Date post: | 21-Dec-2015 |
Category: |
Documents |
View: | 215 times |
Download: | 1 times |
FIT3056 FIT3056 Secure and Trusted software systemsSecure and Trusted software systems
Lecture 07Lecture 07Secure networked and distributed Secure networked and distributed
programmingprogramming
2
OutlineOutline
Networked and distributed programmingNetworked and distributed programming Security issues with networked and Security issues with networked and
distributed programmingdistributed programming Client-server modelClient-server model Sockets based programmingSockets based programming RPC, RMI, and CORBARPC, RMI, and CORBA Secure networked and distributed Secure networked and distributed
programmingprogramming
3
Networked and distributed programming: Networked and distributed programming: principles principles
Principle 1: choosing proper communication facility Principle 1: choosing proper communication facility for building networked and distributed applications: for building networked and distributed applications: it is a critical part of the software development.it is a critical part of the software development. Sockets, or RPC, or CORBA?Sockets, or RPC, or CORBA?
Principle 2: choosing proper model for client and Principle 2: choosing proper model for client and server to communicate with each other.server to communicate with each other. Client/server model, peer-to-peer, or object-based Client/server model, peer-to-peer, or object-based
model? model? Principle 3: the design of the application must have Principle 3: the design of the application must have
efficiency, high reliability and extendibility:efficiency, high reliability and extendibility: Software has to be efficient, reliable and extendable. Software has to be efficient, reliable and extendable.
4
Security issues with networked and Security issues with networked and distributed programming.distributed programming.
Different communication facility has Different communication facility has different security issues.different security issues.Sockets?Sockets?RPC? RPC? RMI?RMI?CORBA?CORBA?
5
Security issues with networked and Security issues with networked and distributed programming.distributed programming.
Requirements for efficiency, high reliability Requirements for efficiency, high reliability and ease of extendibility can affect the and ease of extendibility can affect the software security.software security.High efficiency (can make the software High efficiency (can make the software
vulnerable)vulnerable)Reliability (support security)?Reliability (support security)?Easy to extend (may compromise security).Easy to extend (may compromise security).
6
Security issues with networked and Security issues with networked and distributed programming.distributed programming.
Different communication models can have Different communication models can have different effects on the security of the different effects on the security of the design and implementation, testing, and design and implementation, testing, and maintenance of the software. maintenance of the software. client/server model? client/server model? peer-to-peer? peer-to-peer? object-based model?object-based model?Rendezvous?Rendezvous?
7
Networked and distributed programming: Networked and distributed programming: Client/ServerClient/Server
General communication between a client and a server General communication between a client and a server
8
In general, we can design two types of servers, In general, we can design two types of servers, Stateless serversStateless servers and stateful servers. However and stateful servers. However which one is more secure? :which one is more secure? :
Stateless serversStateless servers::Keeps no information about the state of clientsKeeps no information about the state of clientsCan change its own state without informing Can change its own state without informing
clientsclientsE.g: E.g: http server http server
Networked and distributed programmingNetworked and distributed programming Client/ServerClient/Server
9
Networked and distributed programmingNetworked and distributed programming Client/ServerClient/Server
Stateful serversStateful servers:: Maintains information about its clientsMaintains information about its clientsCannot arbitrarily change its state because Cannot arbitrarily change its state because
clients depend on itclients depend on itE.g: E.g: ftp serverftp server
10
Stateless servers:Stateless servers: They are more tolerant of failures They are more tolerant of failures Clients can simply retry failed requestsClients can simply retry failed requests Server can restart immediately after a crash with no Server can restart immediately after a crash with no
need for recoveryneed for recovery
How about security?How about security?
