FIT3056 Secure and Trusted software systems Lecture 07 Secure networked and distributed programming.

FIT3056 FIT3056 Secure and Trusted software systemsSecure and Trusted software systems

Lecture 07Lecture 07Secure networked and distributed Secure networked and distributed

programmingprogramming

2

OutlineOutline

Networked and distributed programmingNetworked and distributed programming Security issues with networked and Security issues with networked and

distributed programmingdistributed programming Client-server modelClient-server model Sockets based programmingSockets based programming RPC, RMI, and CORBARPC, RMI, and CORBA Secure networked and distributed Secure networked and distributed

programmingprogramming

3

Networked and distributed programming: Networked and distributed programming: principles principles

Principle 1: choosing proper communication facility Principle 1: choosing proper communication facility for building networked and distributed applications: for building networked and distributed applications: it is a critical part of the software development.it is a critical part of the software development. Sockets, or RPC, or CORBA?Sockets, or RPC, or CORBA?

Principle 2: choosing proper model for client and Principle 2: choosing proper model for client and server to communicate with each other.server to communicate with each other. Client/server model, peer-to-peer, or object-based Client/server model, peer-to-peer, or object-based

model? model? Principle 3: the design of the application must have Principle 3: the design of the application must have

efficiency, high reliability and extendibility:efficiency, high reliability and extendibility: Software has to be efficient, reliable and extendable. Software has to be efficient, reliable and extendable.

4

Security issues with networked and Security issues with networked and distributed programming.distributed programming.

Different communication facility has Different communication facility has different security issues.different security issues.Sockets?Sockets?RPC? RPC? RMI?RMI?CORBA?CORBA?

5


Requirements for efficiency, high reliability Requirements for efficiency, high reliability and ease of extendibility can affect the and ease of extendibility can affect the software security.software security.High efficiency (can make the software High efficiency (can make the software

vulnerable)vulnerable)Reliability (support security)?Reliability (support security)?Easy to extend (may compromise security).Easy to extend (may compromise security).

6


Different communication models can have Different communication models can have different effects on the security of the different effects on the security of the design and implementation, testing, and design and implementation, testing, and maintenance of the software. maintenance of the software. client/server model? client/server model? peer-to-peer? peer-to-peer? object-based model?object-based model?Rendezvous?Rendezvous?

7

Networked and distributed programming: Networked and distributed programming: Client/ServerClient/Server

General communication between a client and a server General communication between a client and a server

8

In general, we can design two types of servers, In general, we can design two types of servers, Stateless serversStateless servers and stateful servers. However and stateful servers. However which one is more secure? :which one is more secure? :

Stateless serversStateless servers::Keeps no information about the state of clientsKeeps no information about the state of clientsCan change its own state without informing Can change its own state without informing

clientsclientsE.g: E.g: http server http server

Networked and distributed programmingNetworked and distributed programming Client/ServerClient/Server

9


Stateful serversStateful servers:: Maintains information about its clientsMaintains information about its clientsCannot arbitrarily change its state because Cannot arbitrarily change its state because

clients depend on itclients depend on itE.g: E.g: ftp serverftp server

10

Stateless servers:Stateless servers: They are more tolerant of failures They are more tolerant of failures Clients can simply retry failed requestsClients can simply retry failed requests Server can restart immediately after a crash with no Server can restart immediately after a crash with no

need for recoveryneed for recovery

How about security?How about security?

Stateful servers:Stateful servers: They can be more efficient, but are less tolerant of They can be more efficient, but are less tolerant of

failuresfailures Knowledge of client state can reduce communication Knowledge of client state can reduce communication

overhead but how about security?overhead but how about security? More suitable for new technologies such as More suitable for new technologies such as wireless wireless networks,networks, handheld deviceshandheld devices


11

Stateless ServersStateless Servers:: Mechanisms such as “Mechanisms such as “cookiescookies” can be used ” can be used

to preserve state in stateless protocols like to preserve state in stateless protocols like HTTPHTTP

Server can store information on client’s Server can store information on client’s machine (such as favorite pages, passwords, machine (such as favorite pages, passwords, session identifiers)session identifiers)

Client sends this information to server when Client sends this information to server when it makes a requestit makes a request


12

Multi-threaded ClientsMulti-threaded Clients

new thread-c2

main thread

client

new thread-c1

com. with the server

doing other task

13

Multi-threaded ClientsMulti-threaded Clients

Primary FunctionPrimary Function: hide communication latencies : hide communication latencies by doing other things while waiting for messages by doing other things while waiting for messages to get throughto get through

ExampleExample: Web Browser: Web Browser Fetches HTML page, starts rendering it while data Fetches HTML page, starts rendering it while data

is still being read on the network connectionis still being read on the network connection Multiple threads fetch images and other page Multiple threads fetch images and other page

components concurrentlycomponents concurrently Multiple open connections (two browsers loading Multiple open connections (two browsers loading

pages, downloading files from multiple sites, etc.)pages, downloading files from multiple sites, etc.)

