Proceedings of the 11th annual international conference on Aspect-oriented Software Development - AOSD '12, 2012
This paper presents MView, a technique that enables the separation of various developer stakehold... more This paper presents MView, a technique that enables the separation of various developer stakeholder views on an architectural connector in distributed software systems. While state-of-the-art AO-ADLs focus on describing compositions using aspect-based connectors, there is no support for describing a connector across multiple architectural views. This is, however, essential for distributed systems, where run-time and distribution characteristics are not represented
Proceedings of the 8th Workshop on Middleware for Next Generation Internet Computing - MW4NextGen '13, 2013
ABSTRACT Policy-based access control aims to decouple access control rules from the application t... more ABSTRACT Policy-based access control aims to decouple access control rules from the application they constrain by expressing these rules in declarative access control policies. Performance of policy-based access control is of growing importance, but concurrent and distributed policy evaluation has received little research attention and current policy evaluation engines are still single-machine and fully sequential to the best of our knowledge. We believe that concurrent policy evaluation is necessary to meet the performance and scalability requirements of next-generation internet applications and aid the maturation of policy-based access control. Therefore, this paper presents an initial exploration of concurrent policy evaluation. We illustrate the performance of current policy evaluation engines, model the performance of policy evaluation in terms of the characteristics of a policy, list opportunities for concurrency, describe the need for concurrency control and specifically show how concurrency can be used to improve throughput based on our prototype.
Proceedings of the 7th Workshop on Middleware for Next Generation Internet Computing - MW4NG '12, 2012
ABSTRACT This paper presents our work in progress on efficient and confidentiality-aware access c... more ABSTRACT This paper presents our work in progress on efficient and confidentiality-aware access control for Software-as-a-Service applications. In SaaS, a tenant organization rents access to a shared, typically web-based application. Access control for these applications requires large amounts of fine-grained data, also from the remaining on-premise applications, of which often sensitive application data. With current SaaS applications the provider evaluates both provider and tenant policies. This forces the tenant to disclose its sensitive access control data and limits policy evaluation performance by having to fetch this data. To address these challenges, we propose to decompose the tenant policies and deploy them across tenant and provider in order to evaluate parts of the policies near the data they require as much as possible, while taking into account the tenant confidentiality constraints. We present a policy decomposition algorithm based on a general attribute-based policy model and describe a supporting middleware system. In the future, we plan to refine this work and evaluate the impact on performance using real-life policies from research projects.
2014 IEEE Conference on Computer Communications Workshops (INFOCOM WKSHPS), 2014
ABSTRACT The cloud computing paradigm promises increased flexibility and scalability for consumer... more ABSTRACT The cloud computing paradigm promises increased flexibility and scalability for consumers and providers of software services. Service providers that exploit private cloud environments offer restricted flexibility and scalability because of the limited capacity. However, such organizations are often reluctant to migrate to public clouds because of business continuity threats and vendor lock-in. Hybrid clouds potentially combine the benefits of private and public (external) clouds. Vendor lock-in can be avoided when multiple external clouds are supported and effectively exploited. This paper presents a middleware platform for hybrid cloud applications. The middleware enables organizations to control the execution of their applications in hybrid cloud environments. Driven by policies, the middleware can dynamically decide which requests and tasks are executed on a particular part of the hybrid cloud. The core of the middleware, and the focus of this paper, is an abstraction layer that enables portability over multiple storage services of various PaaS platforms as well as interoperability between the PaaS platforms. We have validated the core concept by building a prototype implementation that runs on top of specific PaaS platforms as well as on cloud-enabling middleware. A document processing SaaS service has been instantiated on the middleware. Performance results have been collected for JBoss AS cluster, Google App Engine, and Red Hat OpenShift.
... W. De Borger (B) DistriNet Research Group, KU Leuven, B-3001 Heverlee, Belgium e-mail:wouter.... more ... W. De Borger (B) DistriNet Research Group, KU Leuven, B-3001 Heverlee, Belgium e-mail:wouter.deborger@cs.kuleuven.be 277 J. Cleland-Huang et al. ... Fig. 6 Overview of model to model transformations (based on Czarnecki and Helsen, 2006) and Helsen, 2006). ...
