Search
Join ACM
Research and Advances
Architecture and Hardware Adaptive middleware

Challenges Designing Next-Generation Middleware Systems

This framework promises new classes of service, especially in terms of security, for policy-based development of distributed and collaborative applications.
By
Posted
  1. Introduction
  2. Framework
  3. Services and Protocols
  4. Conclusion
  5. References
  6. Author
  7. Footnotes
  8. Figures
  9. Sidebar: Policy-driven Middleware for Computer Supported Cooperative Work
  10. Figure

Modern middleware has roots in object-based distributed programming models [4] and actors [1] developed in the mid-1980s. Later, the need for component integration and interoperability across different operating systems motivated development of standardized interface definitions, protocols, and architectures, including the Object Management Group’s CORBA. More recently, Java and its related technologies, including JavaBeans, have provided a new set of powerful facilities for distributed programming using remote method invocation, code mobility, dynamic class loading, object serialization, and reflection. Yet another path to middleware development is motivated by meta-computing executing parallel programs on networked computers; results include Globus and other WAN-based middleware systems [6].

The requirement by many distributed applications for new classes of service from next-generation middleware architectures is driven by four factors:

  • The increasing importance of component integration, as opposed to programming;
  • New paradigms for distributed computing based on mobile code and mobile agent technologies;
  • Development of context-aware smart environments [9]; and
  • Multimedia-based real-time interactions in groupware and collaboration systems.

To address the increasingly complex requirements in building and managing distributed applications, next-generation middleware systems are being designed to support policy-driven integration of application-level components with system-level services and resources. The policies are defined by application developers as well as by system administrators. Security is another area of concern; security requirements in distributed applications are increasingly complex because of the need to integrate components across administrative domains and the mobility of users and components in open systems. An application spanning multiple autonomous administrative domains further complicates policy enforcement.

The conceptual framework described here involves middleware architectures to support policy-based development of distributed applications.

Back to Top

Framework

Distributed applications’ nonfunctional requirements are related to the application’s quality-of-service (QoS). The traditional notion of QoS largely pertains to performance measures like throughput and latency. A more general view of QoS includes reliability, availability, security, debugging support, real-time guarantees, and synchronization of data streams in multimedia delivery. Middleware structures for implementing complex policies related to these aspects of QoS require mechanisms based on meta-level reflection, aspect orientation, and QoS-based allocation of underlying network- and operating-system-level resources.

The figure outlines a conceptual framework for an application’s policy-driven deployment by middleware. The middleware consists of a set of services; the most common include: name service, resource directories, discovery protocols, resource-access protocols, public-key certification, key management, and event notification. A middleware platform may be designed for a specific class of applications for which it provides certain specialized services. For example, middleware for a computer supported cooperative work (CSCW) application may provide services for role management and role-based security policy administration.

In the framework, integration of distributed components is expressed in terms of a formal specification of requirements for coordination, security, reliability, performance, and event logging for auditing and debugging. These requirements are represented as different aspects of an application. For each such aspect, appropriate policy modules are specified or derived from the requirements. From the policy modules, the middleware constructs appropriate policy-enforcement mechanisms, integrating them with application components and system services using meta-level protocols; these protocols support component integration using reflection, aspect management, and QoS-based resource allocation.

Policy-driven middleware requires techniques to validate policies for any conflicts, derivation of suitable policy-enforcement mechanisms, and secure installation of these mechanisms in a distributed system. This approach is exemplified in my research group’s work on middleware for secure distributed collaborations (see the sidebar “Policy-driven Middleware for Computer Supported Cooperative Work”).

Reflection. Reflection allows a system to examine or alter its behavior by manipulating a set of meta-objects encapsulating its implementation-level representation. Reflection provides the mechanisms for enforcing application-specific policies in the framework. Reflection by middleware services for QoS and fault tolerance has been demonstrated by several researchers [2, 3]; for example, the middleware design in [3] uses reflection for altering the protocols stack of a communication system; the middleware design in [2] uses reflection for defining customizable communication protocols and resource access for a group of distributed components.

QoS requirements and aspect management. QoS requirements need to be presented to the middleware as part of an application’s policy modules. The policies indicate acceptable QoS for an aspect under a given set of conditions. The middleware needs specific mechanisms for managing the QoS requirements for each aspect. In general, all such mechanisms require configuration and control of end-to-end components, middleware services, and underlying network/operating-system-level resources.

The policy-enforcement mechanisms in the figure are generated by the middleware and interfaced with both the application-defined components and the system services. Certain QoS mechanisms may require control over the allocation of system-level resources. For example, end-to-end QoS in a multimedia application requires network-level mechanisms, such as the RSVP protocol, as exemplified by the QuO middleware [7], and real-time scheduling by the underlying operating system kernel [10]. Similarly, the requirement of a desired level of availability of an application’s data might involve replication at various nodes that were selected based on their observed uptime.

The system-defined administrative policies for resource allocation dominate application-defined policies. Mechanisms are required for monitoring underlying system-level resources, as well as application-level components, and resource management decisions may need to be changed when certain events occur.