14

Multi-threaded ServersMulti-threaded Servers

15

Multi-threaded ServersMulti-threaded Servers

Primary FunctionPrimary Function: exploit parallelism (see the : exploit parallelism (see the example of this week) example of this week)

Can design server’s threads as sequential Can design server’s threads as sequential programs or threads can be designed to run programs or threads can be designed to run concurrentlyconcurrently

ExampleExample: Web Server: Web Server One thread listens on port 80, and hands off One thread listens on port 80, and hands off

requests to other threads that serve files from diskrequests to other threads that serve files from disk

16

Multi-client ServerMulti-client ServerServer

new thread s1to serve client1

new thread s2 to serve client2

main thread

com. with client1

com. with client2

17

Multithreaded Client/Multiclient ServerMultithreaded Client/Multiclient Server

Server

new thread-c1 new thread s1to serve client1

new thread s2 to serve client2client2

new thread-c2

main thread

client1

main threaddoing local task

C#1

C#2

18

Server DesignServer DesignIterative vs. ConcurrentIterative vs. Concurrent

IterativeIterative:: Server handles all requests and sends all Server handles all requests and sends all

responses itselfresponses itself Examples: Examples: talktalk What are the security issues?What are the security issues?

ConcurrentConcurrent:: Server passes requests to separate threads or Server passes requests to separate threads or

other processesother processes Examples: Examples: http, ftp, telnethttp, ftp, telnet What are the security issues?What are the security issues?

19

Many services have pre-assigned endpointsMany services have pre-assigned endpoints Most of these services aren’t used very Most of these services aren’t used very

frequently: frequently: echoecho, , daytimedaytime, , etcetc.. It’s more efficient to have a single “It’s more efficient to have a single “superserversuperserver” ”

((inetinet on most UNIX-like systems) listen to all on most UNIX-like systems) listen to all these endpoints than to have a separate server these endpoints than to have a separate server process for each of themprocess for each of them

Server Design – Super ServerServer Design – Super Server

What are the security issues of this design?

20

Server Design - Super ServerServer Design - Super Server

Other server

Daytime server

Echo serverMain serverinetd

client2

client3

client1

21

Multi-client/server - Server (e.g.)Multi-client/server - Server (e.g.)

import java.net.*; import java.io.*;public class M_Server { public static void main(String[] args) throws IOException { ServerSocket serverSocket = null; boolean listening = true; try { serverSocket = new ServerSocket(5100); } catch (IOException e) {/* handle exception */ } while (listening) /* while true */ { Socket newsock = serverSocket.accept(); HandleCRThread t = new HandleCRThread(newsock); t.start(); } serverSocket.close();} /* end main */ }

22

HandleCRThreadHandleCRThread (e.g.)(e.g.)

// thread class to handle client’s requestimport java.net.*;import java.io.*;

public class HandleCRThread extends Thread { private Socket socket = null;

public HandleCRThread(Socket s) { super("HandleClientRequestThread"); socket = s; }

23

HandleCRThread (eg)HandleCRThread (eg) (con’t) (con’t)

public void run() {// run method of HandleCRThread class try { PrintWriter out = …(socket.getOutputStream(), true); BufferedReader in = …( socket.getInputStream())); ProcessClientRequest hc = new ProcessClientRequest(); String inputLine, outputLine; while ((inputLine = in.readLine()) != null) { outputLine = hc.processRequest(inputLine); out.println(outputLine); if (outputLine.equals("BYE")) break; } out.close(); in.close(); socket.close(); } catch (IOException e) { e.printStackTrace(); } }}

24

ProcessClientRequest (eg)ProcessClientRequest (eg)

// converts a string of chars to uppercasepublic class ProcessClientRequest { private String req; public String processRequest(String rq) { req = rq; if (req.equals("END")) return "BYE"; else return (req.toUpperCase()); }}

