•          A Microkernel Virtual Machine: Building Security with Clear Interfaces. Xiaoqi Lu, Scott Smith, PLAS 2006, 6, Ottawa, Ontario, Canada.  PDF Slides

    Abstract: In this paper we propose a novel microkernel-based virtual machine (µKVM), a new code-based security framework with a simple and declarative security architecture. The main design goals of the µKVM are to put a clear, inviolable programming interface between different codebases or security components, and to limit the size of the trusted codebase in the spirit of a microkernel. Security policies are enforced solely on the interface because all data must explicitly pass through the inviolable interface. The architecture of the µKVM effectively removes the need for expensive runtime stack inspection, and applies the principle of least privilege to both library and application code elegantly and efficiently. We have implemented a prototype of the proposed µKVM. A series of benchmarks show that the prototype preserves the original functionality of Java and compares favorably with the J2SDK performance-wise.

  •       Consistent Distributed Commit: A Constant Overhead Solution. Baruch Awerbuch, Xiaoqi Lu, Ciprian Tutu, CNDS technical report 2002, 12. PDF

    Abstract: We present an algorithm for persistent consistent distributed commit (distributed database commit) in a dynamic, asynchronous, peer to peer network. The algorithm has constant overhead in time and space and almost constant communication complexity, allowing it to scale to very large size networks.

    We introduce a modular solution based on several well defined blocks with clear formal specifications. These blocks were extensively studied in the literature but their combined potential was never exploited in order to provide database commit. The blocks can be implemented in a variety of ways and we give simple examples of possible implementations. The algorithm gains its efficiency by aggregating the acknowledgements required for each transaction. Also, in contrast with existing solution, our algorithm does not require any membership knowledge. Components are detected based on local information and the data is disseminated over an overlay spanning tree.

    We provide an analytical evaluation and algorithm performance as well as experimental results.

  •          A Runtime Architecture for a New Component Programming Language. Xiaoqi Lu, Programming Language Lab technical report 2003.

    Abstract: As the networked computation becomes prevalent, software development becomes more complex. The demands for component composition, reliable networking, and security become essential. Unlike common implementation techniques, we propose to address these issues using a programming language-based approach, specifically by designing a language with built-in common network abstractions and security mechanisms. This proposal focuses on the runtime architecture design of our proposed language, in which the basic building block is called cell. We first discuss our research motivations, the basic design of cells, and the corresponding prototype implementation we have completed. Then, we present our proposed research for completing the full picture of the cell runtime architecture: the system service model that encapsulates the local system resource management via cell connectors (typed interfaces of cells), and the strong service persistence model in which the connections between cells can have strong persistence with build-in failure detection and recovery mechanisms.

  •           Chapter 7.1: Citation Index. Xiaoqi Lu and Yongwen Huang,  In Information Processing edited by Xiaojian Ni, Beijing National Library Press, 1999.  

HOME