Back to Top

Services and Protocols

Deviating from the network-transparency model, next-generation middleware architectures have to expose to the programmer the distribution and other characteristics of network resources. I therefore emphasize the following services for emerging applications and how they need to be orchestrated by the middleware.

Event notification. Event service is a core component of middleware for dynamic environments. The publisher-subscriber model is a commonly adopted paradigm for event services. Policy-driven middleware must support the following requirements:

  • Integration of application-defined security policies for event dissemination; and
  • Definition of application-directed policies for event aggregation, correlation, and filtering.

Context-aware computing. The need for middleware support for context-aware applications is motivated by several factors. First, an adaptive service may sense the execution context and environment of its client, then select an appropriate set of protocols according to the specified policies. For example, if a client is executing on a resource-limited device through a low-bandwidth link, it may use a simple protocol of interaction and information presentation. Second, there is a growing trend in the research community toward building smart systems able to take proactive actions for users. For example, for mobile users, the system might anticipate or detect that they would be moving to another location and copy or move their data to nodes closer to the new location. Such proactive actions have to be based on user profiles and specified policies.

Device mobility and resource discovery. Middleware support for mobile users and devices in the form of wearable computers and handhelds is an important research area for future computing environments. Resource-discovery protocols, such as UPnP and Bluetooth, are designed for ad hoc networking of wireless devices, whereas Sun Microsystems’ Jini performs discovery of components through Java interfaces. These devices need to discover, address, and communicate with one another to obtain descriptions of their functions and services; a rich set of description methods is needed for this purpose. The resource-discovery protocols may also need to interface with the event service. More importantly, such ad hoc networking protocols have to function within the restrictions imposed by each networked application’s security policies.

Mobility of objects and agents. The mobility of objects, particularly those representing active components, provides new paradigms for structuring distributed applications. Mobile objects and agents can be used in different ways, including:

  • Perform remote operations asynchronously in distributed applications;
  • Support system administration tasks, including the upgrading of middleware services, and composing new services by integrating mobile components; and
  • Support the mobility of mobile users’ computing environments.

Several Java-based mobile-agent programming platforms have emerged in recent years to address these needs [11]. Mobile agents raise two important security problems: protecting host resources from malicious agents and protecting agents from attacks by malicious hosts. The first is addressed by several systems using Java’s security architecture; enforcement of resource-consumption limits on agents is an issue requiring further research. In regard to agent protection, mechanisms are available for detecting any tampering of an individual agent’s state or use of “stolen” credentials [11]; further research is needed in mechanisms to detect the tampering of an agent’s code by a malicious host.

Inter-agent communication is another area requiring further investigation. An agent’s use of network resources is subject to the remote host’s security policies. Moreover, support for authenticated inter-agent communication requires distributed trust models, as an agent cannot carry with it any secret keys for a challenge-response-based protocol.

Security services. The functions of a security service go beyond key management and authentication. Policy-enforcement mechanisms have to be distributed and interfaced with the components in a secure manner, and middleware support is required to update them securely, as policies tend to be dynamic in modern applications. Security requirements also influence other services in the system. Moreover, in regard to underlying resources, security requirements might be specified, such as by anointing certain nodes as untrusted and prohibiting the system from storing the application’s data on them. An important area for further research is development of distributed trust models and their policy-based integration with applications.

Back to Top

Conclusion

Increasingly complex QoS requirements in distributed applications require policy-driven middleware services. Dynamic security requirements, user and component mobility, ad hoc networking of devices, and context-aware computing pose new challenges motivating this approach.

Back to Top

Back to Top

Back to Top

Back to Top

Figures

UF1 Figure. A framework for policy-based middleware architectures.

Back to Top

Sidebar: Policy-driven Middleware for Computer Supported Cooperative Work

Middleware systems for CSCW environments are representative of application-oriented architectures. The fundamental and traditional design concerns in these systems include the sharing of data, coordination of user activities, and enforcement of security. Security requires enforcing policies for the confidentiality and integrity of shared objects. Security and coordination are often codependent in collaboration environments.

Middleware support is crucial in building future-generation CSCW systems using policy-based approaches. Our current work at the University of Minnesota on designing policy-based middleware [12] for CSCW applications strongly contrasts with ad hoc integration of components.

The specification for a CSCW environment identifies shared objects and their functions, along with rules for coordinating user tasks. In a secure environment, the programmer needs to specify user privileges and access-control policies. The notion of user roles, where a role represents the privileges needed to execute a set of tasks is important in decoupling these specifications from specific user identities that may be unknown at the time a CSCW environment is designed. The programmer also needs to specify policies for admitting participants into the environment.

Given a specification of a collaboration system, the function of policy-driven middleware is to construct the runtime environment from the specified policies. This specification accommodates the dynamic nature of CSCW systems; it also decouples the policies from the functionality of the shared objects. Therefore, a system can be reconfigured quickly to realize any desired changes in policies. The Collaborative Objects Coordination Architecture (COCA) [8] and the Describing Collaborative Work Programming Language (DCWPL) [5] represent early examples of building CSCW environments from high-level specifications, though these systems do not provide adequate support for building secure environments.