Stateful servers:Stateful servers: They can be more efficient, but are less tolerant of They can be more efficient, but are less tolerant of
failuresfailures Knowledge of client state can reduce communication Knowledge of client state can reduce communication
overhead but how about security?overhead but how about security? More suitable for new technologies such as More suitable for new technologies such as wireless wireless networks,networks, handheld deviceshandheld devices
Networked and distributed programmingNetworked and distributed programming Client/ServerClient/Server
11
Stateless ServersStateless Servers:: Mechanisms such as “Mechanisms such as “cookiescookies” can be used ” can be used
to preserve state in stateless protocols like to preserve state in stateless protocols like HTTPHTTP
Server can store information on client’s Server can store information on client’s machine (such as favorite pages, passwords, machine (such as favorite pages, passwords, session identifiers)session identifiers)
Client sends this information to server when Client sends this information to server when it makes a requestit makes a request
Networked and distributed programmingNetworked and distributed programming Client/ServerClient/Server
12
Multi-threaded ClientsMulti-threaded Clients
new thread-c2
main thread
client
new thread-c1
com. with the server
doing other task
13
Multi-threaded ClientsMulti-threaded Clients
Primary FunctionPrimary Function: hide communication latencies : hide communication latencies by doing other things while waiting for messages by doing other things while waiting for messages to get throughto get through
ExampleExample: Web Browser: Web Browser Fetches HTML page, starts rendering it while data Fetches HTML page, starts rendering it while data
is still being read on the network connectionis still being read on the network connection Multiple threads fetch images and other page Multiple threads fetch images and other page
components concurrentlycomponents concurrently Multiple open connections (two browsers loading Multiple open connections (two browsers loading
pages, downloading files from multiple sites, etc.)pages, downloading files from multiple sites, etc.)
14
Multi-threaded ServersMulti-threaded Servers
15
Multi-threaded ServersMulti-threaded Servers
Primary FunctionPrimary Function: exploit parallelism (see the : exploit parallelism (see the example of this week) example of this week)
Can design server’s threads as sequential Can design server’s threads as sequential programs or threads can be designed to run programs or threads can be designed to run concurrentlyconcurrently
ExampleExample: Web Server: Web Server One thread listens on port 80, and hands off One thread listens on port 80, and hands off
requests to other threads that serve files from diskrequests to other threads that serve files from disk
16
Multi-client ServerMulti-client ServerServer
new thread s1to serve client1
new thread s2 to serve client2
main thread
com. with client1
com. with client2
17
Multithreaded Client/Multiclient ServerMultithreaded Client/Multiclient Server
Server
new thread-c1 new thread s1to serve client1
new thread s2 to serve client2client2
new thread-c2
main thread
client1
main threaddoing local task
C#1
C#2
18
Server DesignServer DesignIterative vs. ConcurrentIterative vs. Concurrent
IterativeIterative:: Server handles all requests and sends all Server handles all requests and sends all
responses itselfresponses itself Examples: Examples: talktalk What are the security issues?What are the security issues?
ConcurrentConcurrent:: Server passes requests to separate threads or Server passes requests to separate threads or
other processesother processes Examples: Examples: http, ftp, telnethttp, ftp, telnet What are the security issues?What are the security issues?
19
Many services have pre-assigned endpointsMany services have pre-assigned endpoints Most of these services aren’t used very Most of these services aren’t used very
frequently: frequently: echoecho, , daytimedaytime, , etcetc.. It’s more efficient to have a single “It’s more efficient to have a single “superserversuperserver” ”
((inetinet on most UNIX-like systems) listen to all on most UNIX-like systems) listen to all these endpoints than to have a separate server these endpoints than to have a separate server process for each of themprocess for each of them
Server Design – Super ServerServer Design – Super Server
What are the security issues of this design?
