SourceForge.net Logo

abstract

BERSERK is a generic monitor for applications that allows easy composing of execution flow. BERSERK stands for BusinEss logic Runtime and SEcurity Resources Kit.

Nowadays most of the effort on security researches is focused on the expressiveness, performance, coherence and scalability of the security mechanisms. Although those are, indubitably, quite important vectors of security mechanisms, there is another concern that deserves attention: the possibility of expressing multiple access control criteria. A security framework shouldn’t limit the criteria to the most common choices: user-based, group-based, role-based, etc. Most popular control access approaches are centred on only one of these criteria, and then offer a way to specify the security policy to apply. An example is UNIX operating system that offers a security mechanism based on users and groups. It’s impossible to use UNIX’s native security mechanism to specify a range of hours during which a user can successfully access a specific resource.

The interest about BERSERK resides in the fact that it allows not only to specify the policy to apply, but also the possibility to implement virtually any security criterion.

The framework supports the execution of generic executors  that are encompassed with the execution of main executors. Obviously, whether is favourable to execute the preceding or following executors is responsible of the framework administrator. Both execution timings are optional and fully configurable.

BERSERK can be viewed as an implementation of the “Intercepting Filter” design pattern. The main executor is the service while the preceding and following executors are filters. The executors that precede and follow the main executor are filters that intercept a service.

Generically BERSERK can be used to compose any kind of executors. However this report is focused on using Control Access executors that intercept a requested service.

The composition of the intercepting executors is done using a simple logic language that allows the use of logic connectors and the specification of execution priorities.

flexibility

BERSERK offers users the possibility to choose the storage and transactional object allowing:

  • High flexibility and portability between multiple application deploys; 
  • Runtime configuration, allowing on-the-fly changes concerning where and how to store persistent data and information;
  • Extending BERSERK to use user-defined storage and transactional mechanisms; 
  • A large range of use from small applications to enterprise distributed systems;

scalability

BERSERK can be used on any kind of applications, from standalone command prompt applications, to complex distributed systems;

Detailed information about BERSERK's performance can be found on my AAS' Course Report.

Future work will be developed to allow macro-management of group of services, easing the management of very large applications.

use examples

BERSERK provides a highly generic execution flow control that allows to virtually implement any business-logic. Concrete examples are:

  • Security monitor, processing all the requests to a selected set of resources and using cross-domain criterion composition (role-based, network-based, daytime-based,history-based,etc... can be easily combined to deploy a extremely expressive and higly flexible security rule);
  • Data manipulation, turning computer-efficient raw data into good-looking human-readable information;
  • Delegation monitor, switching resource requesters;
  • Obligation monitor, inspecting a database of obligations and denying any other actions to users while obligation is not accomplished;
  • Security policies manager, using a simple and flexible language; 

web sites

BERSERK has two web sites. This is the BERSERK frontend website. All users (developers, users, general public...) should use this website to read about BERSERK and to find answers to their questions.

Developers and contributers should visit BERSERK's sourceforge website here. This is the backend website, from where BERSERK Project is managed. It's features all provided by sourceforge.net.

Frontend website's design is based in OJB's. Because it is clean and effective, BERSERK adopted it. BERSERK developers used OJB's website for years and concluded unanimously that it is a really good example to follow. Please visit OJB's website here.