The Linda shared space model and its derivatives provide great flexibility for building parallel and distributed applications composed if independent processes.  However, the shared space model does not provide protection against untrustworthy processes.  Linda processes communicate by reading and writing messages in a globally visible data space, so a malicious process can launch any number of security attacks.  This paper presents the design of a new coordination model which extends Linda with fine grained access control.  The semantics of the model which is presented in the context of a process calculus.  A prototype of our model, called SecOS, has been implemented in JAVA.

Executing computatutations in a single instance of safe language virtual machine can improve performance and overall platform scalability.  It also poses various challenges.  One of them is providing a fast inter-application communication mechanism.  In addition for being efficient, such a mechanism should not violate any functional and non-functional properties of its environment, and should also support enforcement of application-specific security policies.  This paper explores the design and implementation of a communication substrate for applications executing within a single Java virtual machine modified to enable safe and interference-free execution of isolated computations.  Designing an efficient extension that des not break isolation properties and at the same time pragmatically offers an intuitive API has proven non-trivial.  This paper demonstrates a set of techniques that lead to at least an eight-fold performance improvement over the in-process inter-application communication using standard mechanisms offered by the Java platform.

Object-oriented languages provide little support for encapsulating objects.  Reference semantics allows objects to escape their defining scope.  The pervasive aliasing that ensues remains a major source of software defects.  This paper introduces Kacheck/J a tool for inferring object encapsulation properties in large Java programs.  Our goal is to develop practical tools to assist software engineers, thus we focus on simple and scalable techniques.  Kacheck/J is able to infer confinement for Java classes.  A class and its subclasses are confined if all of their instances are encapsulated in their defining package.  This simple property can be used to identify accidental leaks of sensitive objects.  The analysis is scalable and efficient; Kacheck/J is able to infer confinement on a corpus of 46,000 classes (115 MB) in 6 minutes.

Most modern computers depend on some form of virtual memory, using either a paged, segmented, or hybrid (paged-segmenteed) memory organization and management scheme.  One aspect of most of these schemes that has a dramatic effect on system performance is the algoirthm used in demand paging to select pages for removal.  Many near-optimal replacement schemes have been found, but their complexity and various practical considerations tend to limit the effectiveness of the algorithms implemented in real systems. This thesis examines some strategies for page replacement and their rationales.  A mathematical argument is given to modify the current version of “The Principle of Optimality” governing page replacement and implementations derived from that principle.  A scheduling consideration is developed as an extension to the concept of demand paging. The extensions discussed have been incorporated into working systems.  These implementations are discussed, and results from various forms of load testing are examined and interpreted.  Conclusions are made as to the applicability of this type of algoirthm to other systems, and as to extensions that might yet be made.

In recent years there has been considerable interest in developing distributed computing systems.  Distribution of computing resources suggests many possible benefits including greater felxibility, enhanced computing power through greater parallelism, and increased reliability. In practice, achieving any any of these benefits has been difficult, since a distributed system also presents potential problems in naming, synchronization, and the effective use of resources.  Consistency problems arise when dealing with operations and data structures that may span machine and device boundaries; that is, should a communications or machine failure occur at an inopportune time, the data may be left in an unknown, incorrect, or inaccessible condition.  This type of problem is certainly undesireable in user programs, but special problems arise when operating system data structures become inconsistent.  Due to the large number of components involved in a distributed system, these problems are more likely to occur and more damaging in their effects. Since 1982, the Clouds project has been researching an approach to the construction of a distributed computing environment intended to address these concerns.  The Clouds operating system is intended to reliably support effective use of distributed resources.  Some of that design is derived from the action/object model of computation developed in Jim Allchin’s dissertation.[Allc83]  That work suggested an architecture for a distributed, reliable computing system built from abstract data objects and atomic transactions.  The architecture, properly implemented, can be used to address many of the problems presented by distributed systems.  However, Allchin’s work does not address the structure or implementation of the kernel and operating system services necessary for a functional distributed system. This dissertation explores the requirements for services and structures needed to support a distributed computing environment as suggested by Allchin’s work.  It contains the design of a distributed operating system kernel which meets these requirements and which could flexibly support various implementations of the Clouds reliable system as well as other forms of object-oriented distributed systems.  This dissertation also descibes a prototype implementation, which was done to help refine and validate the design and provide a testbed for further research.