In our work, a policy-driven collaboration system is realized in three steps, outlined in the figure. Initially, the coordination and security policy for a collaboration is specified based on a schema expressed in XML. In the schema, an activity definition specifies a generic collaboration pattern in a set of roles using some shared objects. An activity defines a protection domain and a scope for the roles, objects, and privileges. More important, an activity definition works like a template, facilitating the specification of a system’s runtime behavior based on object types and roles. Any number of instances of this activity can be dynamically and concurrently instantiated. From the specification, various policy modules are derived for different kinds of requirements, such as role management, role-based access control, object-level access control, and event notification for coordination. Finally, these modules are integrated with appropriate objects and services, such as object servers and role managers, to enforce the desired policies.

Constructing policy-driven middleware involves two notable challenges: creating a specification model to express policies for security and coordination in distributed collaborations; and establishing secure enforcement of the policies. Our specification model [12] supports nested collaboration activities using role-based security policies and event-based coordination. Mechanisms are provided for secure distribution and enforcement of policies in distributed environments.

UF1-2 Figure. An approach to building CSCW systems using policy-driven middleware.

    1. Agha, G. Actors: A Model of Concurrent Computation in Distributed Systems. MIT Press, Cambridge, MA, 1986.

    2. Astley, M., Sturman, D., and Agha, G. Customizable middleware for modular distributed software. Commun. ACM 44, 5 (May 2001), 99–107.

    3. Blair, G., Coulson, G., Robin, P., and Papathomas, M. An architecture for next-generation middleware. In Proceedings of the IFIP International Conference on Distributed Systems Platforms and Open Distributed Processing (Middleware'98), N. Davies, K. Raymond, and J. Seitz, Eds. (The Lake District, U.K., Sept.). Springer-Verlag, 1998, 191–206.

    4. Chin, R. and Chanson, S. Distributed object-based programming systems. ACM Comput. Surv. (Mar. 1991), 91–124.

    5. Cortes, M. and Mishra, P. DCWPL: A programming language for describing collaborative work. In Proceedings of ACM CSCW'96 (Boston, Nov.). ACM Press, New York, 1996, 21–29.

    6. Foster, I. and Kesselman, C. Globus: A metacomputing infrastructure toolkit. Intl. J. Supercomp. Appli. 11, 2 (summer 1997), 115–128.

    7. Krishnamurthy, Y., Kachroo, V., Karr, D., Rodrigues, C., Loyall, J., Schantz, R., and Schmidt, D. Integration of QoS-enabled distributed object computing middleware for developing next-generation distributed applications. In Proceedings of the ACM SIGPLAN Workshop on Optimization of Middleware and Distributed Systems (Snowbird, UT, June 18, 2001).

    8. Li, D. and Muntz, R. COCA: Collaborative Objects Coordination Architecture. In Proceedings of ACM CSCW'98 International Conference on Computer Supported Cooperative Work (Seattle, Nov. 1998), 179–188.

    9. Satyanarayanan, M. Pervasive computing: Vision and challenges. IEEE Pers. Commun. 8, 4 (Aug. 2001), 10–17.

    10. Schmidt, D. and Kuhns, F. An overview of the real-time CORBA specification. IEEE Comput. 33, 6 (June 2000), 56–63.

    11. Tripathi, T., Ahmed, T., and Karnik, N. Experiences and future challenges in mobile agent programming. Microproc. Microsyst. 25, 2 (Apr. 2001), 121–129.

    12. Tripathi, T., Ahmed, T., Kumar, R., and Jaman, S. Design of a policy-driven middleware for secure collaborations. In Proceedings of the IEEE International Conference on Distributed Computing Systems (Vienna, Austria, July 2–5). IEEE Press, Los Alamitos, CA, 2002.

    This work is supported by U.S. National Science Foundation Grant 0082215.

Author

Anand Tripathi (tripathi@cs.umn.edu) is a professor in the Department of Computer Science of the University of Minnesota, Minneapolis.

Submit an Article to CACM

CACM welcomes unsolicited submissions on topics of relevance and value to the computing community.

You Just Read

Challenges Designing Next-Generation Middleware Systems

View in the ACM Digital Library

©2002 ACM  0002-0782/02/0600  $5.00

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. To copy otherwise, to republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee.

The Digital Library is published by the Association for Computing Machinery. Copyright © 2002 ACM, Inc.

DOI

10.1145/508448.508471

June 2002 Issue

Published: June 1, 2002

Vol. 45 No. 6

Pages: 39-42

Table of Contents

Related Reading

Advertisement

Advertisement

Join the Discussion (0)

Become a Member or Sign In to Post a Comment

The Latest from CACM

Explore More

Shape the Future of Computing

ACM encourages its members to take a direct hand in shaping the future of the association. There are more ways than ever to get involved.

Get Involved

Communications of the ACM (CACM) is now a fully Open Access publication.

By opening CACM to the world, we hope to increase engagement among the broader computer science community and encourage non-members to discover the rich resources ACM has to offer.

Learn More