Proceedings of the 11th annual international conference on Aspect-oriented Software Development - AOSD '12, 2012
This paper presents MView, a technique that enables the separation of various developer stakehold... more This paper presents MView, a technique that enables the separation of various developer stakeholder views on an architectural connector in distributed software systems. While state-of-the-art AO-ADLs focus on describing compositions using aspect-based connectors, there is no support for describing a connector across multiple architectural views. This is, however, essential for distributed systems, where run-time and distribution characteristics are not represented
Proceedings of the 8th Workshop on Middleware for Next Generation Internet Computing - MW4NextGen '13, 2013
ABSTRACT Policy-based access control aims to decouple access control rules from the application t... more ABSTRACT Policy-based access control aims to decouple access control rules from the application they constrain by expressing these rules in declarative access control policies. Performance of policy-based access control is of growing importance, but concurrent and distributed policy evaluation has received little research attention and current policy evaluation engines are still single-machine and fully sequential to the best of our knowledge. We believe that concurrent policy evaluation is necessary to meet the performance and scalability requirements of next-generation internet applications and aid the maturation of policy-based access control. Therefore, this paper presents an initial exploration of concurrent policy evaluation. We illustrate the performance of current policy evaluation engines, model the performance of policy evaluation in terms of the characteristics of a policy, list opportunities for concurrency, describe the need for concurrency control and specifically show how concurrency can be used to improve throughput based on our prototype.
Proceedings of the 7th Workshop on Middleware for Next Generation Internet Computing - MW4NG '12, 2012
ABSTRACT This paper presents our work in progress on efficient and confidentiality-aware access c... more ABSTRACT This paper presents our work in progress on efficient and confidentiality-aware access control for Software-as-a-Service applications. In SaaS, a tenant organization rents access to a shared, typically web-based application. Access control for these applications requires large amounts of fine-grained data, also from the remaining on-premise applications, of which often sensitive application data. With current SaaS applications the provider evaluates both provider and tenant policies. This forces the tenant to disclose its sensitive access control data and limits policy evaluation performance by having to fetch this data. To address these challenges, we propose to decompose the tenant policies and deploy them across tenant and provider in order to evaluate parts of the policies near the data they require as much as possible, while taking into account the tenant confidentiality constraints. We present a policy decomposition algorithm based on a general attribute-based policy model and describe a supporting middleware system. In the future, we plan to refine this work and evaluate the impact on performance using real-life policies from research projects.
2014 IEEE Conference on Computer Communications Workshops (INFOCOM WKSHPS), 2014
ABSTRACT The cloud computing paradigm promises increased flexibility and scalability for consumer... more ABSTRACT The cloud computing paradigm promises increased flexibility and scalability for consumers and providers of software services. Service providers that exploit private cloud environments offer restricted flexibility and scalability because of the limited capacity. However, such organizations are often reluctant to migrate to public clouds because of business continuity threats and vendor lock-in. Hybrid clouds potentially combine the benefits of private and public (external) clouds. Vendor lock-in can be avoided when multiple external clouds are supported and effectively exploited. This paper presents a middleware platform for hybrid cloud applications. The middleware enables organizations to control the execution of their applications in hybrid cloud environments. Driven by policies, the middleware can dynamically decide which requests and tasks are executed on a particular part of the hybrid cloud. The core of the middleware, and the focus of this paper, is an abstraction layer that enables portability over multiple storage services of various PaaS platforms as well as interoperability between the PaaS platforms. We have validated the core concept by building a prototype implementation that runs on top of specific PaaS platforms as well as on cloud-enabling middleware. A document processing SaaS service has been instantiated on the middleware. Performance results have been collected for JBoss AS cluster, Google App Engine, and Red Hat OpenShift.
... W. De Borger (B) DistriNet Research Group, KU Leuven, B-3001 Heverlee, Belgium e-mail:wouter.... more ... W. De Borger (B) DistriNet Research Group, KU Leuven, B-3001 Heverlee, Belgium e-mail:wouter.deborger@cs.kuleuven.be 277 J. Cleland-Huang et al. ... Fig. 6 Overview of model to model transformations (based on Czarnecki and Helsen, 2006) and Helsen, 2006). ...
Uploads
Papers by B. Lagaisse