A Self-healing Component Sandbox for Untrustworthy Third Party Code Execution

  • Kiev Gama
  • Didier Donsez
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 6092)


This paper presents an architecture and implementation of a self-healing sandbox for the execution of third party code dynamically loaded which may potentially put in risk application stability. By executing code in a fault contained sandbox, no faults are propagated to the trusted part of the application. The sandbox is monitored by a control loop that is able to predict and avoid known types of faults. If the sandbox crashes or hangs, it can be automatically recovered to normal activity without needing to stop the main application. A comparison between an implementation of the sandbox in a domain-based isolation and operating-system based isolation analyses performance overhead, memory footprint and sandbox reboot time in both approaches. The implementation has been tested in a simulation of an RFID and sensor-based application.


Fault containment sandboxing components services autonomic 


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Szyperski, C., Gruntz, D., Murer, S.: Component Software: Beyond Object-Oriented Programming, 2nd edn. Addison-Wesley, Reading (2002)Google Scholar
  2. 2.
    Avizienis, A., Laprie, J.C., Randell, B., Landwehr, C.: Basic Concepts and Taxonomy of Dependable and Secure Computing. IEEE Trans. Dependable Secur. Comput. 1(1), 11–33 (2004)CrossRefGoogle Scholar
  3. 3.
    Fox, A., Patterson, D.: Guest Editors’ Introduction: Approaches to Recovery-Oriented Computing. IEEE Internet Computing 9(2), 14–16 (2005)CrossRefGoogle Scholar
  4. 4.
    Gray, J.: Why do computers stop and what can be done about it? In: Symposium on Reliability in Distributed Software and Database Systems, pp. 3–12 (1986)Google Scholar
  5. 5.
    Plasil, F., Balek, D., Janecek, R.: SOFA/DCUP: architecture for component trading and dynamic updating. In: 4th Intl. Conf. on Configurable Distributed Systems, pp. 43–51 (1998)Google Scholar
  6. 6.
    OSGi Alliance,
  7. 7.
    OSGi Alliance. About the OSGi Service Platform, Technical Whitepaper Revision 4.1, (June 7, 2007),
  8. 8.
    Gama, K., Donsez, D.: A Practical Approach for Finding Stale References in a Dynamic Service Platform. In: Chaudron, M.R.V., Szyperski, C., Reussner, R. (eds.) CBSE 2008. LNCS, vol. 5282, pp. 246–261. Springer, Heidelberg (2008)CrossRefGoogle Scholar
  9. 9.
    Tian, J.: Software Quality Engineering: Testing, Quality Assurance, and Quantifiable Improvement. Wiley-IEEE Computer Society Press (2005)Google Scholar
  10. 10.
    Candea, G., Kawamoto, S., Fujiki, Y., Friedman, G., Fox, A.: Microreboot — A technique for cheap recovery. In: 6th Conference on Symposium on Operating Systems Design & Implementation (2004)Google Scholar
  11. 11.
    Gama, K., Donsez, D.: Towards Dynamic Component Isolation in a Service Oriented Platform. In: Lewis, G.A., Poernomo, I., Hofmeister, C. (eds.) CBSE 2009. LNCS, vol. 5582, pp. 104–120. Springer, Heidelberg (2009)CrossRefGoogle Scholar
  12. 12.
    Kon, F., Campbell, R.H.: Dependence Management in Component-Based Distributed Systems. IEEE Concurrency 8(1), 26–36 (2000)CrossRefGoogle Scholar
  13. 13.
    Kephart, J., Chess, D.: The Vision of Autonomic Computing. Computer 36, 41–50 (2003)CrossRefGoogle Scholar
  14. 14.
    Ganek, A.G., Korbi, T.A.: The Dawning of the Autonomic Computing Era. IBM Systems Journal 42(1), 5–18 (2003)CrossRefGoogle Scholar
  15. 15.
    IBM. An architectural blueprint for autonomic computing. Autonomic computing whitepaper, 4th edn. (2006)Google Scholar
  16. 16.
    Huebscher, M., McCann, J.: A survey of autonomic computing—degrees, models, and applications. ACM Computing Survey 40(3), 1–28 (2008)CrossRefGoogle Scholar
  17. 17.
    Candea, G., Kiciman, E., Kawamoto, S., Fox, A.: Autonomous recovery in componentized Internet applications. Cluster Computing 9(2), 175–190 (2006)CrossRefGoogle Scholar
  18. 18.
    Huang, Y., Kintala, C.: Software Fault Tolerance in the Application Layer. Software Fault Tolerance. John Wiley, Chichester (1995)Google Scholar
  19. 19.
