New York University KnittingFactory
NYU
Partially supported by: DARPA/Rome Laboratory, NSF, Intel, Microsoft
An Infrastructure for
Network Computing with Java Applets
Arash Baratloo, Mehmet Karaul, Holger Karl, and Zvi M. Kedem
Department of Computer ScienceCourant Institute of Mathematical Sciences
New York University
http://www.cs.nyu.edu/milan
New York University KnittingFactory
NYUGoals
Java programming language + Java-capable Web browsers are a great “one-two punch,” but…
The challenge is to fully utilize this potential given the limitations imposed by browsers.
In the context of Web-based parallel programming environments and collaborative applications, identify a set of problems, and ...
Provide a set of unified solutions
New York University KnittingFactory
NYU
Typical Web-basedCollaborative session
Composed of A single Java applications process Multiple partner applets
Applets down-loaded from the application host Applets communicate only with the application host This is the context of our work Examples are TANGO, JavaParty, Java Collaborator Toolset, etc
server
Javaapplication
HTTP server
code &communication
code &communication
code &communication
code &communication
Browser& Applet
Browser& Applet
Browser& Applet
Browser& Applet
New York University KnittingFactory
NYUCharlotte (PDCS’96) in a Nutshell
Parallel programming model and system that provides Predictable virtual machine
to the programmer Realizes the virtual
machine on the unpredictable Web
End-user starts the execution of the manager process
Volunteers join the computation by a click of a mouse
Worker (applets) code and data is downloaded
One-click computing! Other examples are Javelin,
Bayanihan, etc.
code & data
manager
code & data
worker
workerworker
code & data
New York University KnittingFactory
NYUIssues to Address
In the context of Web-based collaborative and parallel applications, …
How do end-users find a service? E.g., how do volunteers find computations? E.g., how do users find multi-player games?
Are users free to execute the application on any host? Not all accessible machines run HTTP servers
How do collaborative applets communicate with each other? Centralized forwarding agent? Untrusted native code?
New York University KnittingFactory
NYURoadmap
Goals and Motivations Architecture Directory Service Class Server Direct Inter-applet communication Security Issues Summary
New York University KnittingFactory
NYUKnittingFactory Architecture
Infrastructure (middle-ware) to support both High-level systems, e.g,
parallel programming, collaborative environments, etc.
Web-based applications
Integrated services for Directory service Class server Inter-applet communication
Java Virtual Machine
Knitting Factory
parallelprogrammingenvironment
collaborativesystem
application/applet
application/applet
application/applet
New York University KnittingFactory
NYURoadmap
Goals and Motivations Architecture Directory Service Class Server Direct Inter-applet communication Security Issues Summary
New York University KnittingFactory
NYUKnittingFactory Directory Service
For highly dynamic (sometimes short lived) services that frequently register and unregister.
Considerations… Distributed -- a necessity for the Web Directory-server processes should not do all the work (unlike
LDAP) -- scalability Caching servers (and replication) require invalidation -- costly Must support Web browsers -- simple language
Goal: Move most the computation and the search away form directory-server process and onto the Web browser.
New York University KnittingFactory
NYUDirectory Service Comprises of...
Existing HTTP servers act as directory-server processes
A single HTML file contains all the necessary information Other servers, e.g.,
<name,URL> Registered services, e.g.,
<name,URL> Program code, i.e., Java
Script CGI scripts to
register/unregister services
Forms a directed graph
directory server
directory server
HTTP server
cgi <host,url><host,url>
....---------<host,url>
...----------java scriptprogram
cgi
directory server
New York University KnittingFactory
NYURegistration & Successful lookup
Register/Unregister Service provider sends an HTML Post message <name,URL> Directory server executes one of the CGI scripts Results in adding/removing an entry in the HTML file
Successful lookup Client requests the HTML file containing data + Java Script code The program searches the file it came from for the appropriate
entry
New York University KnittingFactory
NYUUnsuccessful lookup
The program picks the next server (referral) to visit, assembles a new URL, and redirects the Web-browser
Browser loads a new HTML file which wipes out the program state!
The newly loaded Java script program starts executing and…
Reads the state information passed as a URL tag (#)!
Search is performed by the clients!
Implemented BFS
W eb browser
sdf
Java Scriptprogram
http://foo:xxx/game
http://goo:yyy/game#foo<state>
<ds nam e,url><ds nam e,url>
---------<nam e,url><nam e,url>
New York University KnittingFactory
NYURoadmap
Goals and Motivations Architecture Directory Service Class Server Direct Inter-applet communication Security Issues Summary
New York University KnittingFactory
NYUIssues...
Java application process requires an HTTP server running on the same host, but… Users might not have access to hosts running HTTP servers HTTP servers machines will become overloaded when hosting
many applications HTTP servers are too “heavy-weight” for a simple…
Coupling class servers with an application can...
New York University KnittingFactory
NYUKnittingFactory Class Server
Embedded Java class (applet code) server to… … flexibly execute the application program on any host … provide a convenient gateway for browsers to
communicate with applications That simple!
java application
Class Server
other
forward
class
application specific
java class
New York University KnittingFactory
NYURoadmap
Goals and Motivations Architecture Directory Service Class Server Direct Inter-applet communication Security Issues Summary
New York University KnittingFactory
NYUInter-Applet communication
Browsers enforce the “host-of-origin” policy as a security measure: an applet is not allowed to: Listen for network connections Initiate a connection to any host other than the one it came from
Typical solutions Use a centralized forwarding agent to route messages (e.g,
Javelin, Java Collaborator Toolset) Use untrusted code as in plug-ins and native code (e.g, TANGO,
ATLAS)
But forwarding agent can become... A bottle-neck and a single point of failure
And with native code… Unsafe, not portable and heterogeneous anymore
New York University KnittingFactory
NYU
Inter-Applet communication (continue)
Signed applets (JDK1.1) and fine-grain access control (JDK1.2) is too rigid for every-day users Developers have to obtain a certificate and a digital ID from
Certifying Authority (CA) Users/administrators have to decide who to trust and how much
Wouldn’t it be nice to have direct applet-to-applet communication?
KnittingFactory Applets Can! Implemented using Java RMI, JDK1.1.3 and tested with appletviewer and HotJava 1.1
Security issues will be discussed later
New York University KnittingFactory
NYUKnittingFactory Applet
In a nutshell Each applet passes a
Remote Reference of itself to the session manager
Manager propagates the reference to other session members
After that point, applets can communicate directly
Applets form a collaborative session simply by inheriting KF_Applet
Simplifies collaborative applications development
Javaapplication
applet
applet
applet
Remote Referece
applet
Remote Reference
New York University KnittingFactory
NYURoadmap
Goals and Motivations Architecture Directory Service Class Server Direct Inter-applet communication Security Issues Summary
New York University KnittingFactory
NYUSecurity Issues
It is apparent that KnittingFactory Applets violate the host-of-origin policy, and…
It might be used to break Java security guarantees Many thanks to Java’98 PC, referees, and many others for
bringing this to our attention
The benefits of direct inter-applet communication is obvious, and…
Just as a forwarding agent can forward messages,
It might be possible to forward trust (references) in a safe and efficient manner.
New York University KnittingFactory
NYURoadmap
Goals and Motivations Architecture Directory Service Class Server Direct Inter-applet communication Security Issues Summary
New York University KnittingFactory
NYUSummary of services...
Distributed directory service Designed for services that frequently register/unregister Designed for Web browsers to act as clients Search is performed by the browsers As much as possible, does not introduce new processes/daemons
Class Server Simple, but execution flexibility Convenient gateway to the application
Inter-applet communication Simplifies collaborative application development Removes single point of failure Does not require native code
Open question: can we guarantee safety while maintaining flexibility of inter-applet communication?