Addressing and protection in a distributed system
Adressage et protection dans un systeme reparti
Résumé
This work has been carried out in the framework of the Guide project, which aims at designing and implementing a system for the support of distributed persistent objects. The thesis is structured into two parts. The first part addresses the design problems for such a system and describes various approaches adopted in similar projects. The second part is devoted to the presentation of the work achieved within the Guide project. A major result is the design and prototype implementation of a distributed kernel called Eliott on the Mach 3.0 micro-kernel, which provides a generic support for a family of object-oriented languages. This kernel was used to develop pilot distributed object-oriented applications. The Eliott kernel manages persistent objects and provides object sharing between tasks which are multithreaded distributed execution structures. For efficiency reasons, objects are grouped into clusters, but a given object may migrate from one cluster to another according to administrative clustering policies. Objects are dynamically bound into tasks virtual address spaces. For security purpose, objects can be isolated from each other so that an error in a given object can not damage another object. To achieve this goal, a lightweight segmented addressing scheme "a la Multics" was designed. The general addressing scheme also includes access-control mechanisms, which are based on access-lists specified at the operation level. These mechanisms allow the construction of mutually suspicious protected subsystems. Control structures, including protection data are generated at the first invocation of a given object. This information is then used to perform efficiently subsequent invocations of the same object.
Ce travail de these se situe dans le cadre du projet Guide dont le but est la conception et la realisation dun systeme reparti fournissant un support d'objets partages persistants. Dans une premiere partie, cette these etudie les problemes poses par la conception d'un tel systeme, les differentes approches rencontrees dans les systemes existants illustrant cette etude. La seconde partie est consacree a la presentation du travail realise dans le cadre du projet Guide. Un noyau de systeme appele Eliott a ete realise sur le micro-noyau Mach 3.0 et fournit le support necessaire aux langages orientes-objets utilises pour la programmation dapplications reparties. Le noyau Eliott gere a la fois la persistance des objets et le partage des objets entre les structures d'execution. Les objets sont regroupes en grappes, ce qui permet de les gerer plus efficacement dans le systeme ; ils peuvent etre deplaces entre les grappes. Les structures d'execution sont des espaces dadressage repartis partages par plusieurs flots dexecution ; les objets sont lies dynamiquement dans ces espaces d'adressage. Pour assurer un niveau de protection minimum, le systeme isole les objets afin d'eviter qu'une erreur dans un programme puisse perturber d'autres objets. Un schema dadressage a la Multics a ete defini afin deviter une interpretation systematique des appels de methode. Des mecanismes de controle des droits d'acces fondes sur des listes dacces sont integres a ce schema d'adressage et permettent la construction de sous-systemes proteges mutuellement mefiants. La realisation de ces mecanismes a ete effectuee sans degrader l'efficacite de l'appel de methode. La verification de la protection genere un cout supplementaire lors du premier appel qui est interprete, mais aucun cout pour les appels suivants.