A Single Sign-On Infrastructure for Science Gateways on a Use Case for Structural Bioinformatics

Structural bioinformatics applies computational methods to analyze and model three-dimensional molecular structures. There is a huge number of applications available to work with structural data on large scale. Using these tools on distributed computing infrastructures (DCIs), however, is often complicated due to a lack of suitable interfaces. The MoSGrid (Molecular Simulation Grid) science gateway provides an intuitive user interface to several widely-used applications for structural bioinformatics, molecular modeling, and quantum chemistry. It ensures the confidentiality, integrity, and availability of data via a granular security concept, which covers all layers of the infrastructure. The security concept applies SAML (Security Assertion Markup Language) and allows trust delegation from the user interface layer across the high-level middleware layer and the Grid middleware layer down to the HPC facilities. SAML assertions had to be integrated into the MoSGrid infrastructure in several places: the workflow-enabled Grid portal WS-PGRADE (Web Services Parallel Grid Runtime and Developer Environment), the gUSE (Grid User Support Environment) DCI services, and the cloud file system XtreemFS. The presented security infrastructure allows a single sign-on process to all involved DCI components and, therefore, lowers the hurdle for users to utilize large HPC infrastructures for structural bioinformatics.     

Security at the Internet layer

The Internet Engineering Task Force is standardizing security protocols (IPsec protocols) that are compatible with IPv6 and can be retrofitted into IPv4. The protocols are transparent to both applications and users and can be implemented without modifying application programs. The current protocol versions were published as Internet drafts in March 1998. The article overviews the proposed security architecture and the two main protocols-the IP Security Protocol and the Internet Key Management Protocol-describes the risks they address, and touches on some implementation requirements. IPsec's major advantage is that it can provide security services transparently to both applications and users. Also, the application programs using IPsec need not be modified in any way. This is particularly important when securing application programs that are not available in source code, which is common today. This transparency sets IPsec apart from security protocols that operate above the Internet layer. At present, IPsec is likely to be used in conjunction with and complemented by other security technologies, mechanisms, and protocols. Examples include firewalls and strong authentication mechanisms for access control, and higher layer security protocols for end-to-end communication security. In the near future, however, as virtual private networking and corporate intranets and extranets mature, IPsec is likely to be deployed on a larger scale     

分布式工作流执行服务的设计与实现

工作流执行服务的实现方案是实施工作流技术最为关键的一个方面,工作流管理系统的应用特点决定了它必须与各种分布的、异构的应用进行通信或与其集成。为了给用户提供透明的工作流执行服务而隐藏工作流执行服务实现的复杂性,文章提出了一种具有三层层次结构的工作流执行服务实现方案,其中的分布式通信服务层由通信中间件实现,使开发者无需关心程序间通信的复杂性,从而将精力放在解决业务问题和优化业务逻辑方面,提高了应用开发的效率。     

基于短消息的数字证书状态发布系统的研究

在任何一个基于公钥基础设施的安全应用系统中,数字证书的验证对保证系统的安全具有至关重要的作用。简要描述了因特网中通过OCSP进行在线证书状态查询的方法,说明了目前加密手机无法像因特网一样进行在线数字证书状态查询的原因,提出了一种基于短消息的数字证书撤销状态发布方案,有效地解决了无线环境中的数字证书状态验证问题,提高了加密手机的安全水平。     

基于Expect数字证书自动签发设计和实现

数字证书是以网络为平台的各种应用的重要安全基础,证书签发是网络应用安全机制的开始和核心工作之一。证书签发的自动化受限于网络服务中间件和安全中间件的部署、衔接和兼容,目前还没有非常完善的证书自动化签发技术框架。本文以OpenSSL中的证书自动化签发为例,提出了一种证书自动签发的技术框架,基于Expect语言设计了一个证书自动化签发的原型,进行了验证性相关实验。     

Intelligent service processing in common USN middleware

The Ubiquitous sensor network (USN) is composed of several heterogeneous sensors with a variety of characteristics. An application based on the sensor network also has various requirements to provide services to users. Therefore it is important to develop the common USN middleware for flexible integration between the sensor networks and applications. Especially, this paper focuses on intelligent service management which is one of the main functions of USN middleware. Several applications in the sensor network environment support not only monitoring services, but also sensor-based context-awareness and intelligent services. In many applications, however, approaches to support intelligent services depend on the application because the standard method has been undefined yet. Therefore this paper proposes a common method for processing intelligent services in USN middleware independent of an application. The proposed method is implemented and evaluated as a component of USN middleware.     

