file system example in adaptive profiling
Leno Am
If the (small) code component that implements the high-level logic (for example enumerating all subdirectories and filtering files that have .mp3 in them) was seamlessly copied to the file system share computer, the requests would become local instead of hopping over a slower network. This could speed up work with file system shares, without having to jump between controlling multiple computers.
Leno Am
...Therefore, the only capabilities carried by the code component will be the exact same ones it had carried before migration. If it had no capabilities to any resources on the new hosting computer, but a few capabilities in the original hosting computer, then only requests to access objects on the original hosting computer will be possible
- you leave this usage implicitly (and thus you don't control how much is allowed)
- or you actually have to give it networking resource capabilities (which you didn't intend to) and it will be able to use that network resource capability for other things besides using the remote capability
- or you define a "remote capability usage capability" which allows an object to access remote services (under restrictions of how much and often you let it do that).
what do you say about this? i'm not sure it's an issue
eyal....@gmail.com
The client only sends a high-level request "please get me a list
of .mp3 files",
and in response it will get the .mp3 list.
The enumeration of the directories and all subdirs and etc. are done
locally between the high-level component and the remote file share
server.
eyal....@gmail.com
> Another thing. You say:
>
> > ...Therefore, the only capabilities carried by the code component will be
> > the exact same ones it had carried before migration. If it had no
> > capabilities to any resources on the new hosting computer, but a few
> > capabilities in the original hosting computer, then only requests to access
> > objects on the original hosting computer will be possible
>
> I have a question. What would happen if a component migrates from a remote
> to you local host, and carries only capabilities on the remote host? For
> almost anything you do with it, it will still have to use the capabilities
> of the remote host. This means that network resource will be used all the
> time even though it is "local". In fact you MUST give it some capabilities
> (like scheduling and storage capabilities) so that the component will work
> on your machine. So your description is not exact, and also the question of
> gain is more complicated because you have to take into account that by
> migrating the object there will be a great network cost if the object uses
> any (even trivial) capabilities on the remote host.
made local->remote and calculated as a loss vs. the gain. These extra
"trivial capabilities" can also be migrated with the object.
As for the scheduling and storage capabilities, you are right, I
should add a reference about that.
That was the issue of "fairness" I was referring to (use of space
[slow and fast] and scheduling).
Basically I think that scheduling and space will be used on a good-
will basis, which would mean that for this migration to happen, some
trust would have to be issued (as I have explained in the security
concerns). This trust, however, is limited as it only concerns the
succesful running of the component, and not abuse of authority.
> Another related question is about capabilities. If you have migrated an
> object to your local machine, and it uses a remote capability, every time it
> needs that capability it is actually implicitly using your network resource.
I disagree, it is explicit, as it is already considered when the
topology is changed to convert a local reference to a remote one.
> So either:
>
> 1. you leave this usage implicitly (and thus you don't control how
> much is allowed)
This is more of an issue of QoS and anti-DoS than it is a security
problem.
If it is acceptable for a web browser and other programs to use the
network as much as they wish, then migrating objects using unlimited
network power should also be acceptable.
> 2. or you actually have to give it networking resource capabilities
> (which you didn't intend to) and it will be able to use that network
> resource capability for other things besides using the remote capability
No no. A remote capability (a network reference) is a capability to
use the network, but the object doesn't actually know if/when it is
using the network (unless it also has a capability to a timer and such
and can measure the length of calls/etc heuristically).
I don't think there should be a general capability to "use the
network" (except maybe the network driver).
> 3. or you define a "remote capability usage capability" which allows
> an object to access remote services (under restrictions of how much and
> often you let it do that).
I don't think its necessary. I think we should just let a local
capability become remote and start using network resources without any
limitation. If a limitation is to be imposed, it should be imposed on
the migration such that a local reference does not become a remote
reference over an expensive network (as explained in the costs).
> what do you say about this? i'm not sure it's an issue
It is in issue, but I think its a minor issue of QoS, and one that's
successfully being ignored in current computing so it is probably
acceptable to ignore it (at least at first).
Noam
therefore will receive all the focus of attackers.
As for the rest, i'll think about it
> > > last one- Hide quoted text -
>
> - Show quoted text -- Hide quoted text -
>
> - Show quoted text -