate the implementation of distributed software. Secondly, to point similarities between the architecture of object oriented middleware, such as Java RMI, and distributed authentication systems, such as Kerberos, in order to argue that discretionary access control can be added to the commercial middleware platforms as a natural extension of the remote method invocation paradigm.

Download it This manuscript describes the implementation of SaMi, a middleware platform that provides discretionary access control to a remote method invocation service.
Download it This file contains several bibtex entries on papers about middleware development and computational security.
Download it This file contains the implementation of SaMi. The implementation of this middleware is divided in two main packages: Arcademis, and RME. The former contains the definition of interfaces and abstract classes used in the project of SaMi. The latter contains the implementation of SaMi classes. The components designed exclusively for the security layer are in two packages: arcademis.security and rme.security. Besides these, the security name server is implemented in rme.SNService, and the generator of stubs and skeletons is implemented in rme.Scompiler. SaMi uses gnu-crypto to implement the cryptographic algorithms. In order to compile and run it, you must download the file gnu-crypto.jar in the home page of the GNU Crypto project.
Download it This file contains the implementation of several example applications based in the SaMi middleware. In order to generate keys, and bind them to the name server, use the utility tools in rme.utilities.

SaMi based applications can be executed in the same computer, or in separate hosts. Each application consist of at least three independent processes: the discovery agency, one or more service providers, and one or more client applications. When SaMi applications are executed across different hosts, URL can be specified in the command line. In this example, assume that all the downloaded files are stored in the directory /SaMi. In order to run the conference application, described in the Technical Report, you can follow these steps:
  1. start the name server:
    java -classpath .:SaMi:SaMi/gnu-crypto.jar rme.SNService.NameServer
  2. start the service provider:
    java -classpath .:SaMi:SaMi/gnu-crypto.jar Server
  3. write a new key:
    java -classpath .:SaMi:SaMi/gnu-crypto.jar KeyWriter keys/Rhyme.txt Rhyme
  4. bind the new key in the name server:
    java -classpath .:SaMi:SaMi/gnu-crypto.jar KeyBinder keys/Rhyme.txt
  5. start the client:
    java -classpath .:SaMi:SaMi/gnu-crypto.jar Client keys/Rhyme.txt
Write to me

Última atualização: 12 de Novembro 2005.

Last update: November 12th, 2005.