20
Server Design - Super ServerServer Design - Super Server
Other server
Daytime server
Echo serverMain serverinetd
client2
client3
client1
21
Multi-client/server - Server (e.g.)Multi-client/server - Server (e.g.)
import java.net.*; import java.io.*;public class M_Server { public static void main(String[] args) throws IOException { ServerSocket serverSocket = null; boolean listening = true; try { serverSocket = new ServerSocket(5100); } catch (IOException e) {/* handle exception */ } while (listening) /* while true */ { Socket newsock = serverSocket.accept(); HandleCRThread t = new HandleCRThread(newsock); t.start(); } serverSocket.close();} /* end main */ }
22
HandleCRThreadHandleCRThread (e.g.)(e.g.)
// thread class to handle client’s requestimport java.net.*;import java.io.*;
public class HandleCRThread extends Thread { private Socket socket = null;
public HandleCRThread(Socket s) { super("HandleClientRequestThread"); socket = s; }
23
HandleCRThread (eg)HandleCRThread (eg) (con’t) (con’t)
public void run() {// run method of HandleCRThread class try { PrintWriter out = …(socket.getOutputStream(), true); BufferedReader in = …( socket.getInputStream())); ProcessClientRequest hc = new ProcessClientRequest(); String inputLine, outputLine; while ((inputLine = in.readLine()) != null) { outputLine = hc.processRequest(inputLine); out.println(outputLine); if (outputLine.equals("BYE")) break; } out.close(); in.close(); socket.close(); } catch (IOException e) { e.printStackTrace(); } }}
24
ProcessClientRequest (eg)ProcessClientRequest (eg)
// converts a string of chars to uppercasepublic class ProcessClientRequest { private String req; public String processRequest(String rq) { req = rq; if (req.equals("END")) return "BYE"; else return (req.toUpperCase()); }}
25
Multi-client/Server-Client (eg)Multi-client/Server-Client (eg)import java.io.*; import java.net.*;public class M_Client { public static void main(String[] args) throws IOException { Socket clientSocket = null; PrintWriter out = null; BufferedReader in = null; try { clientSocket = new Socket("venus", 5100); out = new …(clientSocket.getOutputStream(), true); in = new …(clientSocket.getInputStream())); } catch (UnknownHostException e) {/* handle error */ } } catch (IOException e) {/* handle error */ } BufferedReader stdIn = new …(System.in)); String fromServer; String fromUser;
26
Client (eg)-con’tClient (eg)-con’t
while ((fromServer = in.readLine()) != null) { System.out.println("Server: " + fromServer); if (fromServer.equals("BYE")) break; fromUser = stdIn.readLine(); if (fromUser != null) { System.out.println("Client: " + fromUser); out.println(fromUser); } } out.close(); in.close(); stdIn.close(); clientSocket.close(); }}
27
RMI – RO (interface) (e.g.)RMI – RO (interface) (e.g.)
import java.rmi.*;import java.rmi.*;
interface RO extends Remoteinterface RO extends Remote
{{
public String processRequest(String inStr) public String processRequest(String inStr) throws RemoteException;throws RemoteException;
}}
28
RMI – ROImpl (e.g.)RMI – ROImpl (e.g.)
import java.rmi.*;import java.rmi.*;import java.rmi.server.*;import java.rmi.server.*;import java.io.*;import java.io.*;public class public class ROImpl ROImpl extends UnicastRemoteObject extends UnicastRemoteObject
implements RO, Serializable {implements RO, Serializable { public ROImpl() throws RemoteException { public ROImpl() throws RemoteException { /* constructor */ }/* constructor */ } public String public String processRequestprocessRequest(String inStr) throws(String inStr) throws RemoteException {RemoteException { String outStr = inStr;String outStr = inStr; return (outStr.toUpperCase());return (outStr.toUpperCase()); }}}}
29
RMI – RemoteServer (e.g.)RMI – RemoteServer (e.g.)