基于ALOAF的分布式构件库框架模型

软件复用是解决软件危机的重要手段,构件库是软件复用的重要的技术支撑之一,为了进一步提高构件重用的可能性和效率,支持构件库的分布式访问,提出了基于ALOAF模型和CORBA技术的分布式构件库框架模型。文中讨论了开放体系结构的构件库框架(ALOAF)、CORBA技术和基于ALOAF分布式构件库框架模型的层次结构,并给出了基于中介服务器该模型的一种实现方案。在此基础上,以VisiBroker中间件和ORACLE数据库为支撑,采用JBUILDER9开发工具,开发了一个分布式构件库原型系统,验证了分布式构件库实现方案的可行性和有效性。     

一种消息中间件安全接口的研究与实现

中间件平台提供的程序接口定义了一个相对稳定的高层应用环境，本文研究了利用安全中间件技术来屏蔽安全的复杂性．实现消息中间件的各种安全服务，同时探讨了消息中间件在网络层安全连接、传输层数据处理、API层数据处理等相关的安全技术及接口的研究与实现。     

Constructing Geographic Digital Libraries using a Hypermedia Framework

This paper presents an object oriented hypermedia database framework for designing and building digital libraries, which are treated as enhanced hypermedia applications. It is based on combining and extending results from two domains: the navigation characteristics of hypertext systems, and the view mechanism and the persistent storage management facility of an object oriented database management system. As a result, users can alternate between two integrated types of interaction modes. The hypertext dimension of the framework allows navigation via static and dynamic hyperlinks; the object oriented database support enables querying by content and metadata management. The framework includes still a digital library design methodology that guides the implementation of digital libraries over the OODBMS. This proposal integrates hypermedia and DL concepts to a database environment, being instantiated on the realm of geographic data.     

Design of scalable Java message-passing communications over InfiniBand

This paper presents ibvdev a scalable and efficient low-level Java message-passing communication device over InfiniBand. The continuous increase in the number of cores per processor underscores the need for efficient communication support for parallel solutions. Moreover, current system deployments are aggregating a significant number of cores through advanced network technologies, such as InfiniBand, increasing the complexity of communication protocols, especially when dealing with hybrid shared/distributed memory architectures such as clusters. Here, Java represents an attractive choice for the development of communication middleware for these systems, as it provides built-in networking and multithreading support. As the gap between Java and compiled languages performance has been narrowing for the last years, Java is an emerging option for High Performance Computing (HPC). The developed communication middleware ibvdev increases Java applications performance on clusters of multicore processors interconnected via InfiniBand through: (1) providing Java with direct access to InfiniBand using InfiniBand Verbs API, somewhat restricted so far to MPI libraries; (2) implementing an efficient and scalable communication protocol which obtains start-up latencies and bandwidths similar to MPI performance results; and (3) allowing its integration in any Java parallel and distributed application. In fact, it has been successfully integrated in the Java messaging library MPJ Express. The experimental evaluation of this middleware on an InfiniBand cluster of multicore processors has shown significant point-to-point performance benefits, up to 85% start-up latency reduction and twice the bandwidth compared to previous Java middleware on InfiniBand. Additionally, the impact of ibvdev on message-passing collective operations is significant, achieving up to one order of magnitude performance increases compared to previous Java solutions, especially when combined with multithreading. Finally, the efficiency of this middleware, which is even competitive with MPI in terms of performance, increments the scalability of communications intensive Java HPC applications.     

Eco System: an Internet commerce architecture

Robust electronic commerce will require several proprietary systems to interoperate. CommerceNet is proposing Eco System, a cross industry effort to build a framework of frameworks, involving both e-commerce vendors and end users. Eco System will consist of an extensible object oriented framework (class libraries, application programming interfaces and shared services) from which developers can assemble applications quickly from existing components. These applications could subsequently be reused in other applications. We are also developing a Common Business Language (CBL) that lets application agents communicate using messages and objects that model communications in the real business world. A network services architecture (protocols, APIs, and data formats) will insulate application agents from each other and from platform dependencies, while facilitating their interoperation. Functionally, Eco System fills three distinct roles. It is: a layer of middleware that facilitates agent interoperation through services such as authentication, billing, payment, and directories; an object oriented development environment that encourages the reuse of e-commerce modules (even modules that represent the product line of an entire company); and an industry roadmap and interoperability example that promotes open standards and helps technology vendors communicate with end users about product features     

Adaptive security protocol selection for mobile computing

The mobile computing paradigm has introduced new problems for application developers. Challenges include heterogeneity of hardware, software, and communication protocols, variability of resource limitations and varying wireless channel quality. In this scenario, security becomes a major concern for mobile users and applications. Security requirements for each application are different, as well as the hardware capabilities of each device. To make things worse, wireless medium conditions may change dramatically with time, incurring great impact on performance and QoS guarantees for the application. Currently, most of the security solutions for mobile devices use a static set of algorithms and protocols for services such as cryptography and hashes.In this work we propose a security service, which works as a middleware, with the ability to dynamically change the security protocols used between two peers. These changes can occur based on variations on wireless medium parameters and system resource usage, available hardware resources, application-defined QoS metrics, and desired data “security levels”. We compare our solution to some widespread static security protocols, demonstrate how our middleware is able to adapt itself over different conditions of medium and system, and how it can provide a performance gain in the execution of cryptographic primitives, through the use of data semantics.     