25

Multi-client/Server-Client (eg)Multi-client/Server-Client (eg)import java.io.*; import java.net.*;public class M_Client { public static void main(String[] args) throws IOException { Socket clientSocket = null; PrintWriter out = null; BufferedReader in = null; try { clientSocket = new Socket("venus", 5100); out = new …(clientSocket.getOutputStream(), true); in = new …(clientSocket.getInputStream())); } catch (UnknownHostException e) {/* handle error */ } } catch (IOException e) {/* handle error */ } BufferedReader stdIn = new …(System.in)); String fromServer; String fromUser;

26

Client (eg)-con’tClient (eg)-con’t

while ((fromServer = in.readLine()) != null) { System.out.println("Server: " + fromServer); if (fromServer.equals("BYE")) break; fromUser = stdIn.readLine(); if (fromUser != null) { System.out.println("Client: " + fromUser); out.println(fromUser); } } out.close(); in.close(); stdIn.close(); clientSocket.close(); }}

27

RMI – RO (interface) (e.g.)RMI – RO (interface) (e.g.)

import java.rmi.*;import java.rmi.*;

interface RO extends Remoteinterface RO extends Remote

{{

public String processRequest(String inStr) public String processRequest(String inStr) throws RemoteException;throws RemoteException;

}}

28

RMI – ROImpl (e.g.)RMI – ROImpl (e.g.)

import java.rmi.*;import java.rmi.*;import java.rmi.server.*;import java.rmi.server.*;import java.io.*;import java.io.*;public class public class ROImpl ROImpl extends UnicastRemoteObject extends UnicastRemoteObject

implements RO, Serializable {implements RO, Serializable { public ROImpl() throws RemoteException { public ROImpl() throws RemoteException { /* constructor */ }/* constructor */ } public String public String processRequestprocessRequest(String inStr) throws(String inStr) throws RemoteException {RemoteException { String outStr = inStr;String outStr = inStr; return (outStr.toUpperCase());return (outStr.toUpperCase()); }}}}

29

RMI – RemoteServer (e.g.)RMI – RemoteServer (e.g.)

import java.rmi.*;import java.rmi.*;import java.rmi.registry.*;import java.rmi.registry.*;public class public class RemoteServerRemoteServer { { public static void main(String args[]) { public static void main(String args[]) { System.setSecurityManager(new RMISecurityManager() ); System.setSecurityManager(new RMISecurityManager() ); try{ //create the remote objecttry{ //create the remote object

ROImplROImpl roro = new = new ROImplROImpl();(); RegistryRegistry reg = reg = LocateRegistry.createRegistryLocateRegistry.createRegistry(6789); (6789);

reg.bindreg.bind("("myROmyRO", ", roro);); } catch(Exception e) { System.out.println("Error:" + e); }} catch(Exception e) { System.out.println("Error:" + e); } } //end main} //end main}}

30

RMI- RemoteClient (e.g.)RMI- RemoteClient (e.g.)

import java.io.*; import java.rmi.*; import java.rmi.registry.*;import java.io.*; import java.rmi.*; import java.rmi.registry.*;public class RemoteClient {public class RemoteClient { public static void main(String[] args) { public static void main(String[] args) { String inputStr , result;String inputStr , result; System.setSecurityManager(new RMISecurityManager() );System.setSecurityManager(new RMISecurityManager() ); try { try { RORO refROrefRO = = ((RORO) ) Naming.lookupNaming.lookup("rmi://"+args[0]+":6789/("rmi://"+args[0]+":6789/myROmyRO");"); BufferedReader stdIn = new BufferedReader(newBufferedReader stdIn = new BufferedReader(new InputStreamReader(System.in));InputStreamReader(System.in)); whilewhile ((inputStr = stdIn.readLine()) != null) { ((inputStr = stdIn.readLine()) != null) {

result = result = refROrefRO..processRequestprocessRequest( inputStr);( inputStr); System.out.println("Result = " + result);System.out.println("Result = " + result); } /* end while */ } /* end while */ } catch(Exception e) { System.out.println(e); }} catch(Exception e) { System.out.println(e); } } /*end main */ } /* end remote client */} /*end main */ } /* end remote client */

31

Concurrent Programming with Sockets, Concurrent Programming with Sockets, RPC or RMIRPC or RMI

When design and implement networked and distributed When design and implement networked and distributed applications, consider:applications, consider:Flexibility – sockets may be the choiceFlexibility – sockets may be the choicePortability – RPC & RMI may be the choicePortability – RPC & RMI may be the choiceInteroperability - may consider CORBA and Interoperability - may consider CORBA and

DCOMDCOMHow about security? Which one does offer How about security? Which one does offer

realatively better security?realatively better security?