import java.rmi.*;import java.rmi.*;import java.rmi.registry.*;import java.rmi.registry.*;public class public class RemoteServerRemoteServer { { public static void main(String args[]) { public static void main(String args[]) { System.setSecurityManager(new RMISecurityManager() ); System.setSecurityManager(new RMISecurityManager() ); try{ //create the remote objecttry{ //create the remote object
ROImplROImpl roro = new = new ROImplROImpl();(); RegistryRegistry reg = reg = LocateRegistry.createRegistryLocateRegistry.createRegistry(6789); (6789);
reg.bindreg.bind("("myROmyRO", ", roro);); } catch(Exception e) { System.out.println("Error:" + e); }} catch(Exception e) { System.out.println("Error:" + e); } } //end main} //end main}}
30
RMI- RemoteClient (e.g.)RMI- RemoteClient (e.g.)
import java.io.*; import java.rmi.*; import java.rmi.registry.*;import java.io.*; import java.rmi.*; import java.rmi.registry.*;public class RemoteClient {public class RemoteClient { public static void main(String[] args) { public static void main(String[] args) { String inputStr , result;String inputStr , result; System.setSecurityManager(new RMISecurityManager() );System.setSecurityManager(new RMISecurityManager() ); try { try { RORO refROrefRO = = ((RORO) ) Naming.lookupNaming.lookup("rmi://"+args[0]+":6789/("rmi://"+args[0]+":6789/myROmyRO");"); BufferedReader stdIn = new BufferedReader(newBufferedReader stdIn = new BufferedReader(new InputStreamReader(System.in));InputStreamReader(System.in)); whilewhile ((inputStr = stdIn.readLine()) != null) { ((inputStr = stdIn.readLine()) != null) {
result = result = refROrefRO..processRequestprocessRequest( inputStr);( inputStr); System.out.println("Result = " + result);System.out.println("Result = " + result); } /* end while */ } /* end while */ } catch(Exception e) { System.out.println(e); }} catch(Exception e) { System.out.println(e); } } /*end main */ } /* end remote client */} /*end main */ } /* end remote client */
31
Concurrent Programming with Sockets, Concurrent Programming with Sockets, RPC or RMIRPC or RMI
When design and implement networked and distributed When design and implement networked and distributed applications, consider:applications, consider:Flexibility – sockets may be the choiceFlexibility – sockets may be the choicePortability – RPC & RMI may be the choicePortability – RPC & RMI may be the choiceInteroperability - may consider CORBA and Interoperability - may consider CORBA and
DCOMDCOMHow about security? Which one does offer How about security? Which one does offer
realatively better security?realatively better security?
32
Concurrent Programming with Concurrent Programming with Client/Server ModelClient/Server Model
Many factors should be carefully considered in the design and Many factors should be carefully considered in the design and implementation of Client/Server applicationsimplementation of Client/Server applications
Consider the main functionality of the server and its services Consider the main functionality of the server and its services during the design:during the design: Is the server going to provide services to wireless Is the server going to provide services to wireless
computers; handheld computers; video transmission, computers; handheld computers; video transmission, etc? etc?
Consider potential problems:Consider potential problems: What would happen if you locked a synchronized section What would happen if you locked a synchronized section
on an object object_T, made a remote call, passing on an object object_T, made a remote call, passing object_T to the server, and then the server made a object_T to the server, and then the server made a synchronized call back on object_T?synchronized call back on object_T?
Consider other factors:Consider other factors: ExpandabilityExpandability Crash recovery, etcCrash recovery, etc
33
Distributed systemsDistributed systems
34
Why build distributed systemsWhy build distributed systems
In a distributed system, processing activities may be located In a distributed system, processing activities may be located on more than one computer and the computers communicate on more than one computer and the computers communicate over a network in order to perform joint tasksover a network in order to perform joint tasks
Workstations provide users with local processing power Workstations provide users with local processing power enabling them to perform interactive tasks more efficiently enabling them to perform interactive tasks more efficiently than a time shared system.than a time shared system.
In a distributed system, users can share information and In a distributed system, users can share information and resources more effectively and efficiently.resources more effectively and efficiently.