基于PKCS#12的数字版权管理系统

现有数字版权管理系统不能完全满足数字媒体应用的安全性和灵活性要求,针对该问题,提出一种基于PKCS#12的数字版权管理系统,设计系统的体系结构和安全协议,包括用户注册、证书颁发、数字内容加密分发、许可证生成发放、认证和解密等功能。利用 PKCS#12的安全特点以及协议的安全性,实现用户证书和私钥的安全存储及转移,有利于用户跨设备参与系统应用,防止版权非法共享。     

基于网格的BSP系统的设计和实现

文中描述了基于网格BSP系统BSP-G的设计和实现。BSP-G并行库利用网格中间件GlobusToolkit2．0提供的各种网格协议和服务，进行进程启动、监视、控制、身份认证、授权、资源分配、可执行程序的自动传送(Stage)。它使得用户能够在网格上直接运行BSP程序而无需关心网格接口的一些细节问题。最后给出了BSP-G的测试结果。     

网格技术的安全策略

网格能够实现多种分布式资源的虚拟化,为用户和应用提供对资源和大量IT功能的无缝访问。为了确保其完整性、确定性、保密性和访问控制,网格必须构建新的更高要求的安全体系。讨论了网格协议层结构对安全的支持,研究了网格安全需求、安全策略以及典型网格计算项目中实际使用的安全解决方案。     

Service-oriented middleware: A survey

Service-oriented computing aims to make services available and easily accessible through standardized models and protocols without having to worry about the underlying infrastructures, development models or implementation details. This helps achieve interoperability and loose coupling among distributed application components and also among user processes. In addition, this model offers users an on-demand usage model where they only use the services needed for the time needed, which relieves them from having to build and maintain a complete system in house. However, the design and implementation of robust and efficient service-oriented applications are still as complex and demanding as any other type of distributed application. Thus middleware can play an important role in facilitating the design, development and implementation of service-oriented systems. Furthermore, middleware approaches will provision non-functional requirements like performance, scalability, reliability, flexibility and quality of service (QoS) assurance. A lot of work has been done in this area and in this paper we survey some of this work in service-oriented middleware (SOM). As we study the different projects we develop a list of the main requirements that SOM should support. We also discuss the main objectives and characteristics of the surveyed approaches, and then we highlight the challenges to be addressed when designing and developing SOM solutions that satisfy the requirements of different application domains.     

安全中间件——公共安全编程接口的设计和实现

公共安全编程接口(CSPI)是安全中间件与用户之间的接口，通过使用公共安全编程接口用户可以透明地利用安全中间件完成安全服务。该文介绍了安全中间件的体系结构，给出了公共安全编程接口的设计和实现。     

A survey on service-oriented middleware for wireless sensor networks

Wireless sensor networks (WSN) are used for many applications such as environmental monitoring, infrastructure security, healthcare applications, and traffic control. The design and development of such applications must address many challenges dictated by WSN characteristics on one hand and the targeted applications on the other. One of the emerging approaches used for relaxing these challenges is using service-oriented middleware (SOM). Service-oriented computing, in general, aims to make services available and easily accessible through standardized models and protocols without having to worry about the underlying infrastructures, development models, or implementation details. SOM could play an important role in facilitating the design, development, and implementation of service-oriented systems. This will help achieve interoperability, loose coupling, and heterogeneity support. Furthermore, SOM approaches will provision non-functional requirements like scalability, reliability, flexibility, and Quality of Service (QoS) assurance. This paper surveys the current work in SOM and the trends and challenges to be addressed when designing and developing these solutions for WSN.     

Moving routing protocols to the user space in MANET middleware

Mobile Ad Hoc Network (MANET) middleware must be aware of the underlying multi-hop topology to self-adapt and to improve its communication efficiency. For this reason, many approaches rely on specific cross-layer communications to interact with the network protocols in the kernel space. But these solutions break the strict layering of the network stack and hinder the portability of middleware and applications.The main argument of this paper is to move the routing protocols to the user space to simplify the development, testing, deployment and portability of middleware and applications. If routing is just another software component in the user space, cross-layering can be elegantly solved using advanced software engineering techniques like component frameworks and explicit APIs. As a consequence, a slight performance cost must be paid to achieve portability and easy deployment. But we will demonstrate that the performance obtained by a user-space routing protocol is satisfactory for a wide range of applications.We have implemented the unicast MANET OLSR protocol in Java (jOLSR) and, on top of it, we have created a novel overlay multicast protocol (OMOLSR). We have then integrated both routing protocols (jOLSR, OMOLSR) as software components in a well-known group communication toolkit (JGroups). Modifying the JGroups toolkit, we have devised a topology-aware group communication middleware for MANETs (MChannel). In our MChannel middleware, group membership is obtained directly from OMOLSR multicast trees and failure detection is obtained from jOLSR active probing. We have validated our approach in several real testbeds to demonstrate the feasibility and efficiency of our middleware.