Last modified 12/13/99 --PR
Class home page
You can do this assignment in pairs, but not in groups larger than two.
Explore the interactive map of On-campus "backbone" nodes. Find it by clicking on the "Map of On-campus connections" link from the ITD Backbone web page. Note that SI connects through c-UGLI. Click on things on the map to see current status. SI subnet IP addresses begin with 141.211.202 and 141.211.203 (there may be more that I don't know about).
(4 points) Suppose a piece of mobile code (e.g., a Java Applet) is totally untrusted (you don't know who created it or what it does), so you want to restrict its capabilities (run it in a sandbox). Consider restrictions on the following types of operations and indicate, first, what bad actions by the mobile code might be eliminated, and then indicate what legitimate purposes of mobile code might be eliminated.
Clarifications sent out by email:
1) The scenario is that a piece of code has been downloaded from somewhere else and is now going to execute on a computer. Hence, the code is already mobile. It need not move again during its execution.
2) You are analyzing the positive and negative effects caused by each type of restriction. The positive effects are that some kinds of bad things are prevented. The negative effects are that some kinds of good things are prevented.
3) With the restriction in part c, the code that is executing on your machine will be unable to invoke methods of any other objects that reside permanently (i.e., code and data are stored on the hard disk) on your machine.
4) With the restriction in part d, the code that is executing on your machine will be unable to invoke methods of any other objects that do not reside permanently on your machine. For example, these might be other objects that were just downloaded from another machine and are executing locally, or even objects that are executing on other machine.
The key to this question is to understand what a sandbox does: it prevents the execution of certain kinds of operations by certain pieces of code. It's not a virus checker that scans for certain bad things and then lets the code execute freely if no bad things are found.
(1 point) Can a packet-filtering firewall filter block all Java programs from passing through? Why or why not?
No. As discussed in class, the TCP packets would have to be reassembled into complete messages in order to determine that Java programs were being sent.
Point of clarification for your future reference. In everyday language, people refer to "the firewall" more generically to mean the packet filter (what I call the firewall) plus a bastion host that is running a proxy server. The packet filter may permit communication from outside the organization with only the bastion host. The bastion host may be configured to act as a proxy for internal computers trying to communicate with the outside world. The proxy server works at the "application layer" rather than the "network layer" and hence can do things like block email from certain people or do virus checking on file attachments or prevent Java programs from being downloaded from Web sites.
3 points free on this homework!
Explain to someone the idea of atomic transactions and how to achieve atomicity in transaction processing.
E15.7 For the bookselling application we've used throughout the course, describe how transaction processing could make the application more robust and easier to develop. In particular:
charging the customer's credit card
shipping the books
marking the order as fulfilled in the database
--credit the customer's credit card (the credit card company doesn't have a way to
do a pre-commit, so you have to actually charge the card and then issue a credit if the
--don't ship the books (the resource manager would only pre-commit if it was sure the order could be fulfilled, but wouldn't send the books until the commit phase).
--unmark the order as fulfilled in the database.
Without transaction processing for order fulfillment, there would be more instances of books shipped without payments received, or charges without books being received, or double shipping of certain books (Last semester, a student mentioned his experience receiving multiple shipments from a mail-order computer company, where they had lost track of what they'd shipped).
E16.4: platform independence
a. To support write-once, run-anywhere, the middleware will need to provide, on every different platform, a version of an interpreter or compiler for some common language (the language in which things will be written once). This provides OS platform independence, as long as the common language is used for programming (think JAVA here).
b. To support RMI on remote objects on different platforms, where objects on both platforms use an ORB from the same vendor, the middleware ORB will need to be implemented on both platforms and will need some inter-ORB communication protocol (but the protocol can be proprietary to the vendor). This provides OS platform independence but not ORB vendor independence.
c. To support RMI on remote objects on different platforms, where the objects use ORBs from different vendors, the middleware ORB will need some common inter-ORB communication protocol that is used by both vendors. This provides independence of ORB platforms in addition to OS platform independence.
E17.10b: scalability (Do this for the bookselling application only)
The two important tasks that users do are browsing and ordering. Once orders are placed, they need to be fulfilled. Scalability refers to the ability to handle more customers just by adding extra equipment. That is, by adding more equipment (servers, warehouses, etc.), the bookseller should be able to increase throughput, without increasing the blocking rate (inability to connect to server) or task completion time (server response time) perceived by customers.
For browsing and handling orders, one difficulty will be load balancing among the Web servers. All the techniques discussed in class and in the supplemental reading might be appropriate.
Since the Web servers need to access a shared database that keeps track of inventory, etc., there may be a bottleneck in processing transactions. The database could be partitioned (e.g., inventory seperate from recommendations) in order to increase throughput. But to be really scalable, we'd like to replicate the database. With replicated databases, there is a problem with keeping all the copies synchronized: when one copy is updated, they must all be updated. Two-phase commit to assure atomic writes to all the copies of the database would help, but there are more sophisticated techniques that could be explored as well.
You can read more about scalability and load balancing in this article from InternetWorld that Darren Gergle found.