Distributed systems provide better replication and availability Distributed systems provide better replication and availability – several copies can be maintained on several servers – several copies can be maintained on several servers automatically – and when one component fails the others automatically – and when one component fails the others may continuemay continue
35
Why Use Remote Procedure CallWhy Use Remote Procedure Call
Programming with sockets needs to take care of all the Programming with sockets needs to take care of all the differences of computer architectures (such as byte-order) differences of computer architectures (such as byte-order) and the underlying operating systems (Windows or Unix)and the underlying operating systems (Windows or Unix)
The use of RPC facilitates the building of distributed The use of RPC facilitates the building of distributed applications by extending the applications by extending the traditional procedure traditional procedure callscalls
RPC removes concerns for the communication RPC removes concerns for the communication mechanisms (a call can be made without worrying about mechanisms (a call can be made without worrying about the transport layer), and hardware differences (computers the transport layer), and hardware differences (computers can have different byte orders –left-to-right or right-to-left) can have different byte orders –left-to-right or right-to-left)
Provides transparent procedure calls on different Provides transparent procedure calls on different computers without worrying about their architectures, OSs computers without worrying about their architectures, OSs or without knowing their locations (make remote calls as or without knowing their locations (make remote calls as local ones)local ones)
36
Remote Procedure Call (RPC)Remote Procedure Call (RPC)
To allow a program to call procedures To allow a program to call procedures (methods) on another computer as the (methods) on another computer as the local onelocal one
Computer A Computer B
calls procedure
(suspended)
resumes
executes procedurereturns
request message
reply message
serverclient
37
Remote Procedure CallRemote Procedure Call
RPC Flow of ExecutionRPC Flow of Execution
Caller
Stub
Local OS
Callee
Stub
Remote OS
Local Process /client Remote Process / server
network communication
38
RPC Client/Server ApplicationsRPC Client/Server Applications
1. Client calls a 1. Client calls a local procedurelocal procedure on the client stub (the actual on the client stub (the actual procedure is on the server site)procedure is on the server site)
2. The client stub packages the call and the args.2. The client stub packages the call and the args.3. The client stub sends this to the remote system (via TCP/UDP)3. The client stub sends this to the remote system (via TCP/UDP)4. The server stub unpacks the call and args from the client4. The server stub unpacks the call and args from the client5. The server stub calls the 5. The server stub calls the actual procedureactual procedure on the server on the server6. The server stub packages the reply and sends it back to the 6. The server stub packages the reply and sends it back to the
clientclient
39
RPC softwareRPC software
The RPC software that supports remote The RPC software that supports remote procedure calling has three main tasks:procedure calling has three main tasks:Taking the arguments and results of a Taking the arguments and results of a
procedure call, assembling them into a form procedure call, assembling them into a form suitable for transmission across a network suitable for transmission across a network ((marshallingmarshalling) – dispatching them - and ) – dispatching them - and disassembling the results on arrivaldisassembling the results on arrival
Combining the RPC modules with client and Combining the RPC modules with client and server programs in conventional languagesserver programs in conventional languages
Transmitting request messages and reply Transmitting request messages and reply messages using a message passing protocolmessages using a message passing protocol
40
RPC Client/ServerRPC Client/Server
Server binding Server binding Locating and setting up communication between the Locating and setting up communication between the
server and the client – server and client are on server and the client – server and client are on different hosts, therefore this needs to be done.different hosts, therefore this needs to be done.
