CS795/895: Introduction

advertisement
CS795/895: Introduction
Topics
• Distributed Systems
– Availability
– Performance
– Web Services
• Security
– Authentication
– Authorization
– Confidentiality
Distributed Systems
• Geographically Distributed
• Replication is the primary means to
provide high availability and performance
• Replication/failure transparency are
desired by distributed applications
• Protocols to communicate between distant
processes are important: SOAP
Web Services
• Service offered over the web
• It facilitates request-reply paradigm using
message exchange
• Uses:
•
•
•
•
HTTP (Hypertext Transport Protocol)
SOAP (Simple Object Access Protocol)
UDDI (Universal Description, Discovery and Integration)
WS-POLICY (Web Services Policy)
.Net Framework
•
•
•
•
Write the source code (e.g., using C#)
Compile using a C# Compiler (csc.exe).
The compiler converts the source code into an Intermediate Language,
much like bytecode in Java. This is managed code (exe or DLL) .
The compiled file unit is executed using the C# Interpreter. Upon execution,
the code is checked for type safety. Moreover, the Just In Time (JIT)
compiler compiles the unit into Managed Native Code and finally Common
Language Runtime (CLR) produces the final output.
CLR: Common Language Runtime
• Runtime environment of .Net Framework--manages execution of code and provides
different services
• CLR contains: CTS (common type system), CLS
(a subset of CTS to be supported by all .Net
languages), CIL (Common intermediate
language), JIT compiler (converts to MSIL (in
assemblies) to executable native code)
• Managed code: IL codes along with metadata
files; .exe or dll
Common Type System (CTS)
• Supports OOL like Java as well as
procedural languages like C
• Objects and values (atomic types like
integers and chars)
• CTS is a superset of CLS --- Not all .Net
applications support all types in CTS
Miscellaneous
•
•
•
•
•
•
JIT --- Just in time compiler: This is used to convert the intermediate language
contained in assemblies (executables) into native executable code.
The security policy settings are referred at this stage to decide if code is being
compiled needs to be type safe.
Managed code vs. unmanaged code: This is the Intermediate Language code (IL)
along with metadata contained in portable executables (.EXE or .DLL). This needs
JIT compiler to convert it into native executable code.
Unmanaged code is a precompiled executable that don’t need JIT---but it has the
disadvantage of being not portable across different OS platforms. They could also be
unsafe.
CLR provides services to the managed code---(i) The language compiler emits
metadata that describes the types, members, and references in the code. (ii) Cross
language integration
Application domains---lightweight processes—An extension of Java’s sandbox
security and Thread model. Multiple application domains run in a single Win32
process but they are isolated. Each domain can have its own configuration of security
features specified.
Miscellaneous
• Assemblies: A functional unit of sharing and reuse in
CLR. It is equivalent to JAR files of java.
• It is like a logical .exe or .dll; it can be an application
(with a main point of entry) or a library.
• Consists of one or more files (dlls, exes, html files, etc.)
and represents a group of resources, type definitions,
and implementation of those types.
• An assembly may contain references to other
assemblies---described in manifest---a self-describing
assembly
C# (C Sharp)
•
•
•
Improved version of C++ and Java
It is type-safe
In .Net use Projects/Windows application C# to create and run C# programs.
using System;
namespace Helloworld
{
/// <summary>
/// Summary description for Class1.
/// </summary>
class Class1
{
/// <summary>
/// The main entry point for the application.
/// </summary>
static void Main(string[] args)
{
Console.Write("What is your name? ");
string a = Console.ReadLine();
Console.WriteLine("Hello " + a);
}
}
}
ADO.Net
• Provides data access tools for web
applications
• Seamless interoperability with XML
• Uses objects such as: Connection,
Command, DataSets, DataReaders,
DataSetCommands
• Use SQLConnection for MSQL server and
ADOConnection via OLEDB provider
using System;
using System.Data.SqlClient;
class seePubs
{
static void Main ()
{
SqlConnection conn = new SqlConnection
("server=nebula.cs.odu.edu;database=pubs;User
ID=cwild;password=wildcs2004");
try
{
conn.Open ();
SqlCommand cmd = new SqlCommand ("select * from titles", conn);
SqlDataReader reader = cmd.ExecuteReader ();
while (reader.Read ())
Console.WriteLine (reader["title"]);
}
catch (SqlException ex)
{
Console.WriteLine (ex.Message);
}
finally
{
conn.Close ();
}
}
}
.Net Security: Topics
•
•
•
•
•
•
•
•
•
•
•
Threat models
Storing secrets
Securing Database access
ASP.Net security framework
.Net Cryptography
Windows authentication
Forms authentication
Implementing Authorization
Code access security
Web services security
Impersonation
Download