Modern day enterprises exhibit a growing trend toward adoption of enterprise computing services for efficient resource utilization, scalability and flexibility. These environments are characterized by heterogeneous, distributed computing systems exchanging enormous volumes of time-critical data with varying levels of access control in a dynamic business environment. The enterprises are thus faced with significant challenges as they endeavor to achieve their primary goals, and simultaneously ensure enterprise-wide secure interoperation among the various collaborating entities. Key among these challenges are providing effective mechanism for enforcement of enterprise policy across distributed domains, ensuring secure content-based access to enterprise resources at all user levels, and allowing the specification of temporal and non-temporal context conditions to support fine-grained dynamic access control. This thesis investigates these challenges, and presents X-GTRBAC, an XML-based GTRBAC policy specification language and its implementation for enforcing enterprise-wide access control. Our specification language is based on the GTRBAC model that incorporates the content- and context-aware dynamic access control requirements of an enterprise. An X-GTRBAC system has been implemented as a Java application. We discuss the salient features of the specification language, and present the software architecture of our system. A comprehensive example is included to discuss and motivate the applicability of the X-GTRBAC framework to a generic enterprise environment. An application level interface for implementing the policy in the X-GTRBAC system is also provided to consolidate the ideas presented in the thesis.

Self is an object-oriented language for exploatory programming based on a small number of simple and concrete ideas: prototypes, slots, and behaviors.  Prototypes combine inheritance and instantiation to provide a framework that is simpler and more flexible than most object-oriented languages.  Slots unite variables and procudures into a single construct.  This permits the inheritance hierarchy to take over the function of lexical scoping in conventional languages.  Finally, because Self does not distinguish state from behavior, it narrows the gaps between ordinary objects, prodecures, and closures.  Self’s simplicity and expressiveness offer insight into object-oriented computation.`

The counterflow pipeline processor architecture (CFPP) is a proposal for a family of microarchitectures for RISC processors.  The architecture derives from its fundamental features, namely that is=nstructions and results flow in opposite directions within a pipeline and interact as they pass.  The architecture seeks geometric regularity in processor chip layout, purely local control to avoid performance limitations of complex global pipeline stall signal, and simplicity that might lead to provably correct processor designs.  Moreover, CFPP designs allow asynchronous implementations, in conventional pipeline designs where the synchronization required for operand forwarding makes asynchronouw designs unattractive.  This paper presents the CFPP architecture and a proposal for an asynchronous implementation.  Details performance simulations of a complete processor design are not yet available.

Much design effort toward a Sproull Counterflow Pipeline Processor has been focused on management of movements of Instructions and Results in the pipelines so that every Instrucion and Result that pass one another meet and interact in exacly one stage of the pipeline.  The full SCPP design problem poses other requirements as well, such as creation and deletion of items flowing in the pipelines, scheduling of execution of instructions only in stages with the required hardware, and high speed. Nevertheless, even a simplified version of the design problem that ignores the latter requirements has resisted synthesis using existing formal methods.  At a workshop on Asynchronous VLSI Design held in ISrael on March 20-22, 1995, Alain Martin of Caltech discussed his synthesis methodology and tools, which he claimed can translate almost any Communicating Sequential Process (CSP) program to a circuit by systematic procedure.  Since our essential requirements for movement of Instructions and Results had been expressed by us as a 5-state FSM graph that is easily interpreted as a CSP program, we asked Martin to demonstrate how his method would be applied to this problem. At the suggestion of the workshop organizer, Dr. Ran Ginosar if the Technion, Dr. Huub Schols presented the challenge to all workshop attendees, and produced the careful documentation cantained here.  Several thoughtful responces to our challenges are cited in the list of references.  They lead us to conclude that the problem that we have posed is indeed difficult and worthy of further study and analysis. Martin has declined to provide us with any information about a solution that he claimed to have found after the workshop.