Interface definition language (IDL)Interface definition language (IDL) Used to define an interface, that the server Used to define an interface, that the server
implements and a client calls. IDL helps overcome implements and a client calls. IDL helps overcome the differences between platforms (hardware and the differences between platforms (hardware and software)software)
Marshalling Marshalling Packaging the client arguments into one or more Packaging the client arguments into one or more
network messages for proper communication network messages for proper communication
41
Example: Writing a client and a server (1)Example: Writing a client and a server (1)
/* interface.x *//* Example Interface Definition */struct square_in { long arg;};
struct square_out { long result;};
program SQUARE_PROG { version SQUARE_VERS { square_out SQUAREPROC( square_in ) = 1; /* Procedure number = 1 */ } = 1; /* Version number = 1 */} = 0x12300000; /* program number */
Source: R. Stevens, Unix Network Programming (IPC) Vol 2, 1998
42
Example: Writing a client and a server (2)Example: Writing a client and a server (2)
interface.x
rpcgen
interface.h
Client Main interface_clnt.c(client stub)
interface_xdr.c interface_svc.c(Server stub)
Server.c
Runtime lib
Client Server
Source: R. Stevens, Unix Network Programming (IPC) Vol 2, 1998
43
Example: Writing a client and a server (3)Example: Writing a client and a server (3)
/* Server */square_out * squareproc_1_svc( square_in *inp,
struct svc_req *req ){ static square_out outp; outp.result = inp->arg * inp->arg; return (&outp);}
/* Client */
CLIENT *cl;square_in inp;square_out *outp;
/* Client creation */cl = clnt_create( argv[1], SQUARE_PROG, SQUARE_VERS, "tcp" ); inp.arg = 100L; outp = (square_out *)squareproc_1( &inp, cl ); printf( "Result: %ld\n", outp->result );
Source: R. Stevens, Unix Network Programming (IPC) Vol 2, 1998
44
RPC BindingRPC Binding
Server bindingServer binding Locating and setting up communication between the Locating and setting up communication between the
server and the clientserver and the client portmapportmap or RPCbind or RPCbind
A local directory serviceA local directory service Server program registers with Server program registers with portmapportmap with with program program
numbernumber and and versionversion.. clnt_createclnt_create contacts the contacts the portmapportmap with with program numberprogram number, ,
version infoversion info and and protocol typeprotocol type (tcp/udp) to get port (tcp/udp) to get port number (or end point), the server’s port value.number (or end point), the server’s port value.
45
VariantsVariants
Sun RPC or Open Network Computing (ONC) RPCSun RPC or Open Network Computing (ONC) RPC Originally built over the Sockets API with support Originally built over the Sockets API with support
for TCP and UDPfor TCP and UDP Commonly used in Sun’s network file system (NFS)Commonly used in Sun’s network file system (NFS)
Open software foundation’s Distributed Open software foundation’s Distributed Computing Environment (DCE) RPCComputing Environment (DCE) RPC More generic specification for the RPC. More generic specification for the RPC. Object based implementation derived from DCE Object based implementation derived from DCE
RPC RPC Example of Distributed Object systems: Example of Distributed Object systems:
CORBA, DCOM, RMI,.NET CORBA, DCOM, RMI,.NET
46
Why Use Remote Method Invocation (RMI)Why Use Remote Method Invocation (RMI)Java ONLYJava ONLY
Sockets and RPC can be used to build distributed Sockets and RPC can be used to build distributed applications, however they are not object-oriented applications, however they are not object-oriented and hence more work is required to build object-and hence more work is required to build object-oriented distributed applicationsoriented distributed applications Socket is considered low level, RPC offers higher level of Socket is considered low level, RPC offers higher level of
communication, and RMI offers object-oriented communication, and RMI offers object-oriented communicationcommunication
RMI can be thought of as an extension of RPC to RMI can be thought of as an extension of RPC to provide a better means for building distributed provide a better means for building distributed applicationsapplications RPC supports traditional procedural programming style RPC supports traditional procedural programming style
(parameters to RPC are ordinary data structures - not (parameters to RPC are ordinary data structures - not objects) objects)
RMI supports object-oriented programming style RMI supports object-oriented programming style (parameters to RMI are objects)(parameters to RMI are objects)
47
Remote Method Invocation (RMI)Remote Method Invocation (RMI)Java ONLYJava ONLY
ClientClientClientClient ServerServerServerServer
StubStubStubStub Skeleton (opt)Skeleton (opt)Skeleton (opt)Skeleton (opt)
Remote ReferenceRemote ReferenceRemote ReferenceRemote Reference Server Remote ReferenceServer Remote ReferenceServer Remote ReferenceServer Remote Reference
Transport Layer (RMIregistry aids this)Transport Layer (RMIregistry aids this)Transport Layer (RMIregistry aids this)Transport Layer (RMIregistry aids this)
48
Distributed Programming with CORBADistributed Programming with CORBA
Developers use CORBA (Common Object Request Broker Developers use CORBA (Common Object Request Broker Architecture) to build distributed applications.Architecture) to build distributed applications. It is distributed client-server computing facility. It is distributed client-server computing facility. It uses message-passing systems and most commonly It uses message-passing systems and most commonly
found in UNIX-based environments. found in UNIX-based environments. The idea behind CORBA is a software intermediary (Object The idea behind CORBA is a software intermediary (Object
Broker) that handles and disperses access requests on data Broker) that handles and disperses access requests on data sets.sets.