32

Concurrent Programming with Concurrent Programming with Client/Server ModelClient/Server Model

Many factors should be carefully considered in the design and Many factors should be carefully considered in the design and implementation of Client/Server applicationsimplementation of Client/Server applications

Consider the main functionality of the server and its services Consider the main functionality of the server and its services during the design:during the design: Is the server going to provide services to wireless Is the server going to provide services to wireless

computers; handheld computers; video transmission, computers; handheld computers; video transmission, etc? etc?

Consider potential problems:Consider potential problems: What would happen if you locked a synchronized section What would happen if you locked a synchronized section

on an object object_T, made a remote call, passing on an object object_T, made a remote call, passing object_T to the server, and then the server made a object_T to the server, and then the server made a synchronized call back on object_T?synchronized call back on object_T?

Consider other factors:Consider other factors: ExpandabilityExpandability Crash recovery, etcCrash recovery, etc

33

Distributed systemsDistributed systems

34

Why build distributed systemsWhy build distributed systems

In a distributed system, processing activities may be located In a distributed system, processing activities may be located on more than one computer and the computers communicate on more than one computer and the computers communicate over a network in order to perform joint tasksover a network in order to perform joint tasks

Workstations provide users with local processing power Workstations provide users with local processing power enabling them to perform interactive tasks more efficiently enabling them to perform interactive tasks more efficiently than a time shared system.than a time shared system.

In a distributed system, users can share information and In a distributed system, users can share information and resources more effectively and efficiently.resources more effectively and efficiently.

Distributed systems provide better replication and availability Distributed systems provide better replication and availability – several copies can be maintained on several servers – several copies can be maintained on several servers automatically – and when one component fails the others automatically – and when one component fails the others may continuemay continue

35

Why Use Remote Procedure CallWhy Use Remote Procedure Call

Programming with sockets needs to take care of all the Programming with sockets needs to take care of all the differences of computer architectures (such as byte-order) differences of computer architectures (such as byte-order) and the underlying operating systems (Windows or Unix)and the underlying operating systems (Windows or Unix)

The use of RPC facilitates the building of distributed The use of RPC facilitates the building of distributed applications by extending the applications by extending the traditional procedure traditional procedure callscalls

RPC removes concerns for the communication RPC removes concerns for the communication mechanisms (a call can be made without worrying about mechanisms (a call can be made without worrying about the transport layer), and hardware differences (computers the transport layer), and hardware differences (computers can have different byte orders –left-to-right or right-to-left) can have different byte orders –left-to-right or right-to-left)

Provides transparent procedure calls on different Provides transparent procedure calls on different computers without worrying about their architectures, OSs computers without worrying about their architectures, OSs or without knowing their locations (make remote calls as or without knowing their locations (make remote calls as local ones)local ones)

36

Remote Procedure Call (RPC)Remote Procedure Call (RPC)

To allow a program to call procedures To allow a program to call procedures (methods) on another computer as the (methods) on another computer as the local onelocal one

Computer A Computer B

calls procedure

(suspended)

resumes

executes procedurereturns

request message

reply message

serverclient

37

Remote Procedure CallRemote Procedure Call

RPC Flow of ExecutionRPC Flow of Execution

Caller

Stub

Local OS

Callee

Stub

Remote OS

Local Process /client Remote Process / server

network communication

38

RPC Client/Server ApplicationsRPC Client/Server Applications

1. Client calls a 1. Client calls a local procedurelocal procedure on the client stub (the actual on the client stub (the actual procedure is on the server site)procedure is on the server site)

2. The client stub packages the call and the args.2. The client stub packages the call and the args.3. The client stub sends this to the remote system (via TCP/UDP)3. The client stub sends this to the remote system (via TCP/UDP)4. The server stub unpacks the call and args from the client4. The server stub unpacks the call and args from the client5. The server stub calls the 5. The server stub calls the actual procedureactual procedure on the server on the server6. The server stub packages the reply and sends it back to the 6. The server stub packages the reply and sends it back to the

clientclient

39

RPC softwareRPC software

The RPC software that supports remote The RPC software that supports remote procedure calling has three main tasks:procedure calling has three main tasks:Taking the arguments and results of a Taking the arguments and results of a

procedure call, assembling them into a form procedure call, assembling them into a form suitable for transmission across a network suitable for transmission across a network ((marshallingmarshalling) – dispatching them - and ) – dispatching them - and disassembling the results on arrivaldisassembling the results on arrival