    Gama, K., Rudametkin, W., Donsez, D.: Using Fail-stop Proxies for Enhancing Services Isolation in the OSGi Service Platform. In: MW4SOC 2008, pp. 7–12. ACM, New York (2008)CrossRefGoogle Scholar
  20. 20.
    Czajkowski, G., Daynès, L.: Multitasking without Compromise: a Virtual Machine Evolution. In: 16th conference on Object-Oriented Programming, Systems, Languages, and Applications (OOPSLA), New York, USA, pp. 125–138 (2001)Google Scholar
  21. 21.
    Seinturier, L., Pessemier, N., Escoffier, C., Donsez, D.: Towards a Reference Model for Implementing the Fractal Specifications for Java and the .NET Platform. In: 5th Fractal Workshop at ECOOP 2006 (2006)Google Scholar
  22. 22.
    Moraes, R., Barbosa, R., Duraes, J., Mendes, N., Martins, E., Madeira, H.: Injection of faults at component interfaces and inside the component code: are they equivalent? In: European Dependable Computing Conference, EDCC 2006, pp. 53–64 (2006)Google Scholar
  23. 23.
    Huang, Y., Kintala, C.M.R., Kolettis, N., Fulton, N.D.: Software Rejuvenation: Analysis, Module and Applications. In: 25th International Symposium on Fault Tolerant Computing (1995)Google Scholar
  24. 24.
    Ghosh, D., Sharman, R., Rao, H.R., Upadhyaya, S.: Self-healing systems survey and synthesis. Decision Support Systems 42(4), 2164–2185 (2007)CrossRefGoogle Scholar
  25. 25.
    Li, J., Chen, X., Huang, G., Mei, H., Chauvel, F.: Selecting Fault Tolerant Styles for Third-Party Components with Model Checking Support. In: Lewis, G.A., Poernomo, I., Hofmeister, C. (eds.) CBSE 2009. LNCS, vol. 5582, pp. 69–86. Springer, Heidelberg (2009)CrossRefGoogle Scholar
  26. 26.
    Bouchenak, S., Boyer, F., Krakowiak, S., Hagimont, D., Mos, A., Jean-Bernard, S., Palma, N.d., Quema, V.: Architecture-Based Autonomous Repair Management: An Application to J2EE Clusters. In: 24th IEEE Symposium on Reliable Distributed Systems, IEEE Computer Society, Washington (2005)Google Scholar
  27. 27.
    Garlan, D., Cheng, S., Huang, A., Schmerl, B., Steenkiste, P.: Rainbow: Architecture Based Self-Adaptation with Reusable Infrastructure. Computer 37(10), 46–54 (1995)CrossRefGoogle Scholar
  28. 28.
    Bottaro, A., Bourcier, J., Escoffier, C., Lalanda, P.: Autonomic Context Aware Service Composition. In: IEEE International Conference on Pervasive Services, pp. 223–231 (2007)Google Scholar
  29. 29.
    Diaconescu, A., Maurel, Y., Lalanda, P.: Autonomic Management via Dynamic Combinations of Reusable Strategies. In: 2nd International Conference on Autonomic Computing and Communication Systems (2008)Google Scholar
  30. 30.
    Ferreira, J., Leitao, J., Rodrigues, L.: A-OSGi: A framework to support the construction of autonomic OSGi-based applications. In: Autonomics 2009, Cyprus (2009)Google Scholar
  31. 31.
    Su, R., Chaudron, M.R.V., Lukkien, J.J.: Runtime failure detection and adaptive repair for fault-tolerant component-based applications. In: Software Engineering of Fault Tolerant Software Systems, pp. 230–255. World Scientific Publishing, Singapore (2007)CrossRefGoogle Scholar
  32. 32.
    Su, R., Chaudron, M.R.V.: Self-adjusting Component-Based Fault Management. In: 32nd EUROMICRO Conference on Software Engineering and Advanced Applications, pp. 118–125. IEEE Computer Society, Washington (2006)Google Scholar
  33. 33.
    Lowy, J.: COM and.NET Component Services, 1st edn. O’Reilly & Associates, Inc, Sebastopol (2001)Google Scholar
  34. 34.
    Escoffier, C., Donsez, D., Hall, R.S.: Developing an OSGi-like service platform for .NET. In: Consumer Comm. and Networking Conf., USA, pp. 213–217 (2006)Google Scholar
  35. 35.
    Nagel, C., Evjen, B., Glynn, J., Watson, K., Skinner, M.: Professional C# 4 and .NET 4. Wiley Publishing, Chichester (2010)Google Scholar
  36. 36.
    Rellermeyer, J.S., Alonso, G., Roscoe, T.: R-OSGi: Distributed Applications through Software Modularization. In: 8th Intl. ACM/IFIP/USENIX Middleware Conference (2007)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2010

Authors and Affiliations

  • Kiev Gama
    • 1
  • Didier Donsez
    • 1
  1. 1.University of Grenoble, LIG, ADELE Team 

Personalised recommendations