Abstraction is a wonderful tool, but it is also a double-edged sword. Abstraction allows us to deal with complex ideas by focussing our attention on relevant information while ignoring details. This, of course, allows us to create software that is complex and rich in functionality.
But what happens when the details which are being ignored are important? In this case, the use of abstraction can cause new problems while dealing with complexity. One such case is the use of abstraction and security related issues.
Many applications are developed with the help of tools. Toolsets range from the high level (eg. EJBs, .NET, etc) to the low level (JUnit, compilers, profilers, CORBA, RMI, etc). I have long been a proponent of tools but only in such cases where the user has some level of understanding about what the tool is actually doing; what problems is the tool solving. If the user is unaware of these details, the user cannot assess the efficacy of these tools. This is particularly true of security related issues. If a tool has a bug or is not used properly by its user and this results in a security hole, how can the user of the tool properly assess the risks involved?
As applications require higher and higher levels scalability, programmers are using tools to help support this scalability. Distributed object frameworks are an example of a toolset that is used to support scalability. The question is, how secure are these frameworks?
The purpose of this mini-assignment is to get you thinking about distributed object frameworks and security. The general flow of this mini-assignment is as follows:
Presentations
During the presentation day, I will ask for volunteers to present their question to the class. If, at any point, there is more time left in the lecture and there are no volunteers, I will randomly choose groups from my class list. You will be given as much time as you need to present your question, but I would prefer it if you could keep your presentation time below 10 minutes. I also encourage discussion of these questions during the presentation time.
You will be evaluated based on the information presented in your web page. You must email a link to your web page to the instructor by Thursday, December 16.
Please note: If there are not enough volunteers to fill the lecture time and your group is chosen to present, you must present or your group will receive a penalty for the mini-assignment.