Combining the RPC modules with client and Combining the RPC modules with client and server programs in conventional languagesserver programs in conventional languages

Transmitting request messages and reply Transmitting request messages and reply messages using a message passing protocolmessages using a message passing protocol

40

RPC Client/ServerRPC Client/Server

Server binding Server binding Locating and setting up communication between the Locating and setting up communication between the

server and the client – server and client are on server and the client – server and client are on different hosts, therefore this needs to be done.different hosts, therefore this needs to be done.

Interface definition language (IDL)Interface definition language (IDL) Used to define an interface, that the server Used to define an interface, that the server

implements and a client calls. IDL helps overcome implements and a client calls. IDL helps overcome the differences between platforms (hardware and the differences between platforms (hardware and software)software)

Marshalling Marshalling Packaging the client arguments into one or more Packaging the client arguments into one or more

network messages for proper communication network messages for proper communication

41

Example: Writing a client and a server (1)Example: Writing a client and a server (1)

/* interface.x *//* Example Interface Definition */struct square_in { long arg;};

struct square_out { long result;};

program SQUARE_PROG { version SQUARE_VERS { square_out SQUAREPROC( square_in ) = 1; /* Procedure number = 1 */ } = 1; /* Version number = 1 */} = 0x12300000; /* program number */

Source: R. Stevens, Unix Network Programming (IPC) Vol 2, 1998

42


interface.x

rpcgen

interface.h

Client Main interface_clnt.c(client stub)

interface_xdr.c interface_svc.c(Server stub)

Server.c

Runtime lib

Client Server


43


/* Server */square_out * squareproc_1_svc( square_in *inp,

struct svc_req *req ){ static square_out outp; outp.result = inp->arg * inp->arg; return (&outp);}

/* Client */

CLIENT *cl;square_in inp;square_out *outp;

/* Client creation */cl = clnt_create( argv[1], SQUARE_PROG, SQUARE_VERS, "tcp" ); inp.arg = 100L; outp = (square_out *)squareproc_1( &inp, cl ); printf( "Result: %ld\n", outp->result );


44

RPC BindingRPC Binding

Server bindingServer binding Locating and setting up communication between the Locating and setting up communication between the

server and the clientserver and the client portmapportmap or RPCbind or RPCbind

A local directory serviceA local directory service Server program registers with Server program registers with portmapportmap with with program program

numbernumber and and versionversion.. clnt_createclnt_create contacts the contacts the portmapportmap with with program numberprogram number, ,

version infoversion info and and protocol typeprotocol type (tcp/udp) to get port (tcp/udp) to get port number (or end point), the server’s port value.number (or end point), the server’s port value.

45

VariantsVariants

Sun RPC or Open Network Computing (ONC) RPCSun RPC or Open Network Computing (ONC) RPC Originally built over the Sockets API with support Originally built over the Sockets API with support

for TCP and UDPfor TCP and UDP Commonly used in Sun’s network file system (NFS)Commonly used in Sun’s network file system (NFS)

Open software foundation’s Distributed Open software foundation’s Distributed Computing Environment (DCE) RPCComputing Environment (DCE) RPC More generic specification for the RPC. More generic specification for the RPC. Object based implementation derived from DCE Object based implementation derived from DCE

RPC RPC Example of Distributed Object systems: Example of Distributed Object systems:

CORBA, DCOM, RMI,.NET CORBA, DCOM, RMI,.NET

46

Why Use Remote Method Invocation (RMI)Why Use Remote Method Invocation (RMI)Java ONLYJava ONLY

Sockets and RPC can be used to build distributed Sockets and RPC can be used to build distributed applications, however they are not object-oriented applications, however they are not object-oriented and hence more work is required to build object-and hence more work is required to build object-oriented distributed applicationsoriented distributed applications Socket is considered low level, RPC offers higher level of Socket is considered low level, RPC offers higher level of

communication, and RMI offers object-oriented communication, and RMI offers object-oriented communicationcommunication

RMI can be thought of as an extension of RPC to RMI can be thought of as an extension of RPC to provide a better means for building distributed provide a better means for building distributed applicationsapplications RPC supports traditional procedural programming style RPC supports traditional procedural programming style

