Secure Middleware Template Library, 10-R9777Printer Friendly Version
Inclusive Dates: 01/01/08 12/31/08
Background - Middleware is, by definition, software that sits between the application and the operating system. Since it provides a pathway into and out of an executing program, it is a critical part of an overall system to secure. Recognizing that middleware is a broad area, we will focus on middleware that allows processes running on one or more machines to interact across a network by making remote procedure calls (RPCs) on objects residing in those processes. Adding security functionality to middleware can result in unacceptable impacts in performance, memory usage and reliability. To date, there has not been a high-level middleware solution that combines distributed communication functionality with security efficiently and reliably enough so that it can be used in small embedded systems with rigid performance and memory overhead constraints.
Approach - Our premise is that the best way to meet this need is to create a secure middleware library based on a template-based generic programming approach that considers security in the design from the ground up. What makes a generic library approach attractive is that it can simultaneously promote code reuse and program performance, which are often considered two opposing forces. Algorithms from generic libraries are defined using general-case (i.e., abstract) parameters to promote code reuse, while actual parameters specific to the use of the generic algorithm are substituted at compile-time to improve performance. This allows fewer lines of source code to be written for equivalent functionality (improving reliability) and allows the code to run as fast as hand-tuned code at run-time (improving performance).
To confirm this premise and thereby establish credibility, the proposed effort involves several experiments in which the core concepts of a template-based secure middleware technique will be challenged against the best-of-class current secure software development techniques. A formal evaluation of the proposed concept will be done by using the results of the experiments to measure metrics that involve security properties, runtime performance, memory overhead, reliability, scalability, and composability. The objective of the proposed research effort is to show that this type of middleware software library solution could be used effectively in small embedded real-time systems under stringent performance and memory constraints while providing security appropriate for middleware.
Accomplishments - The research team has implemented a client-server test application that implements RPCs in two different ways: one using sockets directly and the other using the Common Object Request Broker (CORBA) architecture. These two ways will be compared with RPCs implemented with our middleware library through a series of metrics involving experimental measurements. Secure data encryption and authentication has been added as an option to the "direct socket" approach through the axTLS library. This library has been designed specifically for embedded devices that require small memory footprints and will be used to provide the same services for our middleware library. Boost's open-source Serialization library has been identified and prototyped to provide services for our library that marshal and unmarshal function call arguments and return values across the network. The research team is now in the process of designing and implementing the generic secure middleware library.