The Linda shared space model and its derivatives provide great flexibility for building parallel and distributed applications composed if independent processes.  However, the shared space model does not provide protection against untrustworthy processes.  Linda processes communicate by reading and writing messages in a globally visible data space, so a malicious process can launch any number of security attacks.  This paper presents the design of a new coordination model which extends Linda with fine grained access control.  The semantics of the model which is presented in the context of a process calculus.  A prototype of our model, called SecOS, has been implemented in JAVA.

Executing computatutations in a single instance of safe language virtual machine can improve performance and overall platform scalability.  It also poses various challenges.  One of them is providing a fast inter-application communication mechanism.  In addition for being efficient, such a mechanism should not violate any functional and non-functional properties of its environment, and should also support enforcement of application-specific security policies.  This paper explores the design and implementation of a communication substrate for applications executing within a single Java virtual machine modified to enable safe and interference-free execution of isolated computations.  Designing an efficient extension that des not break isolation properties and at the same time pragmatically offers an intuitive API has proven non-trivial.  This paper demonstrates a set of techniques that lead to at least an eight-fold performance improvement over the in-process inter-application communication using standard mechanisms offered by the Java platform.

Object-oriented languages provide little support for encapsulating objects.  Reference semantics allows objects to escape their defining scope.  The pervasive aliasing that ensues remains a major source of software defects.  This paper introduces Kacheck/J a tool for inferring object encapsulation properties in large Java programs.  Our goal is to develop practical tools to assist software engineers, thus we focus on simple and scalable techniques.  Kacheck/J is able to infer confinement for Java classes.  A class and its subclasses are confined if all of their instances are encapsulated in their defining package.  This simple property can be used to identify accidental leaks of sensitive objects.  The analysis is scalable and efficient; Kacheck/J is able to infer confinement on a corpus of 46,000 classes (115 MB) in 6 minutes.

Most modern computers depend on some form of virtual memory, using either a paged, segmented, or hybrid (paged-segmenteed) memory organization and management scheme.  One aspect of most of these schemes that has a dramatic effect on system performance is the algoirthm used in demand paging to select pages for removal.  Many near-optimal replacement schemes have been found, but their complexity and various practical considerations tend to limit the effectiveness of the algorithms implemented in real systems. This thesis examines some strategies for page replacement and their rationales.  A mathematical argument is given to modify the current version of “The Principle of Optimality” governing page replacement and implementations derived from that principle.  A scheduling consideration is developed as an extension to the concept of demand paging. The extensions discussed have been incorporated into working systems.  These implementations are discussed, and results from various forms of load testing are examined and interpreted.  Conclusions are made as to the applicability of this type of algoirthm to other systems, and as to extensions that might yet be made.