(parameters to RPC are ordinary data structures - not (parameters to RPC are ordinary data structures - not objects) objects)

RMI supports object-oriented programming style RMI supports object-oriented programming style (parameters to RMI are objects)(parameters to RMI are objects)

47

Remote Method Invocation (RMI)Remote Method Invocation (RMI)Java ONLYJava ONLY

ClientClientClientClient ServerServerServerServer

StubStubStubStub Skeleton (opt)Skeleton (opt)Skeleton (opt)Skeleton (opt)

Remote ReferenceRemote ReferenceRemote ReferenceRemote Reference Server Remote ReferenceServer Remote ReferenceServer Remote ReferenceServer Remote Reference

Transport Layer (RMIregistry aids this)Transport Layer (RMIregistry aids this)Transport Layer (RMIregistry aids this)Transport Layer (RMIregistry aids this)

48

Distributed Programming with CORBADistributed Programming with CORBA

Developers use CORBA (Common Object Request Broker Developers use CORBA (Common Object Request Broker Architecture) to build distributed applications.Architecture) to build distributed applications. It is distributed client-server computing facility. It is distributed client-server computing facility. It uses message-passing systems and most commonly It uses message-passing systems and most commonly

found in UNIX-based environments. found in UNIX-based environments. The idea behind CORBA is a software intermediary (Object The idea behind CORBA is a software intermediary (Object

Broker) that handles and disperses access requests on data Broker) that handles and disperses access requests on data sets.sets.

CORBA uses IDL in a similar way as RPC.CORBA uses IDL in a similar way as RPC. Distributed Programming with CORBA is Object-Oriented and Distributed Programming with CORBA is Object-Oriented and

simpler than RPC.simpler than RPC.

49

CORBACORBA

OMG IDL is a purely declarative language OMG IDL is a purely declarative language designed for specifying programming-designed for specifying programming-language-independent operational language-independent operational interfaces for distributed applications. OMG interfaces for distributed applications. OMG specifies a specifies a mapping mapping from IDL to several from IDL to several different programming languages, including different programming languages, including C, C++, Smalltalk, COBOL, Ada, and Java. C, C++, Smalltalk, COBOL, Ada, and Java. When mapped, each statement in OMG IDL When mapped, each statement in OMG IDL is translated to a corresponding statement is translated to a corresponding statement in the programming language of choice. in the programming language of choice.

50

CORBA programming with JavaCORBA programming with Java

Borrowed from Marc Conrad

51

CORBA based applications and securityCORBA based applications and security

The The Object Request Broker (ORB) Object Request Broker (ORB) is itself an is itself an object which provides the services for object which provides the services for accessing remote objects and transmitting accessing remote objects and transmitting data.data.

The implementation of the ORB depends on The implementation of the ORB depends on the specific vendor. The CORBA standard the specific vendor. The CORBA standard only defines the interface. This makes it only defines the interface. This makes it very difficult for secure software engineers very difficult for secure software engineers to design, implement, and test distributed to design, implement, and test distributed applications.applications.

52

Remarks on networked and distributed Remarks on networked and distributed programmingprogramming

Socket programming is more suitable for building low level Socket programming is more suitable for building low level networked applicationsnetworked applications

RPC is a better means for building distributed applications. RPC is a better means for building distributed applications. However it is not object-oriented However it is not object-oriented

RMI (Java only) supports object-oriented programming but RMI (Java only) supports object-oriented programming but it is more language-specific and hence other technologies it is more language-specific and hence other technologies such as CORBA should be used for software construction such as CORBA should be used for software construction from different programming languages.from different programming languages.

Sockets and RPC are basically based on message passing. Sockets and RPC are basically based on message passing. However, software developers should master sockets and However, software developers should master sockets and RPC to be able to fully utilise the power of network RPC to be able to fully utilise the power of network programming.programming.

Programmers can build concurrent programs in networked Programmers can build concurrent programs in networked and distributed environments with Sockets and RPC to and distributed environments with Sockets and RPC to achieve better performance and flexibility.achieve better performance and flexibility.

53

Remarks on networked and distributed Remarks on networked and distributed programming securityprogramming security

Socket programming is more difficult but when you have Socket programming is more difficult but when you have mastered it, it is a better choice for secure software mastered it, it is a better choice for secure software development.development.

Date post:	21-Dec-2015
Category:	Documents
View:	215 times
Download:	1 times

FIT3056 Secure and Trusted software systems Lecture 07 Secure networked and distributed programming.

Documents