CORBA uses IDL in a similar way as RPC.CORBA uses IDL in a similar way as RPC. Distributed Programming with CORBA is Object-Oriented and Distributed Programming with CORBA is Object-Oriented and
simpler than RPC.simpler than RPC.
49
CORBACORBA
OMG IDL is a purely declarative language OMG IDL is a purely declarative language designed for specifying programming-designed for specifying programming-language-independent operational language-independent operational interfaces for distributed applications. OMG interfaces for distributed applications. OMG specifies a specifies a mapping mapping from IDL to several from IDL to several different programming languages, including different programming languages, including C, C++, Smalltalk, COBOL, Ada, and Java. C, C++, Smalltalk, COBOL, Ada, and Java. When mapped, each statement in OMG IDL When mapped, each statement in OMG IDL is translated to a corresponding statement is translated to a corresponding statement in the programming language of choice. in the programming language of choice.
50
CORBA programming with JavaCORBA programming with Java
Borrowed from Marc Conrad
51
CORBA based applications and securityCORBA based applications and security
The The Object Request Broker (ORB) Object Request Broker (ORB) is itself an is itself an object which provides the services for object which provides the services for accessing remote objects and transmitting accessing remote objects and transmitting data.data.
The implementation of the ORB depends on The implementation of the ORB depends on the specific vendor. The CORBA standard the specific vendor. The CORBA standard only defines the interface. This makes it only defines the interface. This makes it very difficult for secure software engineers very difficult for secure software engineers to design, implement, and test distributed to design, implement, and test distributed applications.applications.
52
Remarks on networked and distributed Remarks on networked and distributed programmingprogramming
Socket programming is more suitable for building low level Socket programming is more suitable for building low level networked applicationsnetworked applications
RPC is a better means for building distributed applications. RPC is a better means for building distributed applications. However it is not object-oriented However it is not object-oriented
RMI (Java only) supports object-oriented programming but RMI (Java only) supports object-oriented programming but it is more language-specific and hence other technologies it is more language-specific and hence other technologies such as CORBA should be used for software construction such as CORBA should be used for software construction from different programming languages.from different programming languages.
Sockets and RPC are basically based on message passing. Sockets and RPC are basically based on message passing. However, software developers should master sockets and However, software developers should master sockets and RPC to be able to fully utilise the power of network RPC to be able to fully utilise the power of network programming.programming.
Programmers can build concurrent programs in networked Programmers can build concurrent programs in networked and distributed environments with Sockets and RPC to and distributed environments with Sockets and RPC to achieve better performance and flexibility.achieve better performance and flexibility.
53
Remarks on networked and distributed Remarks on networked and distributed programming securityprogramming security
Socket programming is more difficult but when you have Socket programming is more difficult but when you have mastered it, it is a better choice for secure software mastered it, it is a better choice for secure software development.development.