|
abstractBERSERK is a generic monitor for applications that allows easy composing of execution flow. BERSERK stands for BusinEss logic Runtime and SEcurity Resources Kit. Nowadays most of the effort on security researches is
focused on the expressiveness, performance, coherence and scalability of
the security mechanisms. Although those are, indubitably, quite important
vectors of security mechanisms, there is another concern that deserves
attention: the possibility of expressing multiple access control criteria.
A security framework shouldn’t limit the criteria to the most common
choices: user-based, group-based, role-based, etc. Most popular control
access approaches are centred on only one of these criteria, and then
offer a way to specify the security policy to apply. An example is UNIX
operating system that offers a security mechanism based on users and
groups. It’s impossible to use UNIX’s native security mechanism to specify
a range of hours during which a user can successfully access a specific
resource. The interest about BERSERK resides in the fact that
it allows not only to specify the policy to apply, but also the
possibility to implement virtually any security criterion. The framework supports the execution of generic
executors
that are encompassed with the execution
of main executors. Obviously, whether is favourable to execute the
preceding or following executors is responsible of the framework
administrator. Both execution timings are optional and fully configurable.
BERSERK can be viewed as an implementation of the
“Intercepting Filter” design pattern. The main executor is the service
while the preceding and following executors are filters. The executors
that precede and follow the main executor are filters that intercept a
service. Generically BERSERK can be used to compose any kind
of executors. However this report is focused on using Control Access
executors that intercept a requested service. The composition of the intercepting executors is done using a simple logic language that allows the use of logic connectors and the specification of execution priorities. flexibilityBERSERK offers users the possibility to choose the storage and transactional object allowing:
scalabilityBERSERK can be used on any kind of applications, from standalone command prompt applications, to complex distributed systems; Detailed information about BERSERK's performance can be found on my AAS' Course Report. Future work will be developed to allow macro-management of group of services, easing the management of very large applications. use examplesBERSERK provides a highly generic execution flow control that allows to virtually implement any business-logic. Concrete examples are:
web sitesBERSERK has two web sites. This is the BERSERK frontend website. All users (developers, users, general public...) should use this website to read about BERSERK and to find answers to their questions. Developers and contributers should visit BERSERK's sourceforge website here. This is the backend website, from where BERSERK Project is managed. It's features all provided by sourceforge.net. Frontend website's design is based in OJB's. Because it is clean and effective, BERSERK adopted it. BERSERK developers used OJB's website for years and concluded unanimously that it is a really good example to follow. Please visit OJB's website here. |