BERSERK is a generic monitor for applications that allows easy composing of execution flow. BERSERK stands for BusinEss logic Runtime and SEcurity Resources Kit.
Nowadays most of the effort on security researches is focused on the expressiveness, performance, coherence and scalability of the security mechanisms. Although those are, indubitably, quite important vectors of security mechanisms, there is another concern that deserves attention: the possibility of expressing multiple access control criteria. A security framework shouldn’t limit the criteria to the most common choices: user-based, group-based, role-based, etc. Most popular control access approaches are centred on only one of these criteria, and then offer a way to specify the security policy to apply. An example is UNIX operating system that offers a security mechanism based on users and groups. It’s impossible to use UNIX’s native security mechanism to specify a range of hours during which a user can successfully access a specific resource.
The interest about BERSERK resides in the fact that it allows not only to specify the policy to apply, but also the possibility to implement virtually any security criterion.
The framework supports the execution of generic executors that are encompassed with the execution of main executors. Obviously, whether is favourable to execute the preceding or following executors is responsible of the framework administrator. Both execution timings are optional and fully configurable.
BERSERK can be viewed as an implementation of the “Intercepting Filter” design pattern. The main executor is the service while the preceding and following executors are filters. The executors that precede and follow the main executor are filters that intercept a service.
Generically BERSERK can be used to compose any kind of executors. However this report is focused on using Control Access executors that intercept a requested service.
The composition of the intercepting executors is done using a simple logic language that allows the use of logic connectors and the specification of execution priorities.
BERSERK offers users the possibility to choose the storage and transactional object allowing:
BERSERK can be used on any kind of applications, from standalone command prompt applications, to complex distributed systems;
Detailed information about BERSERK's performance can be found on my AAS' Course Report.
Future work will be developed to allow macro-management of group of services, easing the management of very large applications.
BERSERK provides a highly generic execution flow control that allows to virtually implement any business-logic. Concrete examples are:
BERSERK has two web sites. This is the BERSERK frontend website. All users (developers, users, general public...) should use this website to read about BERSERK and to find answers to their questions.
Developers and contributers should visit BERSERK's sourceforge website here. This is the backend website, from where BERSERK Project is managed. It's features all provided by sourceforge.net.
Frontend website's design is based in OJB's. Because it is clean and effective, BERSERK adopted it. BERSERK developers used OJB's website for years and concluded unanimously that it is a really good example to follow. Please visit OJB's website here.