• About ISSO
• Research Areas
• Projects
• Finished Projects and Archive
• Opensource Projects

Finished Projects

Secure Execution Environments

DTE For Distributed Object Control

We will extend our current base of DTE technology so that it can be integrated and exploited in the distributed object management architectures identified in the study task above. This will involve developing new object-oriented DTE facilities that can be incorporated in application-layer components as well as operating systems and can provide unified access control throughout a heterogeneous distributed system.

Technical Approach
Our current Mach-based DTE prototype attaches type attributes to network messages and mediates the ability of processes in different domains to send and receive messages of different types. This approach views interfaces between subsystems as consisting of individual messages. In addition, it requires that a distributed system be homogeneous with respect to the host operating systems used. Although this approach represents an important first step in extending DTE to distributed systems, it is not well-suited for supporting heterogeneous object-oriented systems. We will improve DTE technology for that purpose incrementally via the following steps.

1. Object-Oriented
First, DTEL will be enhanced to support object-oriented styles of designing applications. We will develop a new variant of DTEL, DTEL-C, that borrows selected object-oriented constructs from the CORBA IDL. For example, DTEL-C may allow type attributes to be attached to parameters and identifiers associated with object methods instead of individual messages and allow domain definitions to be specified via inheritance of potential access rights from other domains. CORBA IDL constructs for name scoping (e.g., the Module and Interface constructs) may also be adopted to improve the readability and understandability of DTE policies involving large numbers of domains and types. By providing such features, DTEL-C will facilitate writing DTE-aware applications in the style of CORBA and will bring into our ongoing DTE research state-of-the-art concepts in distributed computing. Initially, we will integrate the DTEL-C language processor into our existing DTE prototype UNIX system. Although this step will not by itself transform the DTE prototype into a CORBA-compliant system (e.g., no ORB or Interface Repository will be provided), it will provide an excellent opportunity to explore the interaction between DTE and CORBA IDL concepts in a controlled and familiar testbed.

2. Multiple Architectures
Second, a version of the DTEL-C processor will be developed that can be used in a variety of other distributed security architectures, including a subset of the CORBA-compliant architectures identified in the architecture study task above. The DTEL-C processor for multiple architectures will produce code and data structures that can be easily linked into components belonging to operating systems, application layers, or the communications infrastructure. In a CORBA-compliant system, these components may correspond to ORBs, object adapters, object managers, inter-ORB gateways, or other kinds of entities. This processor will generate coordinated, linkable libraries that can be incorporated into a collection of runtime entities that cooperate to enforce systemwide access control policies uniformly within a distributed environment. Based on expected progress from our currently funded research on dynamic policies, we will build additional mechanisms so that these policy-enforcing entities can automatically notify each other of policy changes and protect and synchronize their policies. With these facilities, it should be possible to achieve uniform access control in a heterogeneous environment in which some hosts are managed by DTE enhanced operating systems, e.g., DTE-enhanced UNIX, while other hosts run existing commercial operating systems and provide coordinated DTE at the application level. Furthermore, since a DTE-enhanced operating system personality may run on top of TMach, the resulting technology can provide a common framework for interoperable single-level access control among a distributed trusted system and other untrusted networked systems.

3. Full-fledged CORBA IDL
Third, to explore the integration of DTE and CORBA more fully, we will go beyond adding selected IDL constructs to DTEL; we will add selected DTEL constructs to full-fledged CORBA IDL and implement a DTE-enhanced IDL compiler. The University of Utah's IDL toolkit is a potential base for doing this. Alternatively, we may construct an IDL preprocessor that translates DTEL statements into standard CORBA IDL statements that can be fed into any CORBA-compliant IDL compiler.

4. Integrated System
Finally, to validate the practicality and usefulness of these techniques, we will construct and demonstrate an integrated system based on a commercial CORBA product. This system will contain enhanced CORBA components that constrain object accesses in accordance with DTE restrictions specified in enhanced CORBA IDL.

To obtain feedback and ensure that these research efforts remain well-grounded in an awareness of the latest thinking in the CORBA community, we will attend and actively participate in meetings of the CORBA Security Working Group.