Past scaling of VLSI circuits has resulted in wire delays that scale as the square factor.  This has occurred because wires have been much wider than they are thick: their aspect ratio has been (much) greater than one.  For today’s and future VLSI processes, the aspect ratio of wires will be very near to one, and scaling will no longer produce dramatic decreases i wire delays.  Long wires will gain the least from future scaling suggesting that, more than ever, high-speed system designs will have to avoid long-distance communiation.

Some properties of the Sproull counterflow pipeline architecture are formally verified using automata theory and higher order logic in the HOL theorem prover.  The proof steps are presented.  Despite the pipeline being a non-deterministic asynchronous system, the verification proceeded with minimal time and effort. Because this work is directly associated with the asynchronous processor design technology currently being invesigated in the Labs, this report was printed as a courtesy by Sun Microsystems Laboratories.

In order to support long-lived distributed objects, object activation is required.  Activation allows an object to alternate between periods of activity, where the object implementation executes in a process; and periods of dormancy, where the object is on disk and utilizes no system resources. We describe an activation protocol for distributed object systems.  The protocol features overall simplicity as well as applicability to several different activation models.  We use the Modula-3 network object system as a base for our implementation; while we maike no changes to the marshalling of network object subsystem, we suggest a minor modifacation that could be made to the marshalling of network objects to assist in lazy activation, our preferred activation model.

In this report, we show how to build a distributed system allowing objects to register interest in and receive notification of events in other objects.  The system is built on top of a pair of interfaces that are interesting only in their extreme simplicity.  We then present a simple and efficient implementation of these interfaces. Next, we show how more complex functionality can be introduced to the system by adding third-party services.  These services can be added without changing the simple interfaces, and without changing the objects in the system that do not need the functioality of those services. Finally, we note a number of open issues that remain, and attempt to draw some conclusions based on the work.

Safe-Tcl is a mechanism for controlling the execution of programs written in the Tcl scripting language.  It allows untrusted scripts (applets) to be executed while preventeing damage to the environment or leakage of private information.  Safe-Tcl uses a padded cell approach: each applet is isolated in a safe interpreter where it cannot interact directly with the rest of the application.  The execution environment of the safe interpreter is controlled by trusted scipts running in a master interpreter.  Safe-Tcl provides an alias mechanism that allows applets to request services from the master interpreter in a controlled fashion.  Safe-Tcl allows a variety of security policies to be implemented even within a single application, and it supports both policies that authenticate incoming scrips and those that do not.

The aim of this dissertation is to create a theory to model the factors, prominently, but not exclusively the phonological similarity, important in imperfect punning and to outline the implementation of this measure for the evaluation of possible imperfect puns given an input word and a set of possible target words. Imperfect, heterophonic, or paronomasic, puns differ from perfect, homophonic puns in that the target is different in sound from the pun. While homophonic puns are interesting for the linguist primarily with respect to their semantics, heterophonic puns present a research issue also to the phonologist, because they use one of two similar sound sequences to stand for both meanings associated with them, for example, bang to denote a noise as well as a financial institution. The specific question here is, how much contrast is possible between the pun and its target to make the latter recoverable, in terms of the semantics, phonology, and syntax of the pun-target pair and its context. The theoretical framework for the phonological part of this project is inspired by a recent version of Optimality Theory (OT), adopted in phonology, because it is able to describe the occurrence of related forms through a selection process from among possible candidate forms more appropriately than derivational approaches can by way of rules operating on one input form and yielding one output form. Taking more parameters

Multi-domain application environments where distributed multiple organizations interoperate with each other are becoming a reality as can be seen in most Internet-based enterprise applications. Composition of a global security policy that governs information and resource accesses in such environments is a challenging problem. In this paper, we propose a policy integration mechanism that merges security policies of multiple collaborating domains into one unified global access control policy. This global policy ensures that security and autonomy of constituent domains are not compromised due to inter-domain information and resource sharing.