Secure Electronic Business
Security is probably the hardest issue with applications that run over
the Internet. Law-based mechanisms can be used to govern the interaction
in both intra-enterprise and inter-enterprise electronic business.
Such mechanisms can control the flow of information in these interactions,
and also mediate the interactions between different e-commerce frameworks
in inter-enterprise business. Contact: ,
.
Cryptography is the key underpinning all Internet electronic business.
There is a need for higher-level abstractions that allow a mixture of static
and dynamic checking of security properties of applications, where the
dynamic checking is only performed where necessary and implemented by cryptographic
techniques. Contact: .
Reliable Internet Programming
Developing reliable applications over the Internet requires support for
fault tolerance in the presence of partial failures. Traditional
mechanisms, in particular transactions, may not always be appropriate.
We are developing an approach to fault tolerance basec on orthogonal mechanisms
that may be combined. Transactions and nested transactions may be
obtained from such a combination; other combinations are also possible.
These abstractions may realized as a domain specific language for scripting
Internt applications, or as extensions to Java or C#. Contact: .
Safe Components and Componential Programming
With the growing use of component technology, an emerging problem is ensuring
that components execute in a safe and secure manner. For example
a bug or a Trojan horse in a component should be prevented from interfering
with other components with which it is connected. The traditional
hardware-based protection mechanisms do not scale up to systems composed
of many small components. The alternative is to have compilers "certify"
that components satisfy some safety requirements before they are executed.
Currently Java bytecode compilers certify that the Java machine code programs
that they produce are type-safe. The more general approach of compiler
certification potentially extends to a much broader range of safety policies,
and is applicable to native code compilers for example for X86 architectures.
This line of research has the potential to have a far-reaching impact on
component technologies such as ActiveX Controls and plug-ins, that are
currently hopelessly unsafe and insecure. Contact: .
In extending this approach to general safety policies, beyond type safety,
certifying compilers need to perform increasingly more sophisticated analyses
of components, to infer static properties of components before they are
executed. Traditional compiler analyses are performed over "whole
programs," which is incompatible with the realities of componential programming.
Therefore there is a need for modular program analyses that can be performed
on a component-by-component basis. Contact: .
Another htmlect of this work is providing safe mechanisms for dynamic
linking of components. Although Java has popularized the use
of application-level dynamic linking via class loaders, it has very weak
support for configuring systems of components on-the-fly. Another
shortcoming is the weak support for "hot swapping" components on-the-fly,
for example in 24/7 server applications. Contact: .
Document Processing
The eXtended Markup Language (XML) has been developed by Microsoft and
the Web consortium as a standard document description language for the
Web. Part of the future of the Web will be XML documents, their content
types described by XML schema, exchanged in commercial transactions, and
said documents processed automatically by applications implemented in Java.
As this activity grows, there will be a growing need to be able to reuse
document descriptions and document processors, just as software reuse is
scaling up the pace of software development. Therefore there is a
need for reuse mechanisms that support this, involving extensions both
to XML and to Java. These extensions go beyond simple inheritance,
as in XML schema, to broader mechanisms for reusing components for XML
applications. Contact: .
Software Design Process
Providing trustworthy enterprise systems will rely on sound engineering
practices in software development. This is recognized by the use
of formal methodologies such as UML in the software design process.
While several methodologies have been proposed, there is still a need for
careful experimental evaluation of the effectiveness of these methodologies.
It is intended to perform such evaluation in the context of teaching these
methodologies at the advanced undergraduate level. Contact: ,
.
Web Engineering
Schemes are being developed for performing market research over the Web.
Recognizing that many people freely make their consumer profiles available
on the Web, Geller et al propose to extract this consumer information from
individual Web pages. They are developing Web onthologies to organize
this information. Contact: